hxxp://www[.]ourstompingground[.]org/

Analysis

max time kernel
0s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.ourstompingground.org/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 3628	1368	chrome.exe	14
PID 1368 wrote to memory of 3628	1368	chrome.exe	14
PID 1368 wrote to memory of 2544	1368	chrome.exe	28

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3bd79758,0x7ffe3bd79768,0x7ffe3bd79778
1⤵
PID:3628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.ourstompingground.org/
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1896,i,15580318509117488067,12403813110725640215,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1896,i,15580318509117488067,12403813110725640215,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1896,i,15580318509117488067,12403813110725640215,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1896,i,15580318509117488067,12403813110725640215,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1896,i,15580318509117488067,12403813110725640215,131072 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3956 --field-trial-handle=1896,i,15580318509117488067,12403813110725640215,131072 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1896,i,15580318509117488067,12403813110725640215,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1896,i,15580318509117488067,12403813110725640215,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3732 --field-trial-handle=1896,i,15580318509117488067,12403813110725640215,131072 /prefetch:2
  2⤵
  PID:1016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
6dd732ae207fb7ccdd667e733265cb7d

SHA1
d91d13b689c3e897c8c03b798a5fb7c50ee3d3bf

SHA256
921e3a3cea1201b1bbddd04ca84a687d1df9fe0068817827b502990aa4cf70b2

SHA512
d8273c51b2df089e7607559ec1621d5827385e786ea831550aa9365ab3d9f535cc59502dc5ce997956a0ab45cad2b6390142bba3e39f23aae739c04a023163e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4ed52884-c500-4f33-99cd-9a2771421a3e.tmp

Filesize
1KB

MD5
a28d59d7491f2c5004278e1caeced5d1

SHA1
fa20fc439f28fd9090d7e9284099122b07158bc0

SHA256
91b9e6f473fe71db19d8bbba5546666548e4b2d2c252af6a4368a2619964e089

SHA512
90a737d1b0d1b3a03c999c7cc13a3e3ea78a36631cf27b3584124e4de73de1175f47acf4efe2449cdb7cc036d6eae06eae87c7e590e117c2b16b4fe4f310c240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f1bc9e4946b893d76894597b41e090d2

SHA1
dc38793b9a473f9251fd2df8a1f40f8ffc541bbe

SHA256
b401caa6f5a2f71c080672b7c848b168144aca0ab3fe5cf4dfb9d7bc32c25728

SHA512
13cbaa905ecb4364ce0a9cebc355241abe100acf789354fa2d0c75f8145ae07c7621c4d0eef87a19d1a4187c41cccaee1f46f9f5512316e537e7053cd3b64538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c3510b8248de0bf8d1a231b9e7e11530

SHA1
ca10ae421621e1748dc07fb4310bdc866f65b454

SHA256
d7f8ce19d777804d88c0101b2fe1fa0e24ddf7f86d57289e30ad3451f599d5cd

SHA512
a73f27bc3ce03deeb2b2c1564de38c796698d7c8dcf146e828d6a9ad5b5eb7939ead382427c12e1d717d7b9a4ee78270fabdc1a32b31827f4611c7a1350bc774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fa5579628b3436cec8f0b4277da5534d

SHA1
2cd3e75d164278c0a6f7d9c45c344eaeff2eed23

SHA256
b4b9667eaef7bcd49ff02fd330e3ea8348d314bd8ae996de6ac56323ecef4f29

SHA512
fae6cd77d00bcd1d677b80fa372d0fdbc63eb9d2bdf5f78bdf2708b2233515ec54ad920fc887defe8775087b0ff6a149c0b30513bd9e40c021d51b3a14239de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1c981c359bf951bea4caa9bf71913e6d

SHA1
d11b799808cd32be93eb740483d869c7171ee745

SHA256
12ce8a886f87a834909ecb9e6ecde2904c6c20310018f82103ab0c20231999fb

SHA512
c43b1d8d99d319a228b30ecc04536c9672fc58f4090ebbb4cdecfbfa41e4d3fd7537668aa3d143e0d8ca02ed828c79de0cebd91e9dfd3c7be874d62f5b3367b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
d166395077e8b586fe279e72fb60bfba

SHA1
7303c6a1272fc15d970af8d5f9c0480d4debedc7

SHA256
1883ca8ed22023d8169f10813396ee1c8786145034deca15cb7f9b88a99550a5

SHA512
01ba3d0d6480385acd0fb76398069f7154aac6f4872770c569e1079b79cbba38f818201c3ea09c3004d83ecaff21badc8920a3946b2cca0af89e445836bdcdb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit