hxxps://bit[.]ly/apac-will-au

Analysis

max time kernel
600s
max time network
592s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2023, 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bit.ly/apac-will-au

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133455231955510251"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2444	chrome.exe
2444	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe
Token: SeShutdownPrivilege	2444	chrome.exe
Token: SeCreatePagefilePrivilege	2444	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe
2444	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 1412	2444	chrome.exe	83
PID 2444 wrote to memory of 1412	2444	chrome.exe	83
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1972	2444	chrome.exe	85
PID 2444 wrote to memory of 1120	2444	chrome.exe	86
PID 2444 wrote to memory of 1120	2444	chrome.exe	86
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87
PID 2444 wrote to memory of 1240	2444	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bit.ly/apac-will-au
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd3ce9758,0x7ffcd3ce9768,0x7ffcd3ce9778
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1820,i,12771097787514460929,13874769613008606560,131072 /prefetch:2
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1820,i,12771097787514460929,13874769613008606560,131072 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1820,i,12771097787514460929,13874769613008606560,131072 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1820,i,12771097787514460929,13874769613008606560,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1820,i,12771097787514460929,13874769613008606560,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3884 --field-trial-handle=1820,i,12771097787514460929,13874769613008606560,131072 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1820,i,12771097787514460929,13874769613008606560,131072 /prefetch:8
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1820,i,12771097787514460929,13874769613008606560,131072 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2808 --field-trial-handle=1820,i,12771097787514460929,13874769613008606560,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3928

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
66439a5945fa19c342018c8ed31a3af5

SHA1
025ccd988aaf3cba6e9033864cfb8d4d0501d7c3

SHA256
de42bd7b86496e90a1e3c4b9ef7de4eff380b7aa0918cfbc9eac4c60655d347f

SHA512
99bb898c33b5701b91f3155877fa8777a0b191b3b27e3225ea8ecf612dd3f3f601c46822e52e95a7be9fd80449cbdaae75a4303c663deec802673175e17f8c69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
891B

MD5
ffcd0137adc3e86e3fdef4db2b406f36

SHA1
b47063630fa33964fc7fb2ce2767ce0322a37746

SHA256
0f5157fa5c32b14459cf912f120e58d21ccc553b1e547022d31c888e63f64933

SHA512
e93d089d90d8bf6964c17f79cfcc9e7970b227c1b1ee2b8f4a56dd20e2814409d5586df33dfac463b5eadb4614412abbe4ff45caa835f1f90469a6db11ddeaab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4974358bed2f8b55263e00d7cc354c6d

SHA1
fddabbcb3fc083165e2df2aef3484920f96a05d0

SHA256
0d68543cc988aaefa0751f13abd68537b81ddcb00a27d0d14c12a5661057fb1b

SHA512
cf091d3f9e2a7f9132f163bbed94154560d9e5e9545895a5d902edecc39e64a95c30932e198d2cc4841faed729a9af4d72a99372479d49dec5b1b1638439ffe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
534B

MD5
bd34f7c97251219359efb3a33f6aca7a

SHA1
c5ccd740e5bddad63ad027a20c088616fb458e7f

SHA256
298cb66871ca3e660cd63539bd935b4909d0c7a5c307468d0ad053f738701006

SHA512
684bfdcec1e3305e601cefd6f42ca40d1c5416de41aecbbefba404ff6c14a03c86b9e4a4731afc83c85dac161b5aa2cd0b829f9f4955c84d1ebcdba76e8c3f44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d6111c81ff3feb90bf3ad70696b8591a

SHA1
67042a2794cc680ff4a3ed56a793c2ed81a0f516

SHA256
e638a059b40bc1c33d3b975276d560380041e8021ea602a0d9c385d17ded7e7f

SHA512
8586defcc60c31775366bddf14a80483899cdd94c0a655206c54f65d4e080ef8aa25656cd46489ea6d5b6d1b513aa479b4296b9ad5385f9e2f9e911db1101564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c478f667b2f2bbf4c4f42027637fa723

SHA1
92ad102dd1bb0cff774e07d3389f486f8efef0eb

SHA256
2bc3c5225150e300359e9cabe648b910cdc36d4d413d2a240e14709aabdab171

SHA512
ba0a405592b3a66baa4a1cf166656ffe5cb80a556c0b0ded2bc45efbf5af66d9a8ad0cf738d588c233b8c1c216f6484bfea06d603c9d669210a8b88674793dc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a6093bd93ffcec59b1fc6ae5fd73be9e

SHA1
151b7f4822e1883f2c6657218954d359ffef8b93

SHA256
0bb86ecf92d97938b75cff1969764c04b58a7ce981ef1c0bf0b8f3973641daa6

SHA512
abd249b0438075740b88e2ec2293fc0655cb1060fd468179ac06a2b0658f8d3b625576b5c0883da72662352d8d3c5019cbfc7a583c67db40f8effc83f3699262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
f79a862442f33934ee1f5261bcf1c695

SHA1
44608704660777c29ae03edcc5dbaf1f43fb793c

SHA256
5f4a13a95f1234b5696468043cd663ffd13ca50bc52ae972f8aff65bb0c8f16f

SHA512
d47e168dc91cd7bde6c4c95808d5effc5bae7ebf3627522b78615894f7382ea232259c60e1535da4bf6996e19dc53c303e34014a81e5723c402d2e7c9ff9acdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit