hxxp://www[.]aiproducts[.]com/contact_us[.]html

Analysis

max time kernel
152s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2024, 05:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.aiproducts.com/contact_us.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133509811961770248"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 2868	3416	chrome.exe	84
PID 3416 wrote to memory of 2868	3416	chrome.exe	84
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 2224	3416	chrome.exe	88
PID 3416 wrote to memory of 4996	3416	chrome.exe	87
PID 3416 wrote to memory of 4996	3416	chrome.exe	87
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86
PID 3416 wrote to memory of 4376	3416	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.aiproducts.com/contact_us.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff9b20f9758,0x7ff9b20f9768,0x7ff9b20f9778
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=2024,i,3447164466701379023,17325382763085773743,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2024,i,3447164466701379023,17325382763085773743,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=2024,i,3447164466701379023,17325382763085773743,131072 /prefetch:2
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2668 --field-trial-handle=2024,i,3447164466701379023,17325382763085773743,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=2024,i,3447164466701379023,17325382763085773743,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3900 --field-trial-handle=2024,i,3447164466701379023,17325382763085773743,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=2024,i,3447164466701379023,17325382763085773743,131072 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=2024,i,3447164466701379023,17325382763085773743,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2416 --field-trial-handle=2024,i,3447164466701379023,17325382763085773743,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a69b47a1b8fc551ad4df62013d9c1bc5

SHA1
e91e86cd7040a8a141fb52eae3763c268000e01b

SHA256
189d2d94dd15b3eee1160824183764a29274ac647dd81a7b224f610196f3faab

SHA512
5271ae6a1f582c889f6bdce566f413048d4871369f6f666be433632688169be55b23e5f0a2268364f3dba980bd60e0270fbe9f587e4d7e42a498ac662b56b4e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2e84b5f5cedf8d9ea71efc52adc18f8d

SHA1
32db9f1ee462c3984d474103c41afa4ee9385305

SHA256
30021094b6e5896440914b7ed3a8fccbd3b3d48175c42766050835d578f39ee9

SHA512
f7091b183d8918b4d7012ad0f37a40c97988c15330277eadd5e7373eb9fa4e7dc6c3f27469005f7737bad50af9bf23a082e6dab89c34723185c1d0164e13b45a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3518e03737b93fc41561fbc1bc85fc7b

SHA1
ae99a179dfa04267036fd79822f3ed9d92ab160d

SHA256
d5032fde508f4104753a4bd2504c9fce92c42e4236e38495f2b15d9b45ecdb75

SHA512
35e46b033ddef75928a9c0c60b7378b9ca49ddcf3c0445bff8de9bb48ec573e7aa2bdb7085c5666860eea699479831fcae384e27477f5c1b88562ac87bdea17f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c67ef2278a0d35e64752d9488bf2a36c

SHA1
8a0eefb5469732ba22f4eaef1d251660ddcb4f67

SHA256
776f4896f19a80516a83cea0f3168996ef8bbea2eb07da0b4c9a403e114b61c9

SHA512
d0c1d480bcfd0abfa0c50fad1eed15fc5d925ec386b87a01b82c8d3d4905553cf62ac643fc6711756599616d532e9888097284dfd33b70820745ef3bf464fb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
56dfec7811ea994df399f4ab11914cbe

SHA1
cf059a7e34ee506c79f79e620d0e04cc4487fcc0

SHA256
ccd9765506a0961fa5aa96eda507b313e409f736d1586214d5e2af75748e0f31

SHA512
2a03a3a65ee9e4ffc9de9dfcf3da804b8c3b68b02633a0051ff14ce870072828ec0717ddf55c0f90125ee7a601e45e8a3de578794d8143f4eb79d9469573654b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c6df6592fd1ef3f9c3c5afa412b3a691

SHA1
5e1a1713b127485a55038f69682b0bec3859d5d0

SHA256
257a7615099be7a595286fd59bea23e17b16d2007c0a9ce5e2c0c139e8e3349b

SHA512
dddf14b02761b178db9b945fa59dfa4ee27b821fc80f8c751c11e5f5a03672c59031e94eedc231f709ad7d03d518bad4c791b614259884cc1a56ba3a46551899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
b55f53f529a25112d33b734ba7b57c02

SHA1
9c9c2c83bd47475ce87aba834313a79ae8d91b3c

SHA256
9210c026246c6d6ce25c5c82869ef3e69b080ee83aa7365aa56d5039cbfcb4f7

SHA512
d2319176b291e2ae3aafbe521fcae99ac37278fd90785d7a4209114813c48ed8087f5fbf52ce9adcecde1659c577e6ca175083e2b6dae665ffbf1e85359ffb7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit