hxxp://stats[.]sender[.]net/link_click/NssHPgqwkq_LMXim/6c2e336604abee32f8d27926f4ed689e#c3ppbHZpYS53ZWlnZWxAZGVhbG9naWMuY29t

Analysis

max time kernel
125s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 01:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://stats.sender.net/link_click/NssHPgqwkq_LMXim/6c2e336604abee32f8d27926f4ed689e#c3ppbHZpYS53ZWlnZWxAZGVhbG9naWMuY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133504478786578995"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2292	chrome.exe
2292	chrome.exe
1728	chrome.exe
1728	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeCreatePagefilePrivilege	2292	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 928	2292	chrome.exe	87
PID 2292 wrote to memory of 928	2292	chrome.exe	87
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 4552	2292	chrome.exe	92
PID 2292 wrote to memory of 5112	2292	chrome.exe	93
PID 2292 wrote to memory of 5112	2292	chrome.exe	93
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94
PID 2292 wrote to memory of 2332	2292	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://stats.sender.net/link_click/NssHPgqwkq_LMXim/6c2e336604abee32f8d27926f4ed689e#c3ppbHZpYS53ZWlnZWxAZGVhbG9naWMuY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa236c9758,0x7ffa236c9768,0x7ffa236c9778
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1880,i,12147561425851194776,4949577505617279315,131072 /prefetch:2
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1880,i,12147561425851194776,4949577505617279315,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1880,i,12147561425851194776,4949577505617279315,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1880,i,12147561425851194776,4949577505617279315,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1880,i,12147561425851194776,4949577505617279315,131072 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4844 --field-trial-handle=1880,i,12147561425851194776,4949577505617279315,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1880,i,12147561425851194776,4949577505617279315,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1880,i,12147561425851194776,4949577505617279315,131072 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4652 --field-trial-handle=1880,i,12147561425851194776,4949577505617279315,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c249d93ce5d6240ff227e32dfc3d9eb4

SHA1
a282cc767745a3d82bb6c39671cfdfade87e78af

SHA256
cdaac8c8d385fd7f97d0a3e2eedaa94cf0fbac08ce1d095aaae878341a324943

SHA512
0d4a6412f92e6dd0c72c94ea14b43be642057fe5ca1ff02db2b5291965128abe5ffcfb8dfdd5b055bbd9bbdbbcdb5643946bf077a35af2b9f92fe7adeb41938e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d8e25a20ad832552647800508a1bf6ba

SHA1
5e4c0ad0812ed727e7b7fb1050447dd862def2bf

SHA256
80a2c638b2553f0ea2293a1d750cad999944fea245fdebb86844915efd388d2a

SHA512
a95d7229e32e10e22910b242d5c7b12a87bcbaacf0ea1ffb86b973ae3e43b0349f128d110fe49b74a4249493cf8c89ee726f8ff469a83cf1bbd906295b9ecc76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
52a29431527d22d72426c081fe28c93d

SHA1
3754f9c0763a44c1ad07ce4106079e846a07bb73

SHA256
15108203adf7a0906861559c1c53a63313ed5809b8b615b9b7910e9c8ab82c29

SHA512
527ead4aea431b56b093a83246f544780d666930d148b82ce39b6e5fb9fe353d27936fa92d7d5a5505643bea591127c7e4b64bbc49cfe9cb14b7c6b09e940618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
52cf3e62f8fad7c1053c4fcfd8add27f

SHA1
3f18374d65bd085e2e9dc750111659dd95f6665c

SHA256
1ab2d8475bf834f0309eff038682f692dc107fbf44934e575e6e6033f0168fc3

SHA512
ba02902d24671f9f7730f6612e215aa39683984328326aceeadca4d788d1a548350941fc1027a150650dfafb34fcb8feb3329527b2ea4cf77f1ed0bd70644cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a8aa0ae9fe9576b375b23abb28e5c812

SHA1
bc094683d9bfb88f208e729785f385596d9bf6f1

SHA256
fb146d8b173ac778837ee4e45c5da4eabd907c3e0bfdee5c1d33f5ff6e702cb6

SHA512
741b9a3d92f0fe5680de09306e58f0bebb492649094980153da58c2f87e73f0869fd065c7fa036ad15fcacd0a24fb9f97cfc6bb74d05413a4ca84caa1648b04f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2a1a0d4fc19a3985598a5d678bb26d56

SHA1
67c3a90402b68f40c5973067b7dd3da2b90a881e

SHA256
822e64acb94bcafd6c8e3f768ad42e023b2ef44d8da4efe2a5c526835992325a

SHA512
4bd446001fec74aaf25650d5e94b2697add9ccc85990f8c3b258a98e54bf07d371490135b25fc0d8b0e6fade879a30261ad59b5ebf0ecc71656cb1fbb2b08fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
c5e2dfee857f566d424b281cbd99a395

SHA1
0caf5f164308527867fa8dda4e6ac101dcf631f4

SHA256
de0d4d5fadb04cdcd9e2fd938fef7d41f012bf8d2c609e8744899b44f59d351c

SHA512
dd3c85beac4492ea3e11c5e7a67defd746c324067c60a657199adbc72bb5fc898621441f0014cc9da1b8999129ce3f09e6e3f49a65a67ceda443d0f55881dcd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit