Analysis
-
max time kernel
59s -
max time network
52s -
platform
windows10-1703_x64 -
resource
win10-20240214-en -
resource tags
arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system -
submitted
19-02-2024 03:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://200.197.79.204.in-addr.arpa
Resource
win10-20240214-en
General
-
Target
http://200.197.79.204.in-addr.arpa
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133527858546664360" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 428 chrome.exe 428 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe Token: SeShutdownPrivilege 428 chrome.exe Token: SeCreatePagefilePrivilege 428 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe 428 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 428 wrote to memory of 3204 428 chrome.exe 75 PID 428 wrote to memory of 3204 428 chrome.exe 75 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4896 428 chrome.exe 77 PID 428 wrote to memory of 4976 428 chrome.exe 79 PID 428 wrote to memory of 4976 428 chrome.exe 79 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78 PID 428 wrote to memory of 4820 428 chrome.exe 78
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://200.197.79.204.in-addr.arpa1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:428 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb56699758,0x7ffb56699768,0x7ffb566997782⤵PID:3204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:22⤵PID:4896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:82⤵PID:4820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:82⤵PID:4976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2652 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:12⤵PID:1636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2644 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:12⤵PID:4996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3896 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:12⤵PID:2528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3076 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:12⤵PID:4576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:82⤵PID:1304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:82⤵PID:5052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4480 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:12⤵PID:4712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2900 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:12⤵PID:1776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:82⤵PID:1012
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:820
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
194KB
MD5ac84f1282f8542dee07f8a1af421f2a7
SHA1261885284826281a99ff982428a765be30de9029
SHA256193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0
SHA5129f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82
-
Filesize
168B
MD57c7743e2eddaf7b6aaccf95577b4e389
SHA1ec5975fe60b86812f5a03afd3295277cd0d3c8a8
SHA2562c9ce131b961aa0a39286f02be470fa99acf37429bc4ba7b7cfc42d05f0b6896
SHA512dc22c28a1d5759fe912172125d5c3df04d31e6a501171ac23c99dddbde462edabc08e338c7f29d79017128a8ba4f1b2be69d17744e51c0e7244dc0314cdad6eb
-
Filesize
371B
MD59773f86a1c994b5f7c8d58b62daab84f
SHA19122c12964caa066e5da5a499341c079556b3845
SHA256d1b98d50f684253e91b22f8e222cdc3c2048f5d9cfc7ce6989f29cf6506bccec
SHA512d611d349811025f1d9c9204276478935273414f991fced87a9453c0c6de2a8a71f51a7ef0bb9ad6061a86b8f627134f081625de089d4c1adff729965643eec9c
-
Filesize
5KB
MD5da72473c3073f6efd1a7f30c3bea10fb
SHA1da02428552f7db958e5aeb063905d004540c7150
SHA25630b9b424e9e8dfffd891d70b55336aaf004d16826e88aa43270a87ff82c0439d
SHA512839d1742fa7ad7c6e099ee69a31b6848c77cc52e022256b2d12fa0f783c8bd89b2d28888843b60e28112fb7d1dae00100d0a65d20b2319d61aa82737c782f218
-
Filesize
5KB
MD58b7d08cedc32b2bb20804fc9f5ecaa70
SHA1db17673edb2cd5ad96bed56f025e9ef81d40d8b3
SHA2565e6ecc2e93c7fdc1d894f3af138f4f192c10a77da9dc1f8d37c6fa7c789c9a99
SHA512a9c7f9e0c3e1ef13641e37fa253ce50cb6d13b4bd24ef34f332ad8f16cfddf83245d8145c5dcd71c836548d535ff17473b484c256f959739899221e979afda45
-
Filesize
129KB
MD5f1f27eb8aeebe7ef0fb2b1d4386eb664
SHA156bf0dea5722d4669c8d5f8e5937a2e561e77bea
SHA256def6ef53b3336e3d90805dc392f75dc5f684a9a3f48de37924aef9bff9276e2d
SHA512a877b40ecc1c9355422879003b1cd92572ed4d38a5fa66ed4557a0e8496a9c660db764d7e511c449845677be38a178ac2a92bfa42749257b29572885825fc05f
-
Filesize
93KB
MD579ba91f089daf574d86aa022639956c7
SHA1b458a8bbaaeb9b87c127c3db21eea697e0538687
SHA256461573c10d1a94030eee84cc0b5c664cdd5de26627dfc4abf27ae572eb102424
SHA512207402a04d33176081e5e4704c243707fa90c42759cae8c920ba858ff19ce9db6a3fee27e8101a49431ce9563986c38a184d04c022d2fdd64210661280a76709
-
Filesize
91KB
MD5483fb3196aa24de90ad21becb750d114
SHA13df5c8d7d6b1a64a80d788e9fa3a1073d0665f44
SHA25683a2d3bb96c5c30d3b75ba1b4ec99a0ad8a5ab3cb851355100fc9cf96812ecfe
SHA512646e5c3f26b4b9e99fe65633f77168e338a7f325b0f60e7bea456cf3a092e3d8c216f087f9cb6e30a9614658c1003be2a99a5d5c00d9118e0fd56e79ee27d0a3
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd