hxxps://www[.]ipg-online[.]com/connect/images/reseller/fab[.]png

Analysis

max time kernel
314s
max time network
276s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2024 11:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.ipg-online.com/connect/images/reseller/fab.png

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133491874317499437"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
456	chrome.exe
456	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
456	chrome.exe
456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 2752	456	chrome.exe	89
PID 456 wrote to memory of 2752	456	chrome.exe	89
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 4536	456	chrome.exe	92
PID 456 wrote to memory of 2404	456	chrome.exe	93
PID 456 wrote to memory of 2404	456	chrome.exe	93
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94
PID 456 wrote to memory of 548	456	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.ipg-online.com/connect/images/reseller/fab.png
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc28bc9758,0x7ffc28bc9768,0x7ffc28bc9778
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1892,i,7982225488660435579,18011273379118955432,131072 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1892,i,7982225488660435579,18011273379118955432,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1892,i,7982225488660435579,18011273379118955432,131072 /prefetch:8
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1892,i,7982225488660435579,18011273379118955432,131072 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1892,i,7982225488660435579,18011273379118955432,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=1892,i,7982225488660435579,18011273379118955432,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1892,i,7982225488660435579,18011273379118955432,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3724 --field-trial-handle=1892,i,7982225488660435579,18011273379118955432,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
74f1211c69c3750ca083a53e2789b583

SHA1
96ca4667bac847c3514b28372c84aa1fa7810fbe

SHA256
b66a5994e96fa95a6e3eaa17c992bf8876e039bf65b63a710a5b51404617bd7f

SHA512
d26f9074140fea73202387cccf03fce3c39e400d8f4cf17e8db1c979c53dc6de6f6487533eba4b36f868c4a42ad4d2ddad02e6adbf1e2cb6147b96a05f8f6c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0cacba6c3d434c42fe65356610e9a6eb

SHA1
185ea3c008cecc51fd5e34b4fffefc3642e96628

SHA256
0fe8ae456307d25b14be449488573213d8e873d80c93890a73e22bbf8a5214b8

SHA512
d645dc0793d77bf351d93985b8b227841a974811e1656a305829b7429182d4960779b22099390e2adbad75f51e291990254985bc4756b8b7a8ed86c15b41d052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
22d8a89a5a8102e0eeae2979a2c41ed5

SHA1
38cb854d8eda4b01c78b7f116ef7f9c623509dbd

SHA256
953853ca41da2a85ef4c5d1536f29125522f82375a11d0471992fdbfe0a28cd5

SHA512
8cd75f2c7fb22349b62de5eea26b2ae9192b8f1bbb6733c79360e80cab0117f4fa3cc427e54b20da153a2cec77e4b4425df2626ed10da83fd9c139b2e90f942c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ee4bd760f13beb4b298004f4fa90662a

SHA1
f0b66390e62b3e428adee1f3aa0db85cde43fba7

SHA256
122b36be89841651a59821266fb00e7236cba10c55d7994d2ab22d84bec6ca98

SHA512
26bf6612254dd6e5b2642f71bf240e8abea837060dc7e436aac8454d77d2028cef14ac1fa8456c4af6a30a497cd1c09123d73cbb72956bfd93e0807d3599d3a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
c3ae546eee2d49d524fa2fbb2d7faf19

SHA1
0874fd77a5995ea70886154ba91871f761e27c87

SHA256
c7d2028ef195e73adc8e04ba848edacbd4ea665af81827e4937fe741848cf235

SHA512
fce446d3a3bbd4972428f6f289aa4cf431ed8298ea5a09edc0502a10b3f74c71c5055bd6801340a140439c5f9b58f4ccda8afb0a4a13f1c599c4930d291d7114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit