hxxp://c-and-a-nederland[.]com

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2023, 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://c-and-a-nederland.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133451427856274013"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe
3904	chrome.exe
3904	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 5048	2528	chrome.exe	16
PID 2528 wrote to memory of 5048	2528	chrome.exe	16
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 1900	2528	chrome.exe	88
PID 2528 wrote to memory of 3820	2528	chrome.exe	89
PID 2528 wrote to memory of 3820	2528	chrome.exe	89
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90
PID 2528 wrote to memory of 460	2528	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://c-and-a-nederland.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f8e9758,0x7ffb7f8e9768,0x7ffb7f8e9778
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1884,i,12040571740726418781,9522941891179334073,131072 /prefetch:2
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1884,i,12040571740726418781,9522941891179334073,131072 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1884,i,12040571740726418781,9522941891179334073,131072 /prefetch:8
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2764 --field-trial-handle=1884,i,12040571740726418781,9522941891179334073,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2748 --field-trial-handle=1884,i,12040571740726418781,9522941891179334073,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1884,i,12040571740726418781,9522941891179334073,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1884,i,12040571740726418781,9522941891179334073,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3948 --field-trial-handle=1884,i,12040571740726418781,9522941891179334073,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3104 --field-trial-handle=1884,i,12040571740726418781,9522941891179334073,131072 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3864 --field-trial-handle=1884,i,12040571740726418781,9522941891179334073,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5020 --field-trial-handle=1884,i,12040571740726418781,9522941891179334073,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 --field-trial-handle=1884,i,12040571740726418781,9522941891179334073,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2ec1cb65d89c554798bfbd1ccab101dc

SHA1
0860751fcdc01de55857612e1fbab81c1c6b39ff

SHA256
4ddc479dc823a7d43199fd217d40c9ad4bda27f6968dd4f6f7c97f048904e5ef

SHA512
f4d602bb6c87833f8f89e9402c895757a6ff0fc90e42641f0ca403407ea7175b1fbdd0b8bd5eabccc5458db4653fe33e828a848aa726e4fe1f01ab7db94ce1fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd02746afe0243a1127c2b0f1f32ecf4

SHA1
137846b5fa87c52abad02faa755fdfd7daddd746

SHA256
d5ce4e4c6a88ff4c13e8490da1c13106bce1555d92ae3abed8034b7180c079b4

SHA512
d13e5da2ef33e94ffef26efce82d020ab5d9b9b84e6250ec7793ec330183470705c584161c4edaa2dfed9096667ca451924d6cc7eb934343b5e68ab07a1b128a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
29a02c66c955951f86207780197e988a

SHA1
8fbcd226f5eb3f72b866d478355a9d40098be16d

SHA256
9760e2f2ccf0979c83d616a9dd04806beff2542fb321ebaec4ec9730a8a37714

SHA512
0ba254249a9fbb90a614da23300692de629cecc103e17315c6cd86b0e7c931dc9e7b3707dc0a2a808b396ce7ef97cc1e98697858c30f565f19079e9d36ed9510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
215KB

MD5
b927ba60f75fac2e2db77a38bcdeaa5f

SHA1
ca69167a96759ef0791036308f0064b268a1dd99

SHA256
796341a549187f13dc22a74c10155770a45b9bcd80f286a310458f616eea4b5d

SHA512
5247aabced411fb97b5364f19af550622fdc2cc6f7fc298ae432048791ae4a4778685efded8a2cbc056a4cb1621d196b16ecfed2d101eea1286527f671f5f392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit