hxxps://autohotkey[.]en[.]softonic[.]com

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2024 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://autohotkey.en.softonic.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133513070871480130"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
908	chrome.exe
908	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 5004	4568	chrome.exe	83
PID 4568 wrote to memory of 5004	4568	chrome.exe	83
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 4812	4568	chrome.exe	87
PID 4568 wrote to memory of 3108	4568	chrome.exe	86
PID 4568 wrote to memory of 3108	4568	chrome.exe	86
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85
PID 4568 wrote to memory of 1636	4568	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://autohotkey.en.softonic.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa5e689758,0x7ffa5e689768,0x7ffa5e689778
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1860,i,12345933362073459126,4468981757966415130,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1860,i,12345933362073459126,4468981757966415130,131072 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1860,i,12345933362073459126,4468981757966415130,131072 /prefetch:2
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1860,i,12345933362073459126,4468981757966415130,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1860,i,12345933362073459126,4468981757966415130,131072 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1860,i,12345933362073459126,4468981757966415130,131072 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1860,i,12345933362073459126,4468981757966415130,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3692 --field-trial-handle=1860,i,12345933362073459126,4468981757966415130,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
3a3e35fe49e6b67aa6835cbeaecf78cd

SHA1
6c85fd956ca7f6e63f6aacde63a8b14e1b6d81f9

SHA256
248c76506b635feea1f5e6b7285bd56909fcee81cfddf17be884ea9c58189a30

SHA512
250f21ba6c19a3389de30f40f4d929d9d668bf97b56490066c3fc83aca42e244b9483ac448ae530527fac0e02cebddc1c01783ab5d22296dba5247899e4091f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
ee597e9ec109cb645287806030849112

SHA1
31c1e858fc69cf0daa1624073db851534e709dcb

SHA256
2a8456c3734e8a33fe68ce4bf2b5ee552e37f4a70cb62b5bdf534733f860221d

SHA512
fdd663fab9cb4ff5c283199e23c719ad92661a4d5ec6358af486dbddddc2be066060b2e2e83d9166dd8eb4fe1a1c3cdf71fff3c6f0907230202de0e3a3c99027

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2c5ee82ff42b87d46e2ac6a29c4e2759

SHA1
75c85a8998acf5216e8cc7c1e0407441347c5f38

SHA256
2e0f4b2121bd0c4d51a3b08ce5ae10ee45cdaba0a95e0e07f35df0c6300e0f97

SHA512
629d4794b836a5f3a48781217ad8e349b499833f6d1a8c09df00330c4428ad5c12f5ce3fd39817d0c0deb591b88ee6d6014ca99ba1fc88ba331f1e718595b405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b9b8ed0f12fd1391aa5af2ab4bc57a35

SHA1
ce19950088954b8a7e395c0a8eaf89cfd861991a

SHA256
8983e716af2807f02c2fc9370b24b41d5d3234c914d08f81ee554c4fa80daa65

SHA512
4ca6ae27214340483509d24eaccad378cdedc135ee7830defea0da350d50460fba840725a33d2ffa10f69aaeebf73e3ccd15cd3f55134464c2c8442e92a61fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7eafe59e58926bbec7c131b89ccc47c9

SHA1
d74f0309b6acc5becec034fcf6d86a6f319feb79

SHA256
303fe5da00b5087500e15ef450778dab6c4513ae3e88bb00c5656ac749389db0

SHA512
c5a24a89a622421d3a38d4330df3d0220080469f75d6b58022cc7d32ca3d33a8e9308332ff590bccb9e9e360015fed0ee61190547c08d70ebb3f9c5e83519a55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
37df2bf4ff822bbc5aaac263864d440c

SHA1
3c48dff1f6aece76bdf979bd541653b3875392d5

SHA256
2dc1a60a5b4d89c80725a066d8176dc250a3aa41f95250fa1b468f0b598c3917

SHA512
e58cac551713ac20aeee1d9d05aef59b9ccf60aabdffc4ed1fbb1b390d5799c113eef46ed88d4bdc51b74ffbe4c9f45478fbcccc2b469b459c72df603b3fd303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit