hxxps://action[.]azurecomm[.]net/api/a/c?r=AIAACRYRMQFYOI3NO3IHOGXBP53VJD4YAS5PLZNLO44ER6JT3RUXH7INN2VJP4BO6YSYDGXURJCQXAAHSC5LNFPMV3LCS6KP6OTWG2J5NCDGP2VWQDCFQUCEKF2I5QSLOGDKJKW7NL4BB7HNPLP2ZVBDKUQFFH2ZHPE3UBPNGAYZCOD2Q6VRPMI26O2VNEJH5W3WNWRQYGRYGLUL3E5W556HOLBZ7ZULLH5TVK7VCL62MRRZJFDQQBE3BP3F7PBQQGGT2LF4DUAZYFVIJAKFSOJLWDVNED7QXNK3NXYGDFZW6AEKF464KVIABPK5AZKNYFP2B5DOD5QA4QPNCELWAYW6UK3BGW537Q72BK33TZD44BWXREBB2ZNTAFAH6W7LITI42RK2M62FDQJDA5R7HLES2VAEU2SC7RXF7S3UYJPNTSLUFSJPF2UKVKP62HUHQTE4KGQVQ2YAUMV7NXY24UVX2BUVAGDPXHTE2O2TIHOPDWSLITOHFRUJIUDPHBDMJNPKC&d=AIAACD2M6UZ23T7AF7WN7SXTG4BLWFXCOE3CEIV2SKGRHMUBDDXGVWFQG4ST6PSJJFKOVDOISIA2Y7G6K5LQHG7APSSF7C2SR57TRDU72SREHDKPBJSUQBREO75XK3736CUIR5AARO433TQB6ZBFVFRGCIYY3O7XE7XNK4PYGQRGIBKBPNOZPFQZADSGHSL5RP2FIVKDLYGO6CKRVEHA54332BUTLRZKO4AAGRBTOC3WZZI5DBUSZSUZPBP7BYOUD4FLVQAC5DL3SK6LIFT4SGWGUWC4FWY&url=JY/NToNAFEbfhp0MEF1gMtFoS0uiNdRaUjZmuNzCtNwZMj+0vL20fstzzubrnBueGUP/cGycOYdGe4d2OIagiTHod0bA+UU2nM0gJOHQKOkm22m8J7ka0YJm9/kLho0R2KJ5lf/iFnlHv4SN9MSRhOyDGwBBg5Ct4r1udfBj0eQNhySOYL33sH6b6qTgwRYB5Xh3YpV1VbL3xer6WH/HCiiN4f3pVCcRDzKjaW4OSeor6qe6zCJRpnNbWSy38YGy4YM2Y11wHsyXlBXgpFb5gn/ulpfNaXn9WhTTHw==

Analysis

max time kernel
1s
max time network
77s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 08:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://action.azurecomm.net/api/a/c?r=AIAACRYRMQFYOI3NO3IHOGXBP53VJD4YAS5PLZNLO44ER6JT3RUXH7INN2VJP4BO6YSYDGXURJCQXAAHSC5LNFPMV3LCS6KP6OTWG2J5NCDGP2VWQDCFQUCEKF2I5QSLOGDKJKW7NL4BB7HNPLP2ZVBDKUQFFH2ZHPE3UBPNGAYZCOD2Q6VRPMI26O2VNEJH5W3WNWRQYGRYGLUL3E5W556HOLBZ7ZULLH5TVK7VCL62MRRZJFDQQBE3BP3F7PBQQGGT2LF4DUAZYFVIJAKFSOJLWDVNED7QXNK3NXYGDFZW6AEKF464KVIABPK5AZKNYFP2B5DOD5QA4QPNCELWAYW6UK3BGW537Q72BK33TZD44BWXREBB2ZNTAFAH6W7LITI42RK2M62FDQJDA5R7HLES2VAEU2SC7RXF7S3UYJPNTSLUFSJPF2UKVKP62HUHQTE4KGQVQ2YAUMV7NXY24UVX2BUVAGDPXHTE2O2TIHOPDWSLITOHFRUJIUDPHBDMJNPKC&d=AIAACD2M6UZ23T7AF7WN7SXTG4BLWFXCOE3CEIV2SKGRHMUBDDXGVWFQG4ST6PSJJFKOVDOISIA2Y7G6K5LQHG7APSSF7C2SR57TRDU72SREHDKPBJSUQBREO75XK3736CUIR5AARO433TQB6ZBFVFRGCIYY3O7XE7XNK4PYGQRGIBKBPNOZPFQZADSGHSL5RP2FIVKDLYGO6CKRVEHA54332BUTLRZKO4AAGRBTOC3WZZI5DBUSZSUZPBP7BYOUD4FLVQAC5DL3SK6LIFT4SGWGUWC4FWY&url=JY/NToNAFEbfhp0MEF1gMtFoS0uiNdRaUjZmuNzCtNwZMj+0vL20fstzzubrnBueGUP/cGycOYdGe4d2OIagiTHod0bA+UU2nM0gJOHQKOkm22m8J7ka0YJm9/kLho0R2KJ5lf/iFnlHv4SN9MSRhOyDGwBBg5Ct4r1udfBj0eQNhySOYL33sH6b6qTgwRYB5Xh3YpV1VbL3xer6WH/HCiiN4f3pVCcRDzKjaW4OSeor6qe6zCJRpnNbWSy38YGy4YM2Y11wHsyXlBXgpFb5gn/ulpfNaXn9WhTTHw==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3468	chrome.exe
3468	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3468	chrome.exe
3468	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3468 wrote to memory of 2104	3468	chrome.exe	61
PID 3468 wrote to memory of 2104	3468	chrome.exe	61
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 2820	3468	chrome.exe	91
PID 3468 wrote to memory of 4996	3468	chrome.exe	93
PID 3468 wrote to memory of 4996	3468	chrome.exe	93
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92
PID 3468 wrote to memory of 2248	3468	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://action.azurecomm.net/api/a/c?r=AIAACRYRMQFYOI3NO3IHOGXBP53VJD4YAS5PLZNLO44ER6JT3RUXH7INN2VJP4BO6YSYDGXURJCQXAAHSC5LNFPMV3LCS6KP6OTWG2J5NCDGP2VWQDCFQUCEKF2I5QSLOGDKJKW7NL4BB7HNPLP2ZVBDKUQFFH2ZHPE3UBPNGAYZCOD2Q6VRPMI26O2VNEJH5W3WNWRQYGRYGLUL3E5W556HOLBZ7ZULLH5TVK7VCL62MRRZJFDQQBE3BP3F7PBQQGGT2LF4DUAZYFVIJAKFSOJLWDVNED7QXNK3NXYGDFZW6AEKF464KVIABPK5AZKNYFP2B5DOD5QA4QPNCELWAYW6UK3BGW537Q72BK33TZD44BWXREBB2ZNTAFAH6W7LITI42RK2M62FDQJDA5R7HLES2VAEU2SC7RXF7S3UYJPNTSLUFSJPF2UKVKP62HUHQTE4KGQVQ2YAUMV7NXY24UVX2BUVAGDPXHTE2O2TIHOPDWSLITOHFRUJIUDPHBDMJNPKC&d=AIAACD2M6UZ23T7AF7WN7SXTG4BLWFXCOE3CEIV2SKGRHMUBDDXGVWFQG4ST6PSJJFKOVDOISIA2Y7G6K5LQHG7APSSF7C2SR57TRDU72SREHDKPBJSUQBREO75XK3736CUIR5AARO433TQB6ZBFVFRGCIYY3O7XE7XNK4PYGQRGIBKBPNOZPFQZADSGHSL5RP2FIVKDLYGO6CKRVEHA54332BUTLRZKO4AAGRBTOC3WZZI5DBUSZSUZPBP7BYOUD4FLVQAC5DL3SK6LIFT4SGWGUWC4FWY&url=JY/NToNAFEbfhp0MEF1gMtFoS0uiNdRaUjZmuNzCtNwZMj+0vL20fstzzubrnBueGUP/cGycOYdGe4d2OIagiTHod0bA+UU2nM0gJOHQKOkm22m8J7ka0YJm9/kLho0R2KJ5lf/iFnlHv4SN9MSRhOyDGwBBg5Ct4r1udfBj0eQNhySOYL33sH6b6qTgwRYB5Xh3YpV1VbL3xer6WH/HCiiN4f3pVCcRDzKjaW4OSeor6qe6zCJRpnNbWSy38YGy4YM2Y11wHsyXlBXgpFb5gn/ulpfNaXn9WhTTHw==
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xdc,0x100,0x104,0x9c,0x108,0x7ffe22509758,0x7ffe22509768,0x7ffe22509778
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1868,i,16140417845497754505,2336751512823126236,131072 /prefetch:2
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1868,i,16140417845497754505,2336751512823126236,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1868,i,16140417845497754505,2336751512823126236,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1868,i,16140417845497754505,2336751512823126236,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1868,i,16140417845497754505,2336751512823126236,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4920 --field-trial-handle=1868,i,16140417845497754505,2336751512823126236,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1868,i,16140417845497754505,2336751512823126236,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1868,i,16140417845497754505,2336751512823126236,131072 /prefetch:8
  2⤵
  PID:3228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ad76cfad3e6061f7ef4fc824f8ff49f2

SHA1
948b4bb864718349792a695bf25c3a6819e6e4ae

SHA256
a33f4113241ea5135d864b80e26d02cda80969a6277da7c9c3a0e7f20d87a60d

SHA512
fc7136072e5f52c9f38675cd9ae1fdefc8b94cd0b94cb4bc7b6ee55261785365e0bec33c68c13693c96eadc0e4e9d655289714b18d5e5dfd8d1b21e0950406e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
f6a643c62a458438fd205d4a21eeb3f7

SHA1
339fc6859a6516d00a3bf7770326f72a79c8a318

SHA256
ab60851055e0d0f60657e240c699e41f1e98554ab6a1a414ff998093bd3ff0fe

SHA512
83ce47ee421f891add202ee7c3b76a8b08c131b4c4c0f181c1f53d7315884feaa1c49d227444b166012aa34b65035e60999a61ea4b5c192be2f0be0b9edd4f3d

Download Submit