hxxps://62777ab2890[.]pages[.]dev/?309b4092200cdd66bf8b39f0f3b1a6a2lr0seuuj=U2FsdGVkX1%2FA7vAasds05%2F5%2F8Lh7pWDSPDb%2BFrowzK8ecIWHAZgDDhA0iSHM1Dw3HHNgssuEtY7HcXHrn5%2Bxw9JnyPPDTTazz%2FLjFtpbl6a6zDkQJolzaP1asqSs1xRi3egTG6Jcjg1GKks3tgpGEyYS%2Fhn0zSW8FKdPVaKtuvpmTKQ1i%2Fbd%2BpGDLYFvknjpD6Xts9JopveY9jvDVUSWjHGnzsZ3JU9THQkEZPrGHi7LhszVXAgMAoLFhNK%2FgFTwuBIG7QHdP2MLIIheHXWgLh9%2BBTZeb5LnHhJSRvVYxWCjJ2JcjVdyxGG1CvbXkTNNhOqkwS3mLxA9tfg7fofbNQdcmVAMSB8wXSnjrOHdYeGrsD1mqZEzacqpAevZsUeLoH0XrBvzz9nFJ8WAiVbheGOq01j%2BYnR2%2BAul96%2FrxH46cTNwdsuY3pUBwSD4ZS2xJvDRkCRF%2BlLXbmkDBgdju0q6m3RMYfFrdkaveKKDJmoJxkB6l26uzgOaHUQhyit6xGhQ9PyfK3LDKrZcD%2F%2BhQs%2B1mCYM%2F8mH5OYSTBolUlMDb7TfR%2F4fnZGD913Jq%2BU0CWXTvixBipzieDuFQOug5FJjB%2FIiULyEXezzFgsOpB1xV2RFZK65o%2FpdbxQ9in3Lfr5QK%2Fiy6XKIuskR6II7v1zEicYdIuB0p3i2V2WXcHWnt5LzvK3nhpkSRyLVWTkrpYXj849vRbBzaYWnBjlBqCQ2tj8YfIk4xPazS%2FEtrhGj129IP6kryY0C%2Bq8xPMyMp9UV8eRdqKn7Z69OLbQByr5S9ulJ%2FYOBf3VWVk5GjUOSelXzesT4EnR3zaCiMvWHdqFUss6XJ1gtucGVQxGukpBwQjcdMPK8SLx9uqfljhSjhMU1kxDRF%2FEUHzB3KV56wYSMLcInoGp2S6XFdi%2FfdCuFfDqFruEqIE0B1M%2Fy3M39U6Cm8fYYN642eYG6q4EyHR5j%2FqWAionJ8uabR%2BBjIsdBJJyWnsmSLV23L%2B3L19TWsJQvJvJqEhQY5gTiNomCPpiFdJJxQaPvFSedewLcl1R6Ges1wx0AF2nrTZ4yjsNHqK9U6pTrcHVH086CXbWTmF3Y9lXdB1KZTm2ADPFo3aTtC6cY03E3odxINyY%2FpvDhcJ9a31Sf%2F4H%2Ba8JZAJ9FUYM9HxOwNcSU9k6ZMarrr%2FHckVk0GfaeFLgEomb%2B7xT%2F5TshPuv2lBoIPiK5%2F21NfWlnirivRndEQ2FAUnCioDnGZjy2AaJU4EFK65%2Fiyvg%2FghC2YL7lTwI5yK7Thp54B37A864dmT2VjvZf0hLxNvoyVkDZTwf8v3DILf2lQLq80ihdKVklGcUKglKwCLGhw14eRQNWDROfBNf%2BkBYUhDcV62%2B56UpL0lpdSYymzbQBN0RFnPrQFw6Ay74FhZNh3Tr%2BdlQX0ufHcWJmM1w3Mv6dApW8rz5XkcFqjrXA5%2F1QwXQl1rzNeG1BnntOlaBueDiSCsWT%2F8NLYuHh7F1ry97rEmFiB%2B%2BrIIqeTgZoinnPbqvy%2BIPGN%2BIMNy%2FtSIQZ%2FPQl7KlxTd75kVL%2BzDhkJmqtLVCY7HHzel9TfcDCyLPaO7uQQ9xI4ZPqHgUEz8NJY7rZ%2BLAEt5sahQKxeYoIlA%3D%3D

Analysis

max time kernel
147s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 20:38

Sharing

Behavioral task

behavioral1

Sample

https://62777ab2890.pages.dev/?309b4092200cdd66bf8b39f0f3b1a6a2lr0seuuj=U2FsdGVkX1%2FA7vAasds05%2F5%2F8Lh7pWDSPDb%2BFrowzK8ecIWHAZgDDhA0iSHM1Dw3HHNgssuEtY7HcXHrn5%2Bxw9JnyPPDTTazz%2FLjFtpbl6a6zDkQJolzaP1asqSs1xRi3egTG6Jcjg1GKks3tgpGEyYS%2Fhn0zSW8FKdPVaKtuvpmTKQ1i%2Fbd%2BpGDLYFvknjpD6Xts9JopveY9jvDVUSWjHGnzsZ3JU9THQkEZPrGHi7LhszVXAgMAoLFhNK%2FgFTwuBIG7QHdP2MLIIheHXWgLh9%2BBTZeb5LnHhJSRvVYxWCjJ2JcjVdyxGG1CvbXkTNNhOqkwS3mLxA9tfg7fofbNQdcmVAMSB8wXSnjrOHdYeGrsD1mqZEzacqpAevZsUeLoH0XrBvzz9nFJ8WAiVbheGOq01j%2BYnR2%2BAul96%2FrxH46cTNwdsuY3pUBwSD4ZS2xJvDRkCRF%2BlLXbmkDBgdju0q6m3RMYfFrdkaveKKDJmoJxkB6l26uzgOaHUQhyit6xGhQ9PyfK3LDKrZcD%2F%2BhQs%2B1mCYM%2F8mH5OYSTBolUlMDb7TfR%2F4fnZGD913Jq%2BU0CWXTvixBipzieDuFQOug5FJjB%2FIiULyEXezzFgsOpB1xV2RFZK65o%2FpdbxQ9in3Lfr5QK%2Fiy6XKIuskR6II7v1zEicYdIuB0p3i2V2WXcHWnt5LzvK3nhpkSRyLVWTkrpYXj849vRbBzaYWnBjlBqCQ2tj8YfIk4xPazS%2FEtrhGj129IP6kryY0C%2Bq8xPMyMp9UV8eRdqKn7Z69OLbQByr5S9ulJ%2FYOBf3VWVk5GjUOSelXzesT4EnR3zaCiMvWHdqFUss6XJ1gtucGVQxGukpBwQjcdMPK8SLx9uqfljhSjhMU1kxDRF%2FEUHzB3KV56wYSMLcInoGp2S6XFdi%2FfdCuFfDqFruEqIE0B1M%2Fy3M39U6Cm8fYYN642eYG6q4EyHR5j%2FqWAionJ8uabR%2BBjIsdBJJyWnsmSLV23L%2B3L19TWsJQvJvJqEhQY5gTiNomCPpiFdJJxQaPvFSedewLcl1R6Ges1wx0AF2nrTZ4yjsNHqK9U6pTrcHVH086CXbWTmF3Y9lXdB1KZTm2ADPFo3aTtC6cY03E3odxINyY%2FpvDhcJ9a31Sf%2F4H%2Ba8JZAJ9FUYM9HxOwNcSU9k6ZMarrr%2FHckVk0GfaeFLgEomb%2B7xT%2F5TshPuv2lBoIPiK5%2F21NfWlnirivRndEQ2FAUnCioDnGZjy2AaJU4EFK65%2Fiyvg%2FghC2YL7lTwI5yK7Thp54B37A864dmT2VjvZf0hLxNvoyVkDZTwf8v3DILf2lQLq80ihdKVklGcUKglKwCLGhw14eRQNWDROfBNf%2BkBYUhDcV62%2B56UpL0lpdSYymzbQBN0RFnPrQFw6Ay74FhZNh3Tr%2BdlQX0ufHcWJmM1w3Mv6dApW8rz5XkcFqjrXA5%2F1QwXQl1rzNeG1BnntOlaBueDiSCsWT%2F8NLYuHh7F1ry97rEmFiB%2B%2BrIIqeTgZoinnPbqvy%2BIPGN%2BIMNy%2FtSIQZ%2FPQl7KlxTd75kVL%2BzDhkJmqtLVCY7HHzel9TfcDCyLPaO7uQQ9xI4ZPqHgUEz8NJY7rZ%2BLAEt5sahQKxeYoIlA%3D%3D

Resource

win7-20231215-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Resource

win10v2004-20231215-en

windows10-2004-x64

9 signatures

150 seconds

Report Analysis Logs

General

Target

https://62777ab2890.pages.dev/?309b4092200cdd66bf8b39f0f3b1a6a2lr0seuuj=U2FsdGVkX1%2FA7vAasds05%2F5%2F8Lh7pWDSPDb%2BFrowzK8ecIWHAZgDDhA0iSHM1Dw3HHNgssuEtY7HcXHrn5%2Bxw9JnyPPDTTazz%2FLjFtpbl6a6zDkQJolzaP1asqSs1xRi3egTG6Jcjg1GKks3tgpGEyYS%2Fhn0zSW8FKdPVaKtuvpmTKQ1i%2Fbd%2BpGDLYFvknjpD6Xts9JopveY9jvDVUSWjHGnzsZ3JU9THQkEZPrGHi7LhszVXAgMAoLFhNK%2FgFTwuBIG7QHdP2MLIIheHXWgLh9%2BBTZeb5LnHhJSRvVYxWCjJ2JcjVdyxGG1CvbXkTNNhOqkwS3mLxA9tfg7fofbNQdcmVAMSB8wXSnjrOHdYeGrsD1mqZEzacqpAevZsUeLoH0XrBvzz9nFJ8WAiVbheGOq01j%2BYnR2%2BAul96%2FrxH46cTNwdsuY3pUBwSD4ZS2xJvDRkCRF%2BlLXbmkDBgdju0q6m3RMYfFrdkaveKKDJmoJxkB6l26uzgOaHUQhyit6xGhQ9PyfK3LDKrZcD%2F%2BhQs%2B1mCYM%2F8mH5OYSTBolUlMDb7TfR%2F4fnZGD913Jq%2BU0CWXTvixBipzieDuFQOug5FJjB%2FIiULyEXezzFgsOpB1xV2RFZK65o%2FpdbxQ9in3Lfr5QK%2Fiy6XKIuskR6II7v1zEicYdIuB0p3i2V2WXcHWnt5LzvK3nhpkSRyLVWTkrpYXj849vRbBzaYWnBjlBqCQ2tj8YfIk4xPazS%2FEtrhGj129IP6kryY0C%2Bq8xPMyMp9UV8eRdqKn7Z69OLbQByr5S9ulJ%2FYOBf3VWVk5GjUOSelXzesT4EnR3zaCiMvWHdqFUss6XJ1gtucGVQxGukpBwQjcdMPK8SLx9uqfljhSjhMU1kxDRF%2FEUHzB3KV56wYSMLcInoGp2S6XFdi%2FfdCuFfDqFruEqIE0B1M%2Fy3M39U6Cm8fYYN642eYG6q4EyHR5j%2FqWAionJ8uabR%2BBjIsdBJJyWnsmSLV23L%2B3L19TWsJQvJvJqEhQY5gTiNomCPpiFdJJxQaPvFSedewLcl1R6Ges1wx0AF2nrTZ4yjsNHqK9U6pTrcHVH086CXbWTmF3Y9lXdB1KZTm2ADPFo3aTtC6cY03E3odxINyY%2FpvDhcJ9a31Sf%2F4H%2Ba8JZAJ9FUYM9HxOwNcSU9k6ZMarrr%2FHckVk0GfaeFLgEomb%2B7xT%2F5TshPuv2lBoIPiK5%2F21NfWlnirivRndEQ2FAUnCioDnGZjy2AaJU4EFK65%2Fiyvg%2FghC2YL7lTwI5yK7Thp54B37A864dmT2VjvZf0hLxNvoyVkDZTwf8v3DILf2lQLq80ihdKVklGcUKglKwCLGhw14eRQNWDROfBNf%2BkBYUhDcV62%2B56UpL0lpdSYymzbQBN0RFnPrQFw6Ay74FhZNh3Tr%2BdlQX0ufHcWJmM1w3Mv6dApW8rz5XkcFqjrXA5%2F1QwXQl1rzNeG1BnntOlaBueDiSCsWT%2F8NLYuHh7F1ry97rEmFiB%2B%2BrIIqeTgZoinnPbqvy%2BIPGN%2BIMNy%2FtSIQZ%2FPQl7KlxTd75kVL%2BzDhkJmqtLVCY7HHzel9TfcDCyLPaO7uQQ9xI4ZPqHgUEz8NJY7rZ%2BLAEt5sahQKxeYoIlA%3D%3D

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

75 ipapi.co
76 ipapi.co

flow	ioc
75	ipapi.co
76	ipapi.co

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133489607387796366"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1900 chrome.exe
1900 chrome.exe
860 chrome.exe
860 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

1900 chrome.exe
1900 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeCreatePagefilePrivilege	1900	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1900 wrote to memory of 3428	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 3428	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 4764	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 2056	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 2056	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe
PID 1900 wrote to memory of 1072	1900	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffe37019758,0x7ffe37019768,0x7ffe37019778
1⤵
PID:3428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://62777ab2890.pages.dev/?309b4092200cdd66bf8b39f0f3b1a6a2lr0seuuj=U2FsdGVkX1%2FA7vAasds05%2F5%2F8Lh7pWDSPDb%2BFrowzK8ecIWHAZgDDhA0iSHM1Dw3HHNgssuEtY7HcXHrn5%2Bxw9JnyPPDTTazz%2FLjFtpbl6a6zDkQJolzaP1asqSs1xRi3egTG6Jcjg1GKks3tgpGEyYS%2Fhn0zSW8FKdPVaKtuvpmTKQ1i%2Fbd%2BpGDLYFvknjpD6Xts9JopveY9jvDVUSWjHGnzsZ3JU9THQkEZPrGHi7LhszVXAgMAoLFhNK%2FgFTwuBIG7QHdP2MLIIheHXWgLh9%2BBTZeb5LnHhJSRvVYxWCjJ2JcjVdyxGG1CvbXkTNNhOqkwS3mLxA9tfg7fofbNQdcmVAMSB8wXSnjrOHdYeGrsD1mqZEzacqpAevZsUeLoH0XrBvzz9nFJ8WAiVbheGOq01j%2BYnR2%2BAul96%2FrxH46cTNwdsuY3pUBwSD4ZS2xJvDRkCRF%2BlLXbmkDBgdju0q6m3RMYfFrdkaveKKDJmoJxkB6l26uzgOaHUQhyit6xGhQ9PyfK3LDKrZcD%2F%2BhQs%2B1mCYM%2F8mH5OYSTBolUlMDb7TfR%2F4fnZGD913Jq%2BU0CWXTvixBipzieDuFQOug5FJjB%2FIiULyEXezzFgsOpB1xV2RFZK65o%2FpdbxQ9in3Lfr5QK%2Fiy6XKIuskR6II7v1zEicYdIuB0p3i2V2WXcHWnt5LzvK3nhpkSRyLVWTkrpYXj849vRbBzaYWnBjlBqCQ2tj8YfIk4xPazS%2FEtrhGj129IP6kryY0C%2Bq8xPMyMp9UV8eRdqKn7Z69OLbQByr5S9ulJ%2FYOBf3VWVk5GjUOSelXzesT4EnR3zaCiMvWHdqFUss6XJ1gtucGVQxGukpBwQjcdMPK8SLx9uqfljhSjhMU1kxDRF%2FEUHzB3KV56wYSMLcInoGp2S6XFdi%2FfdCuFfDqFruEqIE0B1M%2Fy3M39U6Cm8fYYN642eYG6q4EyHR5j%2FqWAionJ8uabR%2BBjIsdBJJyWnsmSLV23L%2B3L19TWsJQvJvJqEhQY5gTiNomCPpiFdJJxQaPvFSedewLcl1R6Ges1wx0AF2nrTZ4yjsNHqK9U6pTrcHVH086CXbWTmF3Y9lXdB1KZTm2ADPFo3aTtC6cY03E3odxINyY%2FpvDhcJ9a31Sf%2F4H%2Ba8JZAJ9FUYM9HxOwNcSU9k6ZMarrr%2FHckVk0GfaeFLgEomb%2B7xT%2F5TshPuv2lBoIPiK5%2F21NfWlnirivRndEQ2FAUnCioDnGZjy2AaJU4EFK65%2Fiyvg%2FghC2YL7lTwI5yK7Thp54B37A864dmT2VjvZf0hLxNvoyVkDZTwf8v3DILf2lQLq80ihdKVklGcUKglKwCLGhw14eRQNWDROfBNf%2BkBYUhDcV62%2B56UpL0lpdSYymzbQBN0RFnPrQFw6Ay74FhZNh3Tr%2BdlQX0ufHcWJmM1w3Mv6dApW8rz5XkcFqjrXA5%2F1QwXQl1rzNeG1BnntOlaBueDiSCsWT%2F8NLYuHh7F1ry97rEmFiB%2B%2BrIIqeTgZoinnPbqvy%2BIPGN%2BIMNy%2FtSIQZ%2FPQl7KlxTd75kVL%2BzDhkJmqtLVCY7HHzel9TfcDCyLPaO7uQQ9xI4ZPqHgUEz8NJY7rZ%2BLAEt5sahQKxeYoIlA%3D%3D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1860,i,4866661358291042229,16068170705243748931,131072 /prefetch:8
2⤵
PID:1072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1860,i,4866661358291042229,16068170705243748931,131072 /prefetch:1
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1860,i,4866661358291042229,16068170705243748931,131072 /prefetch:1
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1860,i,4866661358291042229,16068170705243748931,131072 /prefetch:8
2⤵
PID:2056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1860,i,4866661358291042229,16068170705243748931,131072 /prefetch:2
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1860,i,4866661358291042229,16068170705243748931,131072 /prefetch:8
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1860,i,4866661358291042229,16068170705243748931,131072 /prefetch:8
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1860,i,4866661358291042229,16068170705243748931,131072 /prefetch:8
2⤵
PID:1680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1860,i,4866661358291042229,16068170705243748931,131072 /prefetch:8
2⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 --field-trial-handle=1860,i,4866661358291042229,16068170705243748931,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:860

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4300

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
76df5c84180ae89c5c025e939c2b9b69

SHA1
c3e3156af7c139518bfb61371f9edd957ffd8d31

SHA256
5ff8673ce6b695383978aa5608f3562893e80483448ef30b87312f8b1c0a3042

SHA512
244ad0f2480f98fb01684e13bd69f8f1ba9f251e3fd9594497cf4635fd4457388d9e4c8f28225c377c8655d7171913c7f7cb7f26454c45221213b0252d3bfddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
08b3b0b3db557d253b5c946e7e44803b

SHA1
2efd4bad9e50a768ef1d79924bed27bc9182bc69

SHA256
c66594307007a3ff4648264ae4c3bcf35d04da0d9d7bc2ef053c481a4b11e45a

SHA512
a2c0fb649e3a95115008ce566f5d4b622adc5943e7fa496387462e679b208398d61c10e4fcfc1c45427560f9119dea216357512262fd44d67ee3e492b3b53acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a1fe48cf6699291e14ea35263e45f58d

SHA1
12a4c273a8cd0af25093ba958443d614f278473d

SHA256
602e5e1083dfb16ebdd9d9dfdc708a2808e6e45b59a975a852353a05c46298f8

SHA512
9fa79aa9919a4ba6a515d9140ad4cf2e525a81f0b5af15c9fd21489864d32c98272ed5afaad8b57eb1309b0df3d266cd9d5033a4d0c3ab792fec1cacb3d48e5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0045d974cc9b1ce69250f1b8d61d4613

SHA1
23f4d62ade80f104ea5751e2c53a49275f86f56e

SHA256
d49d5947e4d2acef07749364639195806d865e57952dc67246b8753abf30c9f9

SHA512
70075688faf64e5520f73b9b4666efc3045441a02c350e533f5fcf240787b4a4244d86ffe341549d204a41f40a8c6f1e616b9cb16ee242b4ffa8d1bad5e1b1f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b8dc051a00e8b4b5f1a4d4f30531fc89

SHA1
5ea47da8d797c5450c01e3270e010787003645dd

SHA256
c9eb80b50b720fdd04a724d66ef16861a6f6f0fb182e1a4bc2b96b54de9bbbb4

SHA512
ae93338f902051b41e7ee7d9f9ff2c26fb776240ee403a7bfc44fa94f95d2ef358ecee09d5406ecbf95926f56cd7e56940eb786ca0096d917cded7943eaa7ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
aa4d898b3dce197edf91708615c53553

SHA1
66278169396a012578c18ae9a3fa41d56dd40351

SHA256
9a9837d0a140a6d0c475815778df1f1707042b443e9bc92d8d0288d51fae954f

SHA512
b50ffc33c5ba76e22a5df56189ff31cb7b1ffd2905bc7812279a3daedb207c52d950f9935b2e858f87f7dcdec05f3153e3af34fcd1a0aad96cb4cdda15240b39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
d17cd3a02ea82e858da479f02cb1e75c

SHA1
b4c880011a2bf8ba68ff2453ea59e64d765af6c1

SHA256
cbba4adaa6e4730bb7dfa20a3757ce9048358a596e58e5f1d586da50573eb45f

SHA512
c95cd6396e44d64c37b5bdcb0488311df4d17e285b78eec02c35852916e4f25349738978e3d1cdeb8e575d93fd84528341b5179815b812d1e6e59a40713389d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57cc87.TMP
Filesize
97KB

MD5
8060a7bd237cf619ce51b330a833ef17

SHA1
ce947d76107323d474a1ebb0c96f47c178c5a55d

SHA256
9f0ec02af83290301a5fb07b435af9ceda59acae851c3d92c4746c27929f2d9f

SHA512
e48eeb75166386035eafa7a3db8ffc8d74acca091d3cf67def3314aa6c92f8fd102f284f84c366906ffdf0fc259afe094c1eab23621d9a4f1153fe9df763c161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1900_CYWPBWCOWFXLMSDW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit