hxxps://city-com[.]it/

Analysis

max time kernel
108s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://city-com.it/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133493033575949122"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4536	chrome.exe
4536	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 4724	4536	chrome.exe	90
PID 4536 wrote to memory of 4724	4536	chrome.exe	90
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 4884	4536	chrome.exe	95
PID 4536 wrote to memory of 1744	4536	chrome.exe	93
PID 4536 wrote to memory of 1744	4536	chrome.exe	93
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94
PID 4536 wrote to memory of 2560	4536	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://city-com.it/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1cff9758,0x7ffe1cff9768,0x7ffe1cff9778
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1936,i,954190176649413001,10205645377288329909,131072 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1936,i,954190176649413001,10205645377288329909,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1936,i,954190176649413001,10205645377288329909,131072 /prefetch:2
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1936,i,954190176649413001,10205645377288329909,131072 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1936,i,954190176649413001,10205645377288329909,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1936,i,954190176649413001,10205645377288329909,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1936,i,954190176649413001,10205645377288329909,131072 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5812 --field-trial-handle=1936,i,954190176649413001,10205645377288329909,131072 /prefetch:1
  2⤵
  PID:3648

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
76737874bb92207bc097f31b6f0fdc5f

SHA1
b57db01164f4edcab1ee6fcacf3c93917a4dbd14

SHA256
7f681200cd7c6b6fcbf69f3aa89a004612b73ed2bc7c62d3270a45f5d199b3e6

SHA512
77c090b15fe665ee72647a56ca70ca2f2731a4304924f814c6be6e5193328048aa8db39081b6d58d6e59e81239641af2876820003885a0a3440afdff41f0222d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d867935ddcfc3dfa21b6f8856cf82b87

SHA1
afdd7ad6e4978bb267c70cddcd3e141af46120b5

SHA256
c86ba43b09482ea931ef6fb35217732d90c96302fa13cf61e1afaa4e77886527

SHA512
c2765a8f0471ea1f08f423f3e587716849f7003ec3c19f646875f4514e4454b601d084bbee7289d8edf5ee4feac8153511c05a3536b47955e471568c69c7bdc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3d678831ed12839bb672867ad23f295d

SHA1
9cd5d0adfb6db7efd6a052bd5b20c581b5d35411

SHA256
d1fe84e382002a3f67f1cedd86ec1b69213efca08895ef346082550298067c32

SHA512
bdece6707f6c19c50fe095561b3e52f553903f81141123d716c681b8d7a434b62a2c7b087f222e3f3d7019f3c8a12042b4f1b5d98cdf763f46be895fbec2d068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
472b157f0d9f0492ca34d4e57cda677c

SHA1
f3b56db3894226b9caee58d2a25d24379fc41f8f

SHA256
451558338a7bbbb8ea755161b912e7c556dc3e07f4c6d6a57a210a8213925425

SHA512
32d1a5cb2d419659b18f9221e4ea04e079d8a6f388c5908484c65df4641bcdafd8090b894ee02438a65d931a0d97c5aeabc3eb9a68e53b81f7f563ee7b3abfa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
939d53d37e53c424741bfd624ccf1a08

SHA1
63d874fbf08a82be1185eef1e28732ae373a018b

SHA256
6ff7c817f80c744481606091c6f446dc487977c039dab3a3cfb78b87750a9fb6

SHA512
175a227b9c60c3b1692b4a382ce6a46f58c196147367bb86c1c274c47d54627a5feb81b00b0c58f5760c284555f1f7c8e961a54bc2160b69f7dc680958a50a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
49906f22710bd94d7fc3212676ae7671

SHA1
0d4e807584d63f5377de7f7f209c66bc09e72f1d

SHA256
76a834ac4a5c68b9c1cbcf3790e4a26bdce33aa6cd43a80181e91a756113610a

SHA512
345f6253d956d6f76c7f99fb541022d27a9099d9942ce95b4a04e22fd0e2ee42d77e38789c4de1c4eaf5546ea3bcd67878cbaac34ab862870972ade55b22a50f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
daa3d7eae3a78781324db11e701b14e8

SHA1
9071a08c4fa0e133cc7b2bb96b3e23c63e89e3a5

SHA256
c34879a57aadb4c1a3d94f58e4820ec866648b8d62c228d6cb90fb54a65065e2

SHA512
413eac783eaec2caef31925f704f873fcbb7dcd60f502a1e7b56d93d91fd8b9089d772f653c4b6505927f2d59974285ff8f327b94c2218279a976f0781623d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ab8c01754822ce2d638c9d9dc61de61f

SHA1
9dc90f417866d4a5383a8916191264ba156391fb

SHA256
e3b5bcecbdbabb3b0bef35ccfe7598d53db25db53cd0db483e74b3352e95beb9

SHA512
ebdd3bf403987bc44547c652e4d737e16512791b2fa050ad2d635e09d304e16f05c09d8b4a3d796a85e5b4d493812c6def9c198b5291e85d6e82dfdfde345373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
2a795e19300aee0a202dc858262134b8

SHA1
577ec13c08216e84aa22ddb2c87401a908aa9fbb

SHA256
6eb34ec70d5f94267c1f4bad3e9a936e2d41e756e1b1d1a33f3bb37ea770d67a

SHA512
33fc42cd97a1f589f64584f02d7982f8c3c0b506f29ba608fe6b3a86dbb7263b158a8b2de0cbb94084073cb15e39065bb6ca71a644a7bca63ffea629b2a175fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit