hxxp://up[.]autodesk[.]com

Analysis

max time kernel
99s
max time network
128s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
04-01-2024 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://up.autodesk.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133488424114089079"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3648	chrome.exe
3648	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3648 wrote to memory of 96	3648	chrome.exe	72
PID 3648 wrote to memory of 96	3648	chrome.exe	72
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3616	3648	chrome.exe	76
PID 3648 wrote to memory of 3660	3648	chrome.exe	75
PID 3648 wrote to memory of 3660	3648	chrome.exe	75
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74
PID 3648 wrote to memory of 3652	3648	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://up.autodesk.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9bbcd9758,0x7ff9bbcd9768,0x7ff9bbcd9778
  2⤵
  PID:96
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1928,i,9911730440591605884,924429511867568437,131072 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1768 --field-trial-handle=1928,i,9911730440591605884,924429511867568437,131072 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1928,i,9911730440591605884,924429511867568437,131072 /prefetch:2
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2724 --field-trial-handle=1928,i,9911730440591605884,924429511867568437,131072 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2716 --field-trial-handle=1928,i,9911730440591605884,924429511867568437,131072 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3892 --field-trial-handle=1928,i,9911730440591605884,924429511867568437,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1928,i,9911730440591605884,924429511867568437,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1928,i,9911730440591605884,924429511867568437,131072 /prefetch:8
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 --field-trial-handle=1928,i,9911730440591605884,924429511867568437,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=1928,i,9911730440591605884,924429511867568437,131072 /prefetch:8
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3132 --field-trial-handle=1928,i,9911730440591605884,924429511867568437,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3740 --field-trial-handle=1928,i,9911730440591605884,924429511867568437,131072 /prefetch:1
  2⤵
  PID:2708

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
93a8082dfadaa119ffbadaf022e816a1

SHA1
f6c56be37cc31f4e228c9ee20d6762bd49713914

SHA256
180418345197f7f90d705452d918ad74ce2a916953ae78c6136d07c661ef0c37

SHA512
2231467f7e47d604a004fac94979daced0005bfbe54db9e8bfa7e993a0cee69f3e6c49299de5087af0c1e02e83c4d17cd797482f4efe9d5efed9f7b243e74910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5d822527c351ccfa0c3034fc9922bc68

SHA1
65da953de6e4ea6a1dcbd5fe48bfae37277386c2

SHA256
cdea95230fd46ea9906f848c0f3e5b60dafdc132c785f9ce82a09021be05ed8b

SHA512
ff15f1f39224be723af6add236f22d8aca5f71185e7b2187d36a823551d514735abf6c44b633cb2999ddc4dd34d62efbb379d278c1c6933ffd37255c6c0c52f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
493da9377618568505b5b35e8d812f50

SHA1
fea38eb6f52320b18e3ed45e816ce631eed41125

SHA256
68599a1abe628ee46cc34b593afed0567944bd0b014692b1e30a02c152da50ce

SHA512
252ba6d22096c60508868bd2fedd33e69825752aa979f4a35b9edf0a7fd3842caf14f2ffe63b99afa35776330d8d6b8a611b3594c2a17c4cf59b45f2fa831e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
25192ca0c8feaf2d75e9facc8116efdc

SHA1
420cdb80c1dc3311109ef1c63ad79759d92d5d64

SHA256
892b9c240d6699b0d9cf639905536959d659e24b823ebdd12422ce6082ab51ee

SHA512
efd649ec930ed66a8c9db9553ff66f223572e16787d946ab79678dc4406dc8225b179cb878c8c3de82eeeea2c3e9bfac571481c89994372f0d7017bc025cd9ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
27e75142f3c20a8e94e353913cfaea8d

SHA1
e01b543d6017cfe6b674b99c351edf84528e3db7

SHA256
ba4bb4ad8a8cd130e799e95e14f670f6cd1bd2c921fdb43a3e2c8c99babeb1da

SHA512
91500a79a5f338e57db89255d157c077da1a1f3a0f32c79fe10d83e26567ea6c97bbebc68250f014cb916506e18776589308b9cf4c05e1558c40e1b09a5e0bba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
00873cb471fb27b759392066b486a59e

SHA1
02ef7baefd462c80793a752c25667b6e662e1dbf

SHA256
d5b43577316445d154e9871ef27829d5f524cef34f876e0f5ab6e6fb64d0b532

SHA512
f4fcc9ba8b9a0741d3ca18daeb4225c6024bc058299314d0ff628fe722dbaffc6e2bfbdc205d08add6edd2e6908acdda6223c5ab088b52803c4d806ba5d4d7fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58bddc.TMP

Filesize
93KB

MD5
af7a7465485868b701a57d14780fe602

SHA1
acaeefbc8e9b3fc43a3620e7be0bae89a215ee81

SHA256
f964908bf2ca9799ee20b46440c494cb5e7c7c4f0ae562d7f04c3487e08270b3

SHA512
ee3f38b9f971daa19a7aa1149caf9b4d36e0de123f3a3d67cb16731a02db437de6f8042bf7acdfe2bde3d8ade287ececc1058f5bd562acecff2fdfe2c8ffa9fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit