hxxps://dev-nosequeseaperobien[.]pantheonsite[.]io/

Resubmissions

03/01/2024, 19:08

240103-xtkaxsghhn 1

03/01/2024, 18:41

240103-xbzb5aghdk 10

03/01/2024, 18:37

240103-w9ws8aghcp 10

Analysis

max time kernel
162s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dev-nosequeseaperobien.pantheonsite.io/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133487807185508679"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
2612	chrome.exe
2612	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 2452	4416	chrome.exe	90
PID 4416 wrote to memory of 2452	4416	chrome.exe	90
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3632	4416	chrome.exe	93
PID 4416 wrote to memory of 3684	4416	chrome.exe	94
PID 4416 wrote to memory of 3684	4416	chrome.exe	94
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95
PID 4416 wrote to memory of 4808	4416	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dev-nosequeseaperobien.pantheonsite.io/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf7749758,0x7ffbf7749768,0x7ffbf7749778
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1880,i,10008180819947634946,3119579221199754855,131072 /prefetch:2
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1880,i,10008180819947634946,3119579221199754855,131072 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1880,i,10008180819947634946,3119579221199754855,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1880,i,10008180819947634946,3119579221199754855,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3240 --field-trial-handle=1880,i,10008180819947634946,3119579221199754855,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 --field-trial-handle=1880,i,10008180819947634946,3119579221199754855,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1880,i,10008180819947634946,3119579221199754855,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5300 --field-trial-handle=1880,i,10008180819947634946,3119579221199754855,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2612

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
0635dce7213d9ad265bc69094321ffa8

SHA1
a3d8170dd79ae70f68e4cd3279fcce251f0e3216

SHA256
a67b7d0afd3c5122c97255ec74556ebf8fc20ec204add5ece9db2783ea5fbdba

SHA512
d64f760040c0217340b16c130b8da089e63cae16532f09fd239dd611ce8f1a946e256f82d3bd01dd5733b0503dd217d084879cf0e95eb73df5d3abf35cafb13f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
17eeddf646d212d74119c99fc406333c

SHA1
fd4abb1f5f6eff81ae3f5168a60bf2de6034555a

SHA256
b4b5e8ceaa18c67f9abce230ced6aa5407e8fab7738e756ac0a205be08aefb1d

SHA512
b6f797faf687b3875e27436004d5243b02513c6a2cd99b860248202d7df3112ac027f41e4eac1507f3222164bc8f7fc2d41fdaff42ef5940d1fb4e183bc667de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
212aaf0e849b76c5bff5f17eb97ac424

SHA1
2231281479cdd21a2aaf56c40ab2fc04c6f02663

SHA256
9309093107ed36a4bde9a85531c21e910f4d08e7907431d2fa0975552d0578e2

SHA512
b46467ac4624c2c622d632d45771085ac6148e8edb3d888787d6d97e2ad0992a03612c1811f94b44fcb0d5350a48be57ff410a2dbbcfe51affdccd66f45bab4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
3d83ec02ab59bcf5eaaf3d72b59111d9

SHA1
eb6144d6485ebce67fe2fef817ab14eabe6cf813

SHA256
d99cf592d738e2f2c4ae7d681ab640d155d752d31d713ce4f16156feadbf5841

SHA512
c11fb68d9affc367aae1e943fc68019b15e2eabc4d742506d153221c272d4034d20ef94729e0f3f13972086b903e722dea6f96ed5878557bb690b59a2931ac46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b6d811e3174e980b48ff36bf40df762f

SHA1
cd31e4ba240c69a7c6034643f0dcc4dd789ba170

SHA256
d014f4d309baef00a1326c6ca190fb5bdb620d9248b8727edf36a37e9a4a5c92

SHA512
d52274f78c84fee2bfe17bf2fc769fb70db9c8c597af50241f0c271c0ebfa6dbde8753eeb8177a0a7db31268fd0dcbe486739ba5039d3c1d31e3c1c26a8c71d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cd86650ba042cde5baca3a6332a52220

SHA1
1aeaf935da408435a64224067e94841d852a89d9

SHA256
814260a3fecb5dabd9f3fdc303d5c3c08758e58b8e28425bc64ba6a8f8b12630

SHA512
c903206e1a5229d08a55c05404957a64ea96d0a0b88f731b9c8e71d1bb47e8b81474c19e6cde9d41d1fb5f643a888cede811f03a165a6736a75859b23723ca9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8f840001c987609fe8ce44423ab2617d

SHA1
586360e5762851e7701207dc633ff5e20764aae7

SHA256
215c1e1ba01475d0ceb2e15aa4b9877a3565343595ad6eac4e8db4b43f6f2279

SHA512
dc49f7ee093f0c38a049aeea9657ba89aec872434c27514d23f47bc519cf17ed4a0521bd059effd44e6d337d5d5893873951f8c2b16b62bc8d2621e6c5aae7ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
c6af2583302a6a064db9b9bc973ab62b

SHA1
e376b609e896ec0d5489ff20f97371eda54bcbab

SHA256
ede132ce0b2bb8b2ba339064ede1beb443f5e48349d250d1095b0c9a5093b60e

SHA512
42712a71cba331171ba0dda6cd3cbf9279e3f850d211ca7b562eff719909c22c31ede8dd31de1ee603b1b690f5ea9c791b083a969d1d7e0a2bc4243b91567ade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit