hxxp://synergycorppro[.]com

Analysis

max time kernel
66s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://synergycorppro.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133477568972735306"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4148	chrome.exe
4148	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4148	chrome.exe
4148	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe
Token: SeShutdownPrivilege	4148	chrome.exe
Token: SeCreatePagefilePrivilege	4148	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe
4148	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4148 wrote to memory of 4004	4148	chrome.exe	89
PID 4148 wrote to memory of 4004	4148	chrome.exe	89
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 1396	4148	chrome.exe	94
PID 4148 wrote to memory of 724	4148	chrome.exe	93
PID 4148 wrote to memory of 724	4148	chrome.exe	93
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92
PID 4148 wrote to memory of 4056	4148	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://synergycorppro.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd67a49758,0x7ffd67a49768,0x7ffd67a49778
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1884,i,12298015382457008036,17027504534844865554,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,12298015382457008036,17027504534844865554,131072 /prefetch:8
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1884,i,12298015382457008036,17027504534844865554,131072 /prefetch:2
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2808 --field-trial-handle=1884,i,12298015382457008036,17027504534844865554,131072 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2800 --field-trial-handle=1884,i,12298015382457008036,17027504534844865554,131072 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 --field-trial-handle=1884,i,12298015382457008036,17027504534844865554,131072 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1884,i,12298015382457008036,17027504534844865554,131072 /prefetch:8
  2⤵
  PID:3048

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
a0a7287517a60aa76172aca86ae61447

SHA1
25871426314b077fbdc69cdbe8e9b61ea56457e5

SHA256
6f8f02d2ad3ba4a94e06fbf8cdedf4e6bf799179a2b8889d2429977ab11433f3

SHA512
152ee5715e963e8d62c5e102d0e9676f3d2cdf8eca1dc4624e1bcdd1f737a720ce486aa98850ada5adcb3fe11e91721ccf91ebc960447783396349087eda0b51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9e67c2c2-0cd6-4c5e-9ca7-89582fde454b.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
534a3727d82ee4d91caa7833a295bc34

SHA1
25f60c3eaca85bc5d9c33693d8d86c566fa69f8c

SHA256
cd0e5ff28e42100d37d412081a3c85068eb3625f31d0b33256d32a54f3124df9

SHA512
305904f64bbee6a867f9613fe11e1427734636fc951b2a653cea396b65b488f194f8033b4ee77cb24e674d12215ffaa0fa1354fad306e41738d5ebd42f83d6fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
907f388db48a55064d04da08ee1383f9

SHA1
97010b5497d0c531f509c2458d20f1c9b2fca448

SHA256
2859eb4bbe13ff538281c704ff7b986ba1a4ce87b8abdf5070318b219e781c1e

SHA512
b364f4791912db94cfad147d6d19befa9b8840075b0db6023c854f6530d7a3e76f81fbb91be1e5571613d6b38c195f61d7fc441a8d4c7d5405f17597159fc781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
362407fa1629774c781f88bb243eee31

SHA1
7a2c34cfeec16bfa3ba4812764b2b16daabdd2b9

SHA256
f94357834642221bb6ca7bd5863c868015d6710c3cceebfe8c6635a7a315cbb9

SHA512
6af817c23650aec73129b3c95ba3287230c4fd297d5540aeb8d8221e924e3e671828e4274a32c6258273b18e646143e345bb8e8f2860bf6d1e4cfbfd64835acc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f5e448b98a4c03be96c40afea1c1b599

SHA1
2afa4edff6c6eec439b117b4ff1fb1a331959474

SHA256
0a94b9a9e2a271b738716cb7a81848e6035ac0ba9f2bd98c4733a6383299b66e

SHA512
574f4d35f10bf4197fbb5a06a2c7f97e2c0e845180ecd0a9baca6576159d29fc8e4ece345c90ada9be6f94dec706df167f468ac6ad4957c2371b6ce1311635ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d131d0d55694ee506ca349ef95c81395

SHA1
ed11c87b85eac0c7491007b3cb98ffae3bf9bd2a

SHA256
1aa9fad95310f6e6425f5b1b0a2b148e9ea4f111f1bf8fcd8c5b9d247f94547e

SHA512
478f307ca3fc36ee971506181c6a410a16672a219143c9dc7f5e861950b313f63230f7533f7bf41fc43a2c3d2e4893989ab89e7d3bf7f338fca5439a051e04d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8267354b02c4df337dab8fd1325d833b

SHA1
32ea231ab9c65d7745313a25bae0e0d92929a84d

SHA256
c9d3411ce8578c7b0777caae85b29cf4f708fc4eaf831ac020b5feb4d1318812

SHA512
2fd9334f4370ae2e9ffe93de922369b525aad99d08f571b4bc7c9620a01bf003baaf423a651bae567018ea1c8e4d950db90b7626d9db857964846ba335aed356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
65KB

MD5
9dfc8b4139559a15f0a5a7f022838f7f

SHA1
0611f9268d0551dc63981eed569e65b5163bf26f

SHA256
30dfacffb9e5901d0faa4ae9347682858536f10876701d7da8d724428b39dbe7

SHA512
784106b8b7c4ae346be7c54f6034b70292fcd4e668684401f216a6d32e3a1ed9be747123384fb9460713f94c4d862f63633d5a50058a9421d87327f78a04f7b8

Download Submit