hxxp://tinyurl[.]com/53rrc6nh

Resubmissions

30/12/2023, 15:22

231230-ssb6pscec6 1

30/12/2023, 15:19

231230-sqaj4acec3 1

Analysis

max time kernel
179s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tinyurl.com/53rrc6nh

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133484232132404829"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3656	chrome.exe
3656	chrome.exe
2644	chrome.exe
2644	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3656 wrote to memory of 2948	3656	chrome.exe	87
PID 3656 wrote to memory of 2948	3656	chrome.exe	87
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 3192	3656	chrome.exe	90
PID 3656 wrote to memory of 4364	3656	chrome.exe	92
PID 3656 wrote to memory of 4364	3656	chrome.exe	92
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91
PID 3656 wrote to memory of 2324	3656	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tinyurl.com/53rrc6nh
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7f3b9758,0x7ffe7f3b9768,0x7ffe7f3b9778
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1884,i,8084920522234658300,11317276202820017238,131072 /prefetch:2
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1884,i,8084920522234658300,11317276202820017238,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1884,i,8084920522234658300,11317276202820017238,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1884,i,8084920522234658300,11317276202820017238,131072 /prefetch:1
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1884,i,8084920522234658300,11317276202820017238,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4796 --field-trial-handle=1884,i,8084920522234658300,11317276202820017238,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1884,i,8084920522234658300,11317276202820017238,131072 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1884,i,8084920522234658300,11317276202820017238,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3768 --field-trial-handle=1884,i,8084920522234658300,11317276202820017238,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2644

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
f94cb1b5130c7ee0a4f2eb95629ebaf2

SHA1
c0016a2ac784b86e597a7688b2126ecd85c7316f

SHA256
e490ca043ae8c786b9786605ae859e310c872685c7b1b0a347beaa09650ad087

SHA512
78e1fd966aa11ee01ac16c0ade634229adec2c4af2bc8d62e1e816549a49d04920f7e4ff73ac0463d6627ce545b339f063cc5f2417b8402cdca4edb510b7bb15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dd8eb4a736156f2463f9c2ee8fd95a5a

SHA1
48c66cfafbfb1cbb60248d135b2a0c991bb826a3

SHA256
9f77b6a0c875c2fe9b462181abb5d4c78a3d518da9b9bb18c0a958dc35bf1dd2

SHA512
29086b2e9244452f9a9479c4a3a00e9a27cccc761c40b7a2a6cf3991f05eed4fe2c5ed2d58ee0244476d775395d9968b80ed7d43405ef02719fe5bed9604a438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c7561b23cdc08ae694b1441feae82a20

SHA1
dfa0cdaa85ff0c47ce83fbb2553e19653c34f1a8

SHA256
247aac717cca7340fecd05a44ac863f4a1546d6b5997cf74aa533bba6f895a30

SHA512
d87a501b17387bab06f14c7c07c89ba2934bfcc6a4c17c20e653cfc8cbf27afcea5a7d2329b3de72dfd70e1da238ae46285049fe0ce8d858564e3c709761968e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c9206ef28cf204fd0e0b4f95c984936d

SHA1
4b7984167c1d44a48c32016c02d6b94aa7af2f1e

SHA256
0f13be5e23f4c4f8a4c2c206cc3cb36df05f865f1c4ed9deac0bf92df737cac2

SHA512
7e8bc780308f33efce7075e6a3fc918f523a3fa6a8106b7b46faf1c0ec86384dbef025225aac9abdf33f70c5f5c561ed73e28e68417837474dd322f42155b391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
bce0005ea67ab9b62812a5d962b0e4d9

SHA1
322228b4dae97dc229056c4a832dc41929ecea6b

SHA256
76a42b97c28836559b13037d8020fa99c05952be02fd7954913aad47e68aede6

SHA512
d6d26826d827052c1bf7e3046609660cc78a2bc5b71703b0133c00de53757ccc2068fe8718da535818780754036373e0282e402a60c7ce442e9009190bcbaebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit