Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
11-01-2024 07:47
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://popgoldblocker.info
Resource
win10v2004-20231215-en
General
-
Target
http://popgoldblocker.info
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133494328630396797" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1140 chrome.exe 1140 chrome.exe 5156 chrome.exe 5156 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe Token: SeShutdownPrivilege 1140 chrome.exe Token: SeCreatePagefilePrivilege 1140 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe 1140 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1140 wrote to memory of 2520 1140 chrome.exe 88 PID 1140 wrote to memory of 2520 1140 chrome.exe 88 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 1832 1140 chrome.exe 90 PID 1140 wrote to memory of 4536 1140 chrome.exe 91 PID 1140 wrote to memory of 4536 1140 chrome.exe 91 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92 PID 1140 wrote to memory of 4304 1140 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://popgoldblocker.info1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1140 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbad89758,0x7ffbbad89768,0x7ffbbad897782⤵PID:2520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1884,i,14171159153200833841,12536407563865033573,131072 /prefetch:22⤵PID:1832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1884,i,14171159153200833841,12536407563865033573,131072 /prefetch:82⤵PID:4536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1884,i,14171159153200833841,12536407563865033573,131072 /prefetch:82⤵PID:4304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1884,i,14171159153200833841,12536407563865033573,131072 /prefetch:12⤵PID:940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1884,i,14171159153200833841,12536407563865033573,131072 /prefetch:12⤵PID:1828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3940 --field-trial-handle=1884,i,14171159153200833841,12536407563865033573,131072 /prefetch:12⤵PID:5000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1884,i,14171159153200833841,12536407563865033573,131072 /prefetch:82⤵PID:880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1884,i,14171159153200833841,12536407563865033573,131072 /prefetch:82⤵PID:432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 --field-trial-handle=1884,i,14171159153200833841,12536407563865033573,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5156
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4580
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120B
MD5d326e1cc3c54e7d31603e11be5846b4e
SHA195deefe5362c98f2820f74867601065c9c75303e
SHA2566f437f2325e41489434ee42c7ee26aba367be730e083a2ab21637c42bef1cc1b
SHA512d5f51817cd954decf283646535a37b653de84b55e7d89eb20403bad98c1307cf3dd4ba04010a33a54e73ec9a8285dae66b7e56a4a104657bbd01a37635b87e01
-
Filesize
2KB
MD518b37a7c5a8df82bc72505ad9256c971
SHA1b2dd6fac4426170d2ccb7718890723e39fae3ce7
SHA2562354796c85d65e82d79a96d675e6df7d66c23e5f5ac2c3437a26ef08dc9440fa
SHA512379d28968b3bd8faa080c596f35c005e82a494dc1ea12a178f44cf6a0054d9e2a6555386c145f3cae4eb456713f3f5678ae6c822fd841d1645e6889c4d50d9bb
-
Filesize
537B
MD5a9749cb2fad9dda95c0cfca7b50d1897
SHA177518f9a9e6efa9c40bd4c7d65aaa162f86d706a
SHA256b2f470fa41349aae0014b1faf7fdc6cc22b1c0704088002736a82f4d45ec3515
SHA5125c7130945ac0c814a4fd15d83b6d66bbcd044538caecb759047dbba5e5d05519a7759a7689adcc759fb93848cc863ea7efda2d564ba874b572e003903937875e
-
Filesize
6KB
MD574962bd9c94598e1ed8ac6572afcc201
SHA156694fb295c338f1877c2e19301f4566d80d076b
SHA256af88dee713d5c57e5c963352a7d3ce2be26f90fe56c43515a273a296e186e8b7
SHA5125058a1ad6518dde47c022d6260d5b5b6b9dd099bee145ff51b9364adac14383c230ae9328aca03e25f259e063975b4c3f62dff20385546298b809a8bc909264e
-
Filesize
114KB
MD5f92853b4127bd89c485e97fbfcf3e1a2
SHA1705a448130d5803f2b1e3f42dc8f5f38e5a7938a
SHA256ec6c217abf00947dfcf9a384cfe89e84b61e67bbc9535c4de7328ed9ae0630e2
SHA512c6ac3226dd6e9115f97ae3029a2685189ee9b0f86826f3f9f779203592753ca475a753679b17ece2c51666c6b7e0eb686d1ba9e4ccfaf29a1a55f460c6d98a6b
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd