hxxps://cloudtyprr[.]com

Analysis

max time kernel
1803s
max time network
1733s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cloudtyprr.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133493444378160443"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4720	chrome.exe
4720	chrome.exe
2856	chrome.exe
2856	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 552	4720	chrome.exe	80
PID 4720 wrote to memory of 552	4720	chrome.exe	80
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1748	4720	chrome.exe	90
PID 4720 wrote to memory of 1680	4720	chrome.exe	91
PID 4720 wrote to memory of 1680	4720	chrome.exe	91
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92
PID 4720 wrote to memory of 3668	4720	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cloudtyprr.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf7749758,0x7ffbf7749768,0x7ffbf7749778
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1664,i,17836293560341575593,4083807325289015249,131072 /prefetch:2
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1664,i,17836293560341575593,4083807325289015249,131072 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1664,i,17836293560341575593,4083807325289015249,131072 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1664,i,17836293560341575593,4083807325289015249,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1664,i,17836293560341575593,4083807325289015249,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1800 --field-trial-handle=1664,i,17836293560341575593,4083807325289015249,131072 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3936 --field-trial-handle=1664,i,17836293560341575593,4083807325289015249,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1664,i,17836293560341575593,4083807325289015249,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5212 --field-trial-handle=1664,i,17836293560341575593,4083807325289015249,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 --field-trial-handle=1664,i,17836293560341575593,4083807325289015249,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2856

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d695c22a0024cf8ef4b1962552ca161d

SHA1
484eebcd2319dc7485d55e0a64cfe372ba7d3a16

SHA256
2c17ffec90e5c5bd953c9196f6a3c6f8be46c18e9716604aab4677b56a42965b

SHA512
488a6664b51966191590e7cb21e63f16b7d9b65c5886faad70be131e1b13ddecf95abbdf8e0042304d97cebd2c241a566ac1bb77bacd9c5d9487aa99d42b3fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
654a275dc826746496148505a47d553a

SHA1
3baac92507bf09654ef2adc266415187d29ab301

SHA256
b37bc256cdc03cc80a3c263d50a6e455549bbfa0fd8c53edfe56ca71e2e74b81

SHA512
6e62ecafb2755703c196bf624b12e886056e1bb2eead4448c0b358607393673c6f46a7c304631dde2c644c67769494f78164c8b6e8bb1199776362858d7f6d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
cb73669cac1ada76a27c430d08b817fa

SHA1
04b0cd93f9fcddf8d3b14a3cff7f8f9101492306

SHA256
168a5c280c10a90f0875973713535b481afa11d272dbfdf4844b8f1e468ae769

SHA512
27ae1e266d5236ed9ebc633966509f7c8d91946a9f4045d6b089f157527cdab87f39c6767cca7f2b9d89a6a4eee20616e3d0e7435765d15f63923c4bafa70bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3eaee3bd5fb2b0a76f8ba29904c5e862

SHA1
aa5ecba79487facd27c681fc5a7ce475fbb4c688

SHA256
c5ae959a889994200ffae46c5cc1d0d6b3f7a690dd39397a0497a04ff85be28c

SHA512
3abe0af97b0dfe7cd3d5941a78142a59f83b72d7cd23e670b01b3d905dfb9dc42ed3408544b93804751a4d277ac9b161dcfc009bff05a347e67ae11026f58dd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5b3e1b1491c4196df6bca94491e5597f

SHA1
d7586dcdd070e358e89cf198cd7a18ab122b5993

SHA256
078c7d0cd115e9eaf1e75d09102c800c3e6c43017a2dd265a872ef51c66e298a

SHA512
b09b5e0342131d34ea5e8e086346ed1f31f7c84d2b3fbf0d20f5d51ef5a93c3ee82fcedab640d70351e7bab874614a511b0eb4989f9148b80595b73ac3ea3bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7103101b70fc689fcbdeb81c563ad6af

SHA1
373f259beac97bc7f9b8a9bf9b14d043e42a3be2

SHA256
f6fb203bdfed5b1c0788ab06e72a81f7aed636f6a62cbc6459d5aa2866fd96d0

SHA512
c3e0b3b14d6d43771fcf2b27aaee4ff4e0803cb512bd1e70f3b2ff0a23054a5703760c689aec3ca02c8bdc67329f827bface6d60e0c1d0857a78d3b981848844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
c9e534f6f7aefb5c34bc80c2dc2bf406

SHA1
f6c64ed9079be3640ff0b6083880706005968c9e

SHA256
39b3b5fa084558fa2d666e3f2c069ca861caad9dad18dd5c2d38711d2dcce302

SHA512
dd28d8d6e3461668e753238c4090e5ab7387ff364249de79807281078204a30b9b29500489d466af115157326bbbd1c2ffa1c6b0080bbb8f80d01376a1fee350

Download Submit