Analysis
-
max time kernel
42s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
03-01-2024 17:04
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.ourstompingground.org/
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
http://www.ourstompingground.org/
Resource
win10v2004-20231222-en
windows10-2004-x64
General
-
Target
http://www.ourstompingground.org/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3036 chrome.exe 3036 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe Token: SeShutdownPrivilege 3036 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe 3036 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3036 wrote to memory of 3052 3036 chrome.exe 28 PID 3036 wrote to memory of 3052 3036 chrome.exe 28 PID 3036 wrote to memory of 3052 3036 chrome.exe 28 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 2688 3036 chrome.exe 30 PID 3036 wrote to memory of 1744 3036 chrome.exe 31 PID 3036 wrote to memory of 1744 3036 chrome.exe 31 PID 3036 wrote to memory of 1744 3036 chrome.exe 31 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32 PID 3036 wrote to memory of 2964 3036 chrome.exe 32
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.ourstompingground.org/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3036 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7159758,0x7fef7159768,0x7fef71597782⤵PID:3052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1324,i,413635310091525255,1997498502516130010,131072 /prefetch:22⤵PID:2688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1324,i,413635310091525255,1997498502516130010,131072 /prefetch:82⤵PID:1744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1324,i,413635310091525255,1997498502516130010,131072 /prefetch:82⤵PID:2964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1324,i,413635310091525255,1997498502516130010,131072 /prefetch:12⤵PID:2516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1324,i,413635310091525255,1997498502516130010,131072 /prefetch:12⤵PID:1080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2724 --field-trial-handle=1324,i,413635310091525255,1997498502516130010,131072 /prefetch:22⤵PID:1756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3548 --field-trial-handle=1324,i,413635310091525255,1997498502516130010,131072 /prefetch:82⤵PID:1704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3628 --field-trial-handle=1324,i,413635310091525255,1997498502516130010,131072 /prefetch:12⤵PID:1812
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:584
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54a693993b0f584755fa3b5556b45da4e
SHA1b17b6bc82e9177d222955190bd77ed917cbf3995
SHA2560b85128193279b80050df762a1b95110f5762b483fddd273db21b4970d02b785
SHA512c81c4dd362dde7f27a819041532d0c843ede22c6c14cb74cea2105636a8056949b8dcea3136a9ef26fb9fb763ee17578a421585d48ba63064067b97ca8be76e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5251413bbd7400596d47a971ee784f57d
SHA136b2e2a2c03260fa1746d895f71a534913128aca
SHA2563c596add098abe8b9fdac28a80acb736c86fede53297dc86c58bd4af9b44916a
SHA512236665ba044af5c863e18c66e8832e1a77fbfc0fad5f12edba61ea17eee914bc70040e7dfb0ba567ffd9f36af7a01ceead2b199c19ba863da54872f0fcb0266c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD590d1508b9de13d6f339dc8df4d4011b5
SHA1074d9b07025c657bcd5196f3af7e1c95fc72723d
SHA2568522a87572e797fbecf78352c6762efbbdc23137d05b07df9e682a4b57f3a5e2
SHA512641f60dcabab74afb552d180b88bfa670be49c9713e83c8c7ee005bdb8c2b482cf48fe666e3c6c4b5cb0ed76304be1e12e565d5a7c25ca073f3d46dda74edf6d
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD584ab1a64353051a1fdb6553d80925add
SHA1a704482a182c9933e99909763bcfa00e32b64514
SHA2565b63e71f80cc27bd796ad2aaaa98b5f01995ae8d80f2f585194aa6f74e36fbec
SHA512a2ae6140a8fa2e3c1e57fe5baad837e752faefe7d7446f5c27a252de21ccdd3d5c4048e0b2144e862b9810267c52ce64cb75a0709a6d794208176008607eb9a9
-
Filesize
1KB
MD5bac960e06328365bf9f5693955b19346
SHA1988e5154159e5ed8ab78487c66a31732e2d8e7c3
SHA256446dd0388d6b3d24331adf2a1b2770d7e4a291d1f5a87a4d99cef3a1d72aac06
SHA512a8ef82e81282a38915e07f3016313f8fcfa66b597c6ed661c71c359ecc76793d51ff7c4f8817bddab834ee48991edd65298ad34090ff5f54f6c59d4247a631ff
-
Filesize
1KB
MD557b60e8f426cd22771424e2326ed766a
SHA1233f43957412bd2fc0d5aa9d8e83bd7028b23026
SHA256a53930699d462d3a2d1f0b5f8a760352d9a596ba10b0d3f516d60b613c31f607
SHA512cd5c1d51532272fc27db2b02f56b98e5ece43558ccb6e1845351f2be99e5077ed73f33b45f170e6917d6734fb2f508e5e6b3f4452361904d3facab0eda23da91
-
Filesize
4KB
MD524e003c1312764ba3a31b05b53ae5a0d
SHA16095468489fd0b55d3d8f2eccb6368d8d7250515
SHA2569cc61f793e384e3e2b1cd1d8828b2cb759ee02885b3ce2c89d1c583a8ad8e83a
SHA512f7c90e59d0ec862cea2f85d1acb58182fdf84f51bdd1e35314cace09f1237a14864fe7c144409ce6603bc0682224aba196c0f867aa86265e787493ce398333f2
-
Filesize
4KB
MD54c1caf514b8a053a9bb0262a1a0aabc7
SHA115ee5ceb58541f20327cd8fcff0503cca0d41c2a
SHA2563870473ef8f5be61750db40ed0962e09985b8610b5fc9ecc26d5374fd91dfb0b
SHA512e7fbd465347eb6e5e40cfd2848294fcc72c7aae8ba41c485f08602f8d907249406da7661587ce3432b6c450516b82a07b2a7179a8c8fd3eb7f93de3cb48f260f
-
Filesize
5KB
MD59fc4aed18a4c6a1c31558c840583c1ab
SHA1d9b5fab71f88c9ec57a25459d1b610a318cd221d
SHA256fa33fbd957eed3a0fa1d01512b00f5a474a15ac8266c51ef031cd6d629e0eaf0
SHA512c1c752f1f73de3fda2db1896329e0c0e1d16990cd998be0af00a2407e23e1bb2e8fbe19b4ae372881a7d1e4438b0d8ef94932778a32d7e03bcecfa8b428907fc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06