hxxp://123[.]123[.]123[.]123[:]443

Analysis

max time kernel
301s
max time network
270s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2024 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://123.123.123.123:443

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133504941543616969"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1496	chrome.exe
1496	chrome.exe
3500	chrome.exe
3500	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 2068	1496	chrome.exe	50
PID 1496 wrote to memory of 2068	1496	chrome.exe	50
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 3176	1496	chrome.exe	90
PID 1496 wrote to memory of 4172	1496	chrome.exe	91
PID 1496 wrote to memory of 4172	1496	chrome.exe	91
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92
PID 1496 wrote to memory of 2272	1496	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://123.123.123.123:443
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c6ae9758,0x7ff9c6ae9768,0x7ff9c6ae9778
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1864,i,10104553748142821562,2760477842164742196,131072 /prefetch:2
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1864,i,10104553748142821562,2760477842164742196,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1864,i,10104553748142821562,2760477842164742196,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1864,i,10104553748142821562,2760477842164742196,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1864,i,10104553748142821562,2760477842164742196,131072 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1864,i,10104553748142821562,2760477842164742196,131072 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1864,i,10104553748142821562,2760477842164742196,131072 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5112 --field-trial-handle=1864,i,10104553748142821562,2760477842164742196,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3296 --field-trial-handle=1864,i,10104553748142821562,2760477842164742196,131072 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3924 --field-trial-handle=1864,i,10104553748142821562,2760477842164742196,131072 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3192 --field-trial-handle=1864,i,10104553748142821562,2760477842164742196,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1864,i,10104553748142821562,2760477842164742196,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1676 --field-trial-handle=1864,i,10104553748142821562,2760477842164742196,131072 /prefetch:1
  2⤵
  PID:3740

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ef613c9b1870cefdb0f0af9524ea3d31

SHA1
384b234c902fe43b7c894f9d98876c25bc41da87

SHA256
3b0fe383ac6cc485c7b38366a3f12b9ca1ce0f869cafcb2bad8564f197cc2f98

SHA512
0c3a582793835ab1c99eb527f5722b8d8bfffa46d61abdc53f857920bb35a3e98880275573b9885da5a9f2841a1f2d24927d47e25b915f012097f9f2121227e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
598e885c2c826f02129ec5961aea8604

SHA1
bf96bebda76b1e36152e7c3bd026e3876015dde1

SHA256
cd085458ededf299dd019adf2e942f319e4492c06113f141eaf6f39f0e5d4e04

SHA512
8babe7d0ee9d6dabcdf8305ff69b6c3ce9e12f8412a8549881f2040683fb6dbfeab74a1c2631fb9dd3063210c717868e06c29190abbf85228dd00e34ee37e579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8549f262a3f409e632176a7fbf1b9fbd

SHA1
8180d2754b8c73ebb5ae57d0c27636c167350b52

SHA256
3efde909fd8dfb7b343c2349ab8c4a78285e38562add45bc781960509b6d9003

SHA512
b99b5cba353c996a8a022d3ff9273d7cd5fb00e0d4af09e57dac55b84a4d419053a484e69805f5f9065e52eb283f63086ec5f19846ba189abea2b263ed7e90bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
40d0ca1698c42bde684d054dc20ec4fd

SHA1
e4d461bbe5b9d7fa418039efeb5bc015a0827141

SHA256
f401d5b5e3c17a140f206aa214f9d662c4708ac4213950c0bf48d289830c3658

SHA512
bb9687e9094c880afe9f7aa55cadf91187444424ba7777f274fb616acf638d0e2271b2009011b4c269c5b1a72cd9004fe5f8e7d9a94d4039daca54383fb7d3ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit