hxxps://scruminc[.]cmail19[.]com/t/j-u-silkhg-hllkktykf-b/

Analysis

max time kernel
150s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
11/12/2023, 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://scruminc.cmail19.com/t/j-u-silkhg-hllkktykf-b/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133467903698975485"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
4912	chrome.exe
4912	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2872	2100	chrome.exe	88
PID 2100 wrote to memory of 2872	2100	chrome.exe	88
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 3248	2100	chrome.exe	90
PID 2100 wrote to memory of 992	2100	chrome.exe	91
PID 2100 wrote to memory of 992	2100	chrome.exe	91
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92
PID 2100 wrote to memory of 1780	2100	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://scruminc.cmail19.com/t/j-u-silkhg-hllkktykf-b/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdd489758,0x7ffcdd489768,0x7ffcdd489778
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1868,i,1834761439476097921,17350182869911298327,131072 /prefetch:2
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1868,i,1834761439476097921,17350182869911298327,131072 /prefetch:8
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1868,i,1834761439476097921,17350182869911298327,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1868,i,1834761439476097921,17350182869911298327,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1868,i,1834761439476097921,17350182869911298327,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1868,i,1834761439476097921,17350182869911298327,131072 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1868,i,1834761439476097921,17350182869911298327,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1868,i,1834761439476097921,17350182869911298327,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
9fb6bff2e232dbba6ee9bdaf9d694462

SHA1
07cc60fa7774c0a0b7770fc3427be1ea0b35250c

SHA256
eea97969cd389fee6e598575e411e53a9a244b816075a14e455b878739c5383d

SHA512
20ecf6d43637a7dcdf8f31bfd591e9cc6a3831eaf6e405570193d251bcb665f2f99bc72cf8a7c8234a1ca39c1460ecc1bed7eabe7e1d7ac1c568def3364d088d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
661b90f3115407df95c2ed6b872ca8cf

SHA1
74e2adc3ef7a3e50f50f22898496c782edfa1100

SHA256
90b403bb88ab117db53422d2e6a9ab1a1271534811779b2ed6cbf991a754610e

SHA512
7190c7ab1c7eecdb8d85acee965b4fc49d07b158ce8cdee31d9dd5c80de114a1aa7857fb83fbb3a45e4409492b500b3dcb8b2715d7f0dd683a0d3acd2ca2808c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aef15f69fde3c5c5a5ef1027aac77105

SHA1
6cb02ff24f12a99dfc754a7bac879f3449a8f9eb

SHA256
17fa4e4cc21ce42f78a6066007113d9dd0e3126c662daa43145a5fcb31f7a189

SHA512
0a77bb56138b120107f830dc96968626681c978e9220afa2cb1c89b93204a88912e8bfe556072e900d623682cf83ffa0cc7329165ef80bbc6d6bfb81a63950c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6e2fb8f51d545c8b85a7e2cef0ec651b

SHA1
fa7a7cb349bf7d7f3eb960ed98327fea22a6293a

SHA256
f8dd847cbfc90004fa385e5c3fc71e529d57fb61bb80bfc2dd0018c9faa397a9

SHA512
aa58513e06e65d33aba79a99403e7ef6656ac224adc28b8b6a6a8f5b491d9685fd285e7df105e7045cdb234712b98ac6e090a486c9981d34c4023ead2728ae4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5acf070cdeeb405e8f0aeaca4735da9f

SHA1
d0495b367c815a1a139b491d00f0d97cb158d51b

SHA256
8446c194aafcd417bd4a91490a50f08f95218c266efb51ba26310064bf8f06fa

SHA512
4fe2d594ad9c306ce8a4d633eb40f70647951342ad5906c2148db69b2c0926818336b47258df177e1075036e53dbb4cb93df48e8931d730ab4057796e09d48b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
024cfec77760fc40a0536001c1b7ec0a

SHA1
6991ec284b1caa31d2bb15c30c214a81548a81f9

SHA256
910e7d9fad5403f6ce94e8ae101d244ef7b73b9453d8dae11572f7f31e25f134

SHA512
cce3a6a534849daba82d2b4d0ece3b965314c5aeb5893b5448f5e3948a03b1793b65c0f2cc13b9cd93b2341d26906096d9259f6f8a8a3d4f770f11def34ba2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit