hxxps://s-884437-i[.]sgizmo[.]com/s3/i-OoB8F55PppUM4G8d-6791524/?sguid=OoB8F55PppUM4G8d

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://s-884437-i.sgizmo.com/s3/i-OoB8F55PppUM4G8d-6791524/?sguid=OoB8F55PppUM4G8d

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133523432893257055"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4164	chrome.exe
4164	chrome.exe
4004	chrome.exe
4004	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4164	chrome.exe
4164	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 1164	4164	chrome.exe	84
PID 4164 wrote to memory of 1164	4164	chrome.exe	84
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 2708	4164	chrome.exe	87
PID 4164 wrote to memory of 1064	4164	chrome.exe	86
PID 4164 wrote to memory of 1064	4164	chrome.exe	86
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88
PID 4164 wrote to memory of 1676	4164	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://s-884437-i.sgizmo.com/s3/i-OoB8F55PppUM4G8d-6791524/?sguid=OoB8F55PppUM4G8d
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe11849758,0x7ffe11849768,0x7ffe11849778
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=2004,i,17169312453523118135,4703972178656565606,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=2004,i,17169312453523118135,4703972178656565606,131072 /prefetch:2
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=2004,i,17169312453523118135,4703972178656565606,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=2004,i,17169312453523118135,4703972178656565606,131072 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=2004,i,17169312453523118135,4703972178656565606,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=2004,i,17169312453523118135,4703972178656565606,131072 /prefetch:8
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=2004,i,17169312453523118135,4703972178656565606,131072 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=2004,i,17169312453523118135,4703972178656565606,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
182d06e6d7685e7a695b8ffed8926dc2

SHA1
2d6d1b527042b0fa6c44d3e790c46706f6a03519

SHA256
2d7864da58ffc0ba5a967bb0203b8df9b1be4fdcb96d077f3708139426c36951

SHA512
7c95c7572bd3e6d0e31f38ddd6d5e6a605441d8a753c455eae166bd335ff0410c7ef43319f37ab2eb348cc6f8d5959659e8b0ee51ae9a00aa7fa056062fab7f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4f19da89c39dfefb9777405e02a43bd6

SHA1
3c9a28bf248ff46c11df67a8b29ee78b17cd97be

SHA256
c2a43b2ec5c6a38a946452ff6284941ad5f0ee8e5a631fb42b882b359932eced

SHA512
3fe946bdbc65f17c6adad8d3360a4112b206b8c18c679dfe60b16df7c6e498e8f98b638a8a31424e7dbe39448f28591fe1c2119711cf0e6cc4deaf5252ea76d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
d92ff871907ddd882c1acc2c1cbd913c

SHA1
b56bcd6c88614a1761e64e62db98ff3179d419dc

SHA256
448ed55f67349f011c45c11c70c708a282a841ee075a400226f27ad83d6b52be

SHA512
b278881166dbb9b4323a7f6c76436e222fa1b9cab188302453c2b53219576cc47f2f675e6209d82533089f6e049c72b4734654b1d405a36f1fa407affcbfbf1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7b1edfb671d22b2e5d757c8b0303641f

SHA1
d3b4c3c978d68b67b338d35e38ec04483778d572

SHA256
afd735317a5500428ae2d95a416f2fb0249b973b468b233237aba90c6b59687b

SHA512
33368a9c85dfc7c450cb57aa0bf755ac8c8deb83d8d16ccdb147cd2076ae363d74c01a5022af1e16799febbe9733d36f9ebcf624a4e2bbc6fd17123ebee881f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
20de361a5ec17cf93a4249858092a071

SHA1
83557cea036a768bcaf694108514d7bd4486db11

SHA256
df0c62e204e52a0fbfc82c4a28f19930548869c1416c3962fada0ce48c0b1e02

SHA512
993691b6e62d01828eee17ca836a9a4cb8574bba06f9600014c988c5669dabaab8dbcdf09f494fa93fe9184dba440fd7e35a5e1cf5c30dacd45971998f88f66c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
576c4bd13e1c5cea5b6425a02e3b7e4b

SHA1
9a1b5e6b1c3b4df77218ec37f4ea3f482826a268

SHA256
03d903a4a9e7d03d9add7f4d63431074fbb787ae2b03d13a08c010a3ea072bdb

SHA512
dc732c089ed000f6792a1c9cf52594e5797d872120aaed9aa9ce28fc3093862626e0758ace706bbac97c213abcd72805911c9571d652f0ee4c2fdb17d0a7958d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
64f9a57510c6e31cff7522f28cf68c93

SHA1
91a5db4347666c811114068e63651a861a256f4d

SHA256
05a99938e9ea68951e5dd4e0a494e23fff667c58e9e20dd56977418c7ff1c3ab

SHA512
501c3c0703f6c1d3731f7642ba001bf738e7cfde21c63be09a202951714a8c01856a820b2a2f544b96bf6dfb235d978c9bcce7616312e2792327efed93956421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
ab8b6a89925fa30c3ae44493ecb02394

SHA1
473eca0ac5fb628f39c18a47c5b457059073eff0

SHA256
925b502ef63afb49d45cd081736bb674f00a35e7f2604959375fa27c8ce83ddb

SHA512
7373e48b0bf56866b27ddcc5f0884e0c6997bd8cfd055480373a0c0c5ed281ca54ef151b359f77ef6dc5f0489ce6f6e649f1e6b56c33098dbadc6ea02fb8c08b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit