hxxp://trueventus[.]com

Resubmissions

04/01/2024, 07:11

240104-hzzkgaddg5 1

04/01/2024, 06:50

240104-hl942safbq 1

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://trueventus.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133488247097472797"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5100	chrome.exe
5100	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe
Token: SeShutdownPrivilege	5100	chrome.exe
Token: SeCreatePagefilePrivilege	5100	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe
5100	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 4692	5100	chrome.exe	14
PID 5100 wrote to memory of 4692	5100	chrome.exe	14
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4640	5100	chrome.exe	31
PID 5100 wrote to memory of 4372	5100	chrome.exe	29
PID 5100 wrote to memory of 4372	5100	chrome.exe	29
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24
PID 5100 wrote to memory of 5056	5100	chrome.exe	24

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7e109758,0x7ffb7e109768,0x7ffb7e109778
1⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://trueventus.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1832,i,4831040884051670554,179672944447884379,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1832,i,4831040884051670554,179672944447884379,131072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1832,i,4831040884051670554,179672944447884379,131072 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1832,i,4831040884051670554,179672944447884379,131072 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1832,i,4831040884051670554,179672944447884379,131072 /prefetch:2
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 --field-trial-handle=1832,i,4831040884051670554,179672944447884379,131072 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3944 --field-trial-handle=1832,i,4831040884051670554,179672944447884379,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1832,i,4831040884051670554,179672944447884379,131072 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2356 --field-trial-handle=1832,i,4831040884051670554,179672944447884379,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
a6cae7f68f725c1249cee56fff3691b9

SHA1
4c095abcc6f12895338d16a6fd3d1589f47f978a

SHA256
59e088f296051f0c85b7172cc473835351209ae7230a9db386d0a47b9550adff

SHA512
a1e571af437cf9b21b909eb6d25947780f1c2aeaa9834f14e5cb9d7e0604f7bde8a43497a63ad1065ea47cc297b3d40b78f51a277144fb2f538423645bec9675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e9f2284f985c323993047fc27827179e

SHA1
d2f0f43248b0e950c59ea8c2a324df82608f77bb

SHA256
efe843fc304660401ec595ecbd9b6f6500e57fffabaea20b85a9f30e52364c60

SHA512
b6e0eab4a3e15a2e1cd68ba930e4f364e7b863be7bd2fb364627f964ea7cd74edc077f52b9765dc1bcc7bb04061a242e1151456589d8d2683e8f637a92a318d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6cd9569457141577a492b8037ca0635d

SHA1
ad22e3b68fb639e1fb86aca688812434fa50d77e

SHA256
cf3bf74f2911ecb1e992076596156f9f00b498d5045eb114555a48c0cb785c1a

SHA512
7aad7f8c5b8d459474bd2c48a13105e894db48e56b2650231b9c8cfa94140b9435fa1840ba2a9c71ccb7095bb297c2877939dc9ba735e1d3bf135ba03b915740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
31e7a9f306f5d586b425ba176d7dbd40

SHA1
783b78f62a7f22e6cb8ad55d3d4b6e3743ce3ce3

SHA256
60ba41685d91a46d409926277913fc3d44425b748e54101efa633b442d889aeb

SHA512
2e0f96dafc05e1544e7ac4bcfdde90d4ce7e45cf3dddcdde45463e77a3deb69e99318cf559ea92c27ead31b4902c8495bc963ae657417f5d7a5a2520bb7ee77b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
4b68130f1125386122dd3dcfbed8a4fc

SHA1
889f147fa5d8fb74e8e6a3610e0bfd22c9ca4a04

SHA256
ab5c116f35b155d27343f70a83a9c543fdc1aa037c6481084f82638e490b913e

SHA512
47d06096147e4e97429ae4f87ae4abd96d67152cc6b8dc9c17ea9d5bd016547517c8706932983627e3654eed48b5f8c4cd5e1ff406c71c489f83f8d2071ae40f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
c4b08689f07ea380acf417f4ed97bc4d

SHA1
96197d5973311be229c73913e63f2c6a691ae08b

SHA256
a82bab6b17906c9ba49b1f43d4163fbf1009d31a0122d38f116b708ff2b272c9

SHA512
4849cff38d1febaf45e6f859994497cf21b8cf154738458b4b524aaf90fd0e9150f26ee7b2e89d3d74a7e8eb0a6c4285ca3e84572a45d55fa7a8a7e4f6e4e908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
99429978ed56d70f2eb66a5d955343d8

SHA1
4c4b19c8d3963b84eb127bfc0e92bd2854c129b6

SHA256
5bee249836a76f24cae4706ce17fa321d4b300ce1bed3ae89715f4ab46339f1f

SHA512
e108302dbce5e53afed398233335d2f446eeca86f4162419ae282f90d48ad6ea51738eb3e207056c91cd9c578bed2dbbe545be10ef84d36dfc6d65721cf13d57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
13a76d541aca1424ac1ed53961415487

SHA1
7bbd94c9c61fbb590bd54e97e2f9886bb0bf4f2b

SHA256
4ee52a347064d1b121a2cad2bdd91945d3b1a274b31886fdd9754cfc300ec7b6

SHA512
cab469f9d4eb8a1553d5145e03c19649f0f067f35694603a0e6181e2e180c887d15866a712812b19b718dc9356c7e98407f11ed11e9f1df699282b4f329ac3bc

Download Submit