hxxp://viewyentreat[.]guru

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2023, 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://viewyentreat.guru

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133448691429091572"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2004	chrome.exe
2004	chrome.exe
808	chrome.exe
808	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2348	2004	chrome.exe	50
PID 2004 wrote to memory of 2348	2004	chrome.exe	50
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 3652	2004	chrome.exe	89
PID 2004 wrote to memory of 2104	2004	chrome.exe	91
PID 2004 wrote to memory of 2104	2004	chrome.exe	91
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90
PID 2004 wrote to memory of 4732	2004	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://viewyentreat.guru
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9a209758,0x7ffa9a209768,0x7ffa9a209778
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1720,i,17439517257164282582,13315723947857669498,131072 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1720,i,17439517257164282582,13315723947857669498,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1720,i,17439517257164282582,13315723947857669498,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2792 --field-trial-handle=1720,i,17439517257164282582,13315723947857669498,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2784 --field-trial-handle=1720,i,17439517257164282582,13315723947857669498,131072 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1720,i,17439517257164282582,13315723947857669498,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1720,i,17439517257164282582,13315723947857669498,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1720,i,17439517257164282582,13315723947857669498,131072 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=980 --field-trial-handle=1720,i,17439517257164282582,13315723947857669498,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:808

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3dcd433d752fcaf79d90f3c0d98862e4

SHA1
93245e7df74f1fd2b6cf19e3627a1a30479a1161

SHA256
9ca9b9f8649becaf43cbbbbe9ed3c0a0b177641dd2ed7155f6c0be53297d9344

SHA512
f6c44713bf0e6c889a3372d2982c3e09322119182df8f1dfd4c6165236fccc35ed55692e7ba5d6a185dc024b19ab396b6afcfef1c34fbfee0820aa6279ecc8e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c1678e4b18db2cac7868669cff8812a4

SHA1
a42313d8b28ddb63d38526cf022dd8e823002f85

SHA256
56455ddeb69282780734e5cafa54c7938350d44068dc0d3d2f5f3081b154d2d6

SHA512
419d8f8e84c3922c77deec31dce3918e026c8cfc449f250b9adeb17619e19fb59d6c8291772f904e8a900177fc53b0f341fdfb17abed9e37ef2d1184ac671e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
620244f47707cd820e2bdf3426682694

SHA1
33d986567002744ebed5b4000f5524b89bcff7a1

SHA256
4a35aac824b699d4f2b6f5d766fabf1f8bc49f206dfd0a61f36fbe4a4e129266

SHA512
ca90f963f8bf61a4ee2adc40541c3e7209297a91b774e54a14b5de0691e0cf67f70a9b009bd48338daaf35e6b9f74c00b7544d26d18cc0185dceacb5ab4a28b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
78df68245fcb5c494297dcd21d0fa375

SHA1
d549d7d7b0b1e1b6a748125af90a57173f30e3bc

SHA256
fd226b70d31114acc736b48689852c5052a8329da5f10c30aa3c579b273fb080

SHA512
40afa634fadbc5ce76e7a90b5a97d5e163a0961c665d269cd0f2b21dc96df149e1090c9a06cec040e4f727f4d2ad6862c8580d6a05643bbe1e6c9196d904fc1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit