hxxp://www[.]mcgop[.]com/

Analysis

max time kernel
0s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.mcgop.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 2100	3304	chrome.exe	14
PID 3304 wrote to memory of 2100	3304	chrome.exe	14
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 2136	3304	chrome.exe	25
PID 3304 wrote to memory of 4380	3304	chrome.exe	24
PID 3304 wrote to memory of 4380	3304	chrome.exe	24

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb0ad9758,0x7ffcb0ad9768,0x7ffcb0ad9778
1⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.mcgop.com/
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1816,i,9612692759920250331,12031962230204386071,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1816,i,9612692759920250331,12031962230204386071,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1816,i,9612692759920250331,12031962230204386071,131072 /prefetch:2
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2788 --field-trial-handle=1816,i,9612692759920250331,12031962230204386071,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2796 --field-trial-handle=1816,i,9612692759920250331,12031962230204386071,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1816,i,9612692759920250331,12031962230204386071,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5088 --field-trial-handle=1816,i,9612692759920250331,12031962230204386071,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4968 --field-trial-handle=1816,i,9612692759920250331,12031962230204386071,131072 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1816,i,9612692759920250331,12031962230204386071,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1816,i,9612692759920250331,12031962230204386071,131072 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2352 --field-trial-handle=1816,i,9612692759920250331,12031962230204386071,131072 /prefetch:2
  2⤵
  PID:4080

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
822719103de2c5aa3bbc133de09f9560

SHA1
ceefe64dd24cf95069650b8a097d30e59d79c1e0

SHA256
a2b8e149daf8bcd375621b3b1e8721f61937a7dba7cd88df9e1bf25f6b324966

SHA512
b5d33389e70fc3650d6720d83b0f659739e92b8e739cdba1bcb61306d8181060dc68d49e44ed00b7e740023c19999143d21b9622821115e8bf2744d2a85924df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4d00b3a04b9f12f5d0a4465787c442bf

SHA1
25b7f4d33302de65112ed446c608376ddccd9a26

SHA256
4ff76e71f6aed51e2c1e8cc62ee1488ca733376ead1f72dd22eb3d6c5af5e357

SHA512
7f79e86c038267bb30b4f17bebc34f1a9e5b368400d667a7f37aa04140b24c820415f291fa40df650aa3b327e1591c97247078e85c73bb2390214dae2de54daa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
93868cc935002a621546aca23ec73725

SHA1
5e5274e6888cad48a361880b1c7062c89ebe9d73

SHA256
f55311f17f7a111205441f3d61857587d005212b9996e7160b18bfc24392c1e1

SHA512
5288af049e1ff3c24d19baf8f7017d76add789c15ce727653cfc4ac36620fbc457139f55bbc7effa42072faf48c2916927e975c7cb27197415fe66732eada5fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5b8c6cb0baa88cc87e0fec44beda1482

SHA1
f23833a4e4f111c51f3e107858827489b22cdefe

SHA256
3f5c4405e08a55ef851ff7ecb5ea5e539b0b2bf5ff93c231b8bade505b72ba11

SHA512
e7bdcade094e32cade475fb4794009103f377ecd2b77420406bc3db84e47da939593a7b5fc5ed79edf3b56a33f6bb922bf0048e1f7c442490ffadb5a0c313e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
51KB

MD5
f42225c59534d29f2902361566c73272

SHA1
74c7968a57187ca63191ecea23ea7801bac9b590

SHA256
884d968af7a60001e87e35332be72f8318575d7962e3aed4c4f251ea2d7292e4

SHA512
ef2c8674d76eb46830e230b0e14ddb6a4606a902a7c84fa5cb0dc5bb54e9eb10afdd0fbeffd8037f9e8dfa6bd9402a711baac69077c0ad834f4f8b73e647ac06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit