hxxps://www[.]respaldat360[.]com/

Analysis

max time kernel
151s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2024 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.respaldat360.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133504266266515557"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
696	chrome.exe
696	chrome.exe
1572	chrome.exe
1572	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
696	chrome.exe
696	chrome.exe
696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 696 wrote to memory of 4320	696	chrome.exe	86
PID 696 wrote to memory of 4320	696	chrome.exe	86
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1592	696	chrome.exe	88
PID 696 wrote to memory of 1724	696	chrome.exe	89
PID 696 wrote to memory of 1724	696	chrome.exe	89
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90
PID 696 wrote to memory of 1812	696	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.respaldat360.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff9566c9758,0x7ff9566c9768,0x7ff9566c9778
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1864,i,8558586525304149482,6657996318727039386,131072 /prefetch:2
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1864,i,8558586525304149482,6657996318727039386,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1864,i,8558586525304149482,6657996318727039386,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1864,i,8558586525304149482,6657996318727039386,131072 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1864,i,8558586525304149482,6657996318727039386,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4920 --field-trial-handle=1864,i,8558586525304149482,6657996318727039386,131072 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1864,i,8558586525304149482,6657996318727039386,131072 /prefetch:8
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1864,i,8558586525304149482,6657996318727039386,131072 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3536 --field-trial-handle=1864,i,8558586525304149482,6657996318727039386,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
168fc1712fe83cedbdef57b9c2c78f03

SHA1
2c36620b07513d9f7f34661c59b5b629f17265d3

SHA256
fb41e45306185e49a6aafdc306fdb99c6af69bd4830abb841fa56222896cbbfa

SHA512
6daab0f94e2d8ac5376a147039fd4f05c853da6d914b67ba80cb5ac20d073576a001a21ab55c047001a4d638cff0df7a12501d217bdc3dc3674343e4fbd45a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
587ec4bd2befab1bad3f72ec523b7eb5

SHA1
7dd837cc4b109c674eadb7f0f016ad5c4228b401

SHA256
3900da627dc364512b6df54137383fe204d35c735698fe912f12ff84d0d4bb7b

SHA512
e81d2bc71f9e7aad41d91adfb9205335c6e7043290a7465d7e3d4b214532133d5f8231bb1e8a397a540edd5c2fb38dee7e4b6d7bf53f2a094924dc767bbee7fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4c6d481dbe69615aee15559e522d8669

SHA1
6222736db9465f734e2d3a8052505a88c8d42466

SHA256
65b30d5cc8cb5e8b86b81422a773ee96de3ac2fc1b72f3b902607fb399c10473

SHA512
49a919033f54ea1068c3ae1d2a20a0fdc34df5fe8a6f4e94f7d9af15a865e9cef4561bdacb257916df250db5e7d5363ea3580aff2d190c7e62d8df2ee22cee60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e71f7755a3c729ff534ae38caeba6a83

SHA1
1bd5d6b95e6b2d80e80ce8de876bd32ef4db172a

SHA256
d4cabde74254bdcbd6c98b16b4a5512b1efd75ae6c452f2be9d271cba2ab90bc

SHA512
39df38610df4d85dbc48759664fe413197450f96ed4833defcda78083f1218ef754b24cf4e3cf31b4ea7216b7e120db98132745aa5f663c170264aab4de1375f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bb158e5a643880274311de845bd50d50

SHA1
d97ecdb0e9155013a367025bb6f6688101644a09

SHA256
eaf8611cd160b4b01555ff04236f001650231b3238df1aeb1b3106146f2b333e

SHA512
8868812d0bb5aaebd47d4915e42d6e67cb4479c5a3d455103fbeb382bb7bb897b01a9b6c8754bb2e0699e188672f0cb0bad97932f01aad8f406afa3ec0853169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce0cb1dc930531deb2211f3dd566d3be

SHA1
4be6b16eff68a56c753a24547380494a3ab80c4a

SHA256
7d8ef4d0e1903146e27ff4df19b91e08f6b46121ebe10a2a0b8a838a884ec121

SHA512
8ece54ddfcb35b820029308e1d8fd12672d939e5306cc3931dc09857d6b026500fa60493a5d7de795aa68a30de592a18e6e4464cfff4a4772c9b474a5866434c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
4b6d6f5af1aaf2a3a9648a1c72c7a79b

SHA1
ad67552e55a1ffa123f60790109d9b14965e009c

SHA256
0500b8e8a73ce3e191e1613edc15747249b42360a2e3edc950d67a4e7fce0c13

SHA512
713bb141922092d86281d989bb632b486f074d80ead12f9c3868e1e1f370ef75a25e07c30a0b2e943899a64162749e0ce6c9b2f31a17f6bd61e31b078f3fbd2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit