hxxps://endoftheage[.]org/385617HP0nN20253mP55828bK0Nx8009uu

Analysis

max time kernel
115s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
12/12/2023, 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://endoftheage.org/385617HP0nN20253mP55828bK0Nx8009uu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133468645737896450"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1872	chrome.exe
1872	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 4560	1872	chrome.exe	85
PID 1872 wrote to memory of 4560	1872	chrome.exe	85
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 4056	1872	chrome.exe	88
PID 1872 wrote to memory of 5028	1872	chrome.exe	90
PID 1872 wrote to memory of 5028	1872	chrome.exe	90
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89
PID 1872 wrote to memory of 4520	1872	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://endoftheage.org/385617HP0nN20253mP55828bK0Nx8009uu
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe89cb9758,0x7ffe89cb9768,0x7ffe89cb9778
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1856,i,3371476441093607801,4668449459361082287,131072 /prefetch:2
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1728 --field-trial-handle=1856,i,3371476441093607801,4668449459361082287,131072 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1856,i,3371476441093607801,4668449459361082287,131072 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1856,i,3371476441093607801,4668449459361082287,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3340 --field-trial-handle=1856,i,3371476441093607801,4668449459361082287,131072 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5040 --field-trial-handle=1856,i,3371476441093607801,4668449459361082287,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1856,i,3371476441093607801,4668449459361082287,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1856,i,3371476441093607801,4668449459361082287,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1856,i,3371476441093607801,4668449459361082287,131072 /prefetch:8
  2⤵
  PID:1404

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
d68974a9ebab4b06bf170fdcda73b776

SHA1
390f235ae5a83c6c059c6f4d8cef58ad475f7fff

SHA256
bbf6f8aea3f6e4ff0b234bcd3561c93dd462a3f1814855214e642e5ef6ca6a1f

SHA512
e64ff40f6ac2d0667475fb86b0bf311f8836ddfef0752d37c6ea5d8b01984a3d56c64c2ca8767dce6e27a0a58e0da20a8f5acf66ab047b7986fac5407b2b822b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7125ae9ba1c3b7121c7c915d1cb4335e

SHA1
ba1563e6d06f293eeca0f3729e8c424b18a5cb5c

SHA256
3cc235218be367a66725be5f76c99c8b5e9e114ee2d94df1452dd7baa207d812

SHA512
3e042ced0149d4d80a9bb3f50c1dca8195b736d6ef036589ae7682bcabe419d4798eb0417711fae6f5fe855876d4dda98a4d5785ed9ddcfbb6602e1004751949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
7be1872a83718ad5af5d998f472e41a2

SHA1
15e4e00a04f14144eb827ad85f5eccba83fe766a

SHA256
82f13b161b562f5a59528f4b835014561581648675c66ec4b3192e1aeb8a3729

SHA512
a255df4f6287cc9cce173f0ff34a66b22df1ff35978a4fb4de4409a52661c12dea718efa3378c6a837a1b712661c3727cde1bca39ec5c4011393187293a3cc6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6e41573d8a0fa02bddfe4befca4c4178

SHA1
23a4e3981612b53c434ae046acaf5741bda00123

SHA256
f4aa4d8015c97d0e23e5d09832bc3965b99d34b27cd4b52db784d65f5fc87d90

SHA512
1d3438102e30d9479cec999d21b47f9424d6a31d7ef932ba7033203250b0fbc7ae8d982da1e78d749628c9b4d3de48ec960450a58df2590222192b5802e9bd85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3177418d8472ffd47b98682ad344c9c1

SHA1
84f84c5fd206ec2e7745c6a55d6f04e2e5c451d9

SHA256
4e436177985b8e437ea7ac3e454602022bbdd5cc3a6fb55e7d1e544c3c8a07d0

SHA512
82de0c18c82359fffb1b20fe773aa42ec7dc17bf201ba1193ce219000f0abf1da0b4ad68a1239e61dc7dada14ded6b57de19dd1c982d44add7e7e9c7275fb26f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
39099425c534ed73c9ee7450f11e6053

SHA1
40df3a4cb6c7a36536898346c518924289149c00

SHA256
0962854a59042127f223bd5a0b9e753d45d95a341fd572311162ca2b389868aa

SHA512
625afd3682d717adbf3732d4328463c93244a8e88d1b58c09754073af6f8d5668eb610341753a7a480bd0f8b41402abf68a38f59db8998a867ea7eddd22490c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
8e767d551006cbf7bfc7cb72bfad15fb

SHA1
72f2c1a5f323793f9f77762b252a3e7d34a67faf

SHA256
a2a7ee1e7c6ae3e8fce7f7d1052a92fcc241459eddbdd3b6fcde963b145d20fd

SHA512
25550a2d19f895221b787a24c1ea92300555dd0c1537c3a63473b6be06c285b6b5b8d3d229b10ed244efd9092e3425304925bdf7d7ceebec4c3fb6653754e6df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit