hxxps://startcrack[.]co/drivereasy-professional-license-key/

Analysis

max time kernel
599s
max time network
486s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
29/01/2024, 14:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://startcrack.co/drivereasy-professional-license-key/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133510113837932715"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 652	4948	chrome.exe	77
PID 4948 wrote to memory of 652	4948	chrome.exe	77
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 3084	4948	chrome.exe	79
PID 4948 wrote to memory of 2448	4948	chrome.exe	81
PID 4948 wrote to memory of 2448	4948	chrome.exe	81
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80
PID 4948 wrote to memory of 1956	4948	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://startcrack.co/drivereasy-professional-license-key/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbfd249758,0x7ffbfd249768,0x7ffbfd249778
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1820,i,3653773373860446413,17419113861591778614,131072 /prefetch:2
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2140 --field-trial-handle=1820,i,3653773373860446413,17419113861591778614,131072 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1820,i,3653773373860446413,17419113861591778614,131072 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1820,i,3653773373860446413,17419113861591778614,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1820,i,3653773373860446413,17419113861591778614,131072 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1820,i,3653773373860446413,17419113861591778614,131072 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1820,i,3653773373860446413,17419113861591778614,131072 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3724 --field-trial-handle=1820,i,3653773373860446413,17419113861591778614,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
e417d8b6e90c47d865312de4c7089df8

SHA1
c034f2cdceeb7527982e6760cc5b5f413549c51f

SHA256
76584586a12d29800ad8019f18c08020a9961b45b1f5e4f8bdb100e0318ee8f2

SHA512
f0ac9d04913b72d35b3d23acc79e31952fdda68ff880362fac731ee4c66ac0de71c2bd0a1e630fc8f9b6978cba91e1ef65956e1c78adf74dfe3ed73f96948b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
255850a74ef076ea762064f14bb67b4b

SHA1
a3c0ddb20eb6ffafe0f570651718067a8089f356

SHA256
5cad270aeed0550598d6164d08a403356deb8c43dfcde172d9c5dbc85bb582e2

SHA512
95957814cdd6fcf267630b93568fe35c9d5d81dc41d41964f50e6a3f31aed951abda32721e84eb405eea0d014144b179763416f7d43d1d3ff7e99eb0aa3757de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
7fc585810fa607761e20edf0addfc1fb

SHA1
88559588e3a020ffe8f8a4d5ccfaf1e36045191d

SHA256
6410ae339985326b821a13746722e09cd13d2c191fd963f83413d336a70d2ee5

SHA512
8c0b79afead85508da5fd3da5c9a35d3caf1a7982f8358baaa3f5bf23c5c3c6efaec088279b77f9886232eb875ce1c03f9e267ecdaeb00a719d73e23ecbc5b3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8e0c569dc5d6f4338c13a4ab9e59415c

SHA1
e81369d495902fe85d719450229657e0659fc464

SHA256
94dd44ac138a30c92b74324b4b435529aada074c0b10c41e49b2abd96924ab71

SHA512
80c9c1cae4c9bc0c0e87d8fdd5ed5cc1727df27edb3652a327d2a1eef3d0084ea3a0345798433389f2ff0d7e25dd0d8d39619d89b1bbe3eb473746d8e16d3628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
1e43d1ab32914442abb3aa5ab3e3d5d7

SHA1
f795c4f626a73fc59dd114167fe00d2756ce6f57

SHA256
259f8a938733ae01fcf3ef018401664073c6d0e8e0391e59973e29e549b7efa9

SHA512
8db2ac6ac7a9ddc82e398dcb40a3fcd9952482d024f853aae5d37ff21c4e0faad3e94045f7b7b8fb5c4209f4094e6757a51f48a86a997bcbfe4e3a301d214719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit