hxxp://transfer-probenefit[.]com/MbWljaGVsbGUubXVpckBkb2VobGVyLmNvbQ==

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://transfer-probenefit.com/MbWljaGVsbGUubXVpckBkb2VobGVyLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133495549439682477"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
5988	chrome.exe
5988	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 2088	452	chrome.exe	26
PID 452 wrote to memory of 2088	452	chrome.exe	26
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 4788	452	chrome.exe	77
PID 452 wrote to memory of 1596	452	chrome.exe	72
PID 452 wrote to memory of 1596	452	chrome.exe	72
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76
PID 452 wrote to memory of 4804	452	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://transfer-probenefit.com/MbWljaGVsbGUubXVpckBkb2VobGVyLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb1699758,0x7ffeb1699768,0x7ffeb1699778
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1856,i,2038224720891262147,10379373101299798311,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1856,i,2038224720891262147,10379373101299798311,131072 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1856,i,2038224720891262147,10379373101299798311,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1856,i,2038224720891262147,10379373101299798311,131072 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1856,i,2038224720891262147,10379373101299798311,131072 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1856,i,2038224720891262147,10379373101299798311,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4904 --field-trial-handle=1856,i,2038224720891262147,10379373101299798311,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1856,i,2038224720891262147,10379373101299798311,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1856,i,2038224720891262147,10379373101299798311,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1856,i,2038224720891262147,10379373101299798311,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4676 --field-trial-handle=1856,i,2038224720891262147,10379373101299798311,131072 /prefetch:1
  2⤵
  PID:6128

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2a9708bf0b66c33582762d02bb2dcedc

SHA1
35edc12a44c8b6f2bcd02f6b61206e9b5aca916d

SHA256
b9e6e6c675bac0aa368070319607c620bd616de8dd9a4b7f0ac26a6eb5e4d7ea

SHA512
0bd74f535e613d0c13c5f236389f5a176d635abf47c1fca60b0072dac18f7269c141e186cd9142c35d8b6337f9de967bb60691b29d555faff33fca1f620c06eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5fb8c62c71c7f5cf4fe4769d79c8355d

SHA1
d75f332bcd520aefaa1bda6fee6bf53fa864a9c0

SHA256
ca4a37d0ceabaab360d42b4d8e7defdf2f325af93f332969fc78ed1a8a4865c5

SHA512
860c84d50d05de07a82f4025003964284ea826aa0bba3312c164b68ac50c98bf1bbb6ff0bda2ab977be000693e05dd5c7b794bb9d4444bcbc7730a2101a30626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0d91d3f0551daf613d1a591d2210a943

SHA1
9082f1b438c20e1c15c913211ff1f1c9576380e0

SHA256
47f408e3bcd56ddf1a570ad63569f2d42429b0672ff00326c0b5794ea92b8349

SHA512
5ea705a4592994e9fef7961fa0b64fa8bf39d5cf404aa09c029f811e3320b3bb65c24c6c740933feed5a0f47d83c1178af8896a618e69d164d903bd777243544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eda5ba9a59e5cde462592f5c93587238

SHA1
227d6f845bcc62f2dded79294993c0d21007c812

SHA256
97ef895a14ea658eff919bb0d78c8d1cc48cc4f89a5eb85dc7461e785d084c5d

SHA512
b725c4b60c9c9ec9d6170b859e5b14929b5ed11d1e5fd03714ece20a3abe7cf5e92b3611d31f68ce68a6e80708bf93286eabf703a6ccf6ec32c782e290d56938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
b19a0aeb3074e59856e3a6008a41d9f0

SHA1
e7e8e3988b3b21e15c2fbc96f7bc74aeb29dd4e3

SHA256
0f4ff5b7c1b1834310a324c1ee7c03182854f0bac686bbbab5054110ecac08b7

SHA512
3171728c35da695614b77d55b3a397cd0a374565d4b8828eee2140c8cdc6553e45e995facd83aeec6695ee9a4f0675103534e95a46db1cf23130aa8c84e162db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit