hxxps://stonkstime[.]com/event

Analysis

max time kernel
600s
max time network
490s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2023 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://stonkstime.com/event

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133467995480365517"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 2228	3872	chrome.exe	86
PID 3872 wrote to memory of 2228	3872	chrome.exe	86
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3724	3872	chrome.exe	88
PID 3872 wrote to memory of 3508	3872	chrome.exe	89
PID 3872 wrote to memory of 3508	3872	chrome.exe	89
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90
PID 3872 wrote to memory of 2912	3872	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://stonkstime.com/event
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa78a09758,0x7ffa78a09768,0x7ffa78a09778
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1892,i,11597507776724919106,18112171411086126660,131072 /prefetch:2
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1892,i,11597507776724919106,18112171411086126660,131072 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1892,i,11597507776724919106,18112171411086126660,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1892,i,11597507776724919106,18112171411086126660,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1892,i,11597507776724919106,18112171411086126660,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1892,i,11597507776724919106,18112171411086126660,131072 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1892,i,11597507776724919106,18112171411086126660,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2400 --field-trial-handle=1892,i,11597507776724919106,18112171411086126660,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
116dac9b06d43f25bff11ac795901b6b

SHA1
9a8799d25dd4a43382ab2ed4fe3fb539d448389a

SHA256
9d8545522ab7df6e128d9adcd184f24ba197184f6f9e75c635c3d13db2693e21

SHA512
a69cfa2963d287c9ed94d77c26d0a0c1ccedf61ab65c2543c5abe71336620f27f1a274778a847f1b032d89b9006c69886b76f7f1d741a855045d6cd469e30583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5fef289f49f54c1c59b86eb6a5271e7a

SHA1
9080ad2796ddf8dc695a51de3e23de4cb55d344a

SHA256
8cf6f1a94457807ebd0275ac64a3a0aa84604f4763c04d40b6e4d31ff77d21c4

SHA512
22eb8538f5dc3cc376168b8779174789cfed0821240b2e52289999bcaf1ab8ff268741f642ee142a8afa7f9be23e484835094938eb670b3074d32c54d746f74c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
017062e0462d2ff324e89286fe683b73

SHA1
1c18df022b03b3835c79258486a5940567a5bd2d

SHA256
c93b52f5f10ccaba3c63f05698856b0cc53650e90b4b84345ff27b4db13724ea

SHA512
ee6f4afa79ad20ba42923e128843a343125aedcb32eb936b110e223337999bf14391a19330a9e0710e14556ee72f889803adb6408e4276014bcdd47fd8a56e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5f416d607752a68c0545b5487ada8aa6

SHA1
1ef57a97170eeb70d19913f893e68a55268908bb

SHA256
f65acbd285d8a10c5f5ec9fb2de2261a02782e2659df4cea4a4f78842f84db39

SHA512
6cfd1813a01526dcfcdeb974b640138f0615eda3ed43bf83dbbcc4e3095abd9896809f4269d591f315df4c754367335d72ddde3791d59a03e24f3c651bfef4ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
815cff430143f4137747dd875c959b86

SHA1
8cb0a5f54b988a266b0879d78f0df8150af40c2f

SHA256
ed6a60a2c7749f771e937492880cc1b90a5726205dadc0f04db4dad1f59a374c

SHA512
ab20c164ef3ac71719a24f4f75502fb74b2f6c20ebd37fcb712d60b78d4229ee60bf5e88dbb0bf26e4e72d9aaebf346d53b59c93253f949c0a7a3774b82d630f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit