hxxps://www[.]cparityevent[.]com/

Analysis

max time kernel
119s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2023, 15:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.cparityevent.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133451400479093722"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 4488	1520	chrome.exe	83
PID 1520 wrote to memory of 4488	1520	chrome.exe	83
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 1784	1520	chrome.exe	87
PID 1520 wrote to memory of 2144	1520	chrome.exe	89
PID 1520 wrote to memory of 2144	1520	chrome.exe	89
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88
PID 1520 wrote to memory of 2664	1520	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.cparityevent.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c5989758,0x7ff8c5989768,0x7ff8c5989778
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1880,i,7280196125651906557,5325107379926556663,131072 /prefetch:2
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1880,i,7280196125651906557,5325107379926556663,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1880,i,7280196125651906557,5325107379926556663,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1880,i,7280196125651906557,5325107379926556663,131072 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1880,i,7280196125651906557,5325107379926556663,131072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1880,i,7280196125651906557,5325107379926556663,131072 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1880,i,7280196125651906557,5325107379926556663,131072 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3936 --field-trial-handle=1880,i,7280196125651906557,5325107379926556663,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3744 --field-trial-handle=1880,i,7280196125651906557,5325107379926556663,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3776 --field-trial-handle=1880,i,7280196125651906557,5325107379926556663,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4664 --field-trial-handle=1880,i,7280196125651906557,5325107379926556663,131072 /prefetch:1
  2⤵
  PID:3640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
824B

MD5
ded5f2f4687a3c3d003301cd74dd4ad6

SHA1
79e1a0c1aa3df6c584a27052d5d8b8a4237b096f

SHA256
0bba6a32d9f79fa619a4dec787613c67c5fbf12f3da3cbcb2cce8b84d309b8cf

SHA512
d7f7753c88f03b64556e961948e3ea6923cf79e7272ad64562d98faee19556a48506c418aa5c9f63d7f0967fb810941063022bc016fd69de9f05b9cb89209cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4b21f52362887c86bb334c418235b031

SHA1
a2faf58bf4393afe3ebca710edd3c2e47ed7bcc9

SHA256
2d3847d2c9ef6b8b9b6211f22a4f1ed770d0377b90e458c983a4af60d082c5e6

SHA512
11bf8664f9bdc50861f23bf91a996e8a2d007c7ff0904a615e975f01d4bccd45430473a57a9cbc1a4a5879b938248060f147e14745a6fe3d12319920f6cffb6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9ee0cd3b6c33117aa4b1271094ebc71d

SHA1
b598d7cfc1187bbc11fce1cf6ba596d7ce9d61ae

SHA256
e0f4006dc7461322658778a123db6c12bb92bd995caf08f95a4384f1b75f8e21

SHA512
a0a86cc517b17bdf87397f569bd776d39bbbbf377115aa26c8745a041900a486c52265cf5a6d6ed94b3d89171348086bb4bdf363139c21e72c61053055460535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
7cdc3fed5025b4a62c7f1a31eaa5c574

SHA1
77d2231714adb7107e7319f2f07ab439c60c66ac

SHA256
adcc996d15f877ecbc623d88c3c4c95330436295d76c4e52f6b3360cb0e5e6bd

SHA512
1bd29bf0a2042125fef04b2a2ec5ee669f0f2164df53bf840b34ed623824463fd5402912f9198106a1a4b761e3b3c23cc7fd95fd385da3309e0f361c8837e69e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit