hxxp://www[.]hcsolicitors[.]co[.]uk/

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 09:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.hcsolicitors.co.uk/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528083981043614"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
752	chrome.exe
752	chrome.exe
4312	chrome.exe
4312	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe
Token: SeShutdownPrivilege	752	chrome.exe
Token: SeCreatePagefilePrivilege	752	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe
752	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 2552	752	chrome.exe	84
PID 752 wrote to memory of 2552	752	chrome.exe	84
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 1332	752	chrome.exe	86
PID 752 wrote to memory of 3016	752	chrome.exe	87
PID 752 wrote to memory of 3016	752	chrome.exe	87
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88
PID 752 wrote to memory of 1844	752	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.hcsolicitors.co.uk/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc62809758,0x7ffc62809768,0x7ffc62809778
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1872,i,7424223378044552984,14552667777758102348,131072 /prefetch:2
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1872,i,7424223378044552984,14552667777758102348,131072 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1872,i,7424223378044552984,14552667777758102348,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1872,i,7424223378044552984,14552667777758102348,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1872,i,7424223378044552984,14552667777758102348,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4696 --field-trial-handle=1872,i,7424223378044552984,14552667777758102348,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5028 --field-trial-handle=1872,i,7424223378044552984,14552667777758102348,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1872,i,7424223378044552984,14552667777758102348,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1872,i,7424223378044552984,14552667777758102348,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 --field-trial-handle=1872,i,7424223378044552984,14552667777758102348,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
7a404e7810abd755f06da61544d9d1f3

SHA1
430dff562666dafa4aac0e79f6736ee5a9ef1d71

SHA256
dbadcc3eb7aac224d317bc7a18546b1b114a3dc09280c790d4dd4a87497a5953

SHA512
c6d54dcf65a3fa556526b25035794fb9ac107cf69f99faa2520baacd7e797ef0605feed0cbeeb14d2126a795b5e67011b7ad819390b48413ef4cf341f74cfcad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
89782e4652f872bd53cadeeaca349aa1

SHA1
b1f544ceccce63d45145a5b26dff55df98646ce5

SHA256
7336939d63363b93568b7ff8b7ae61717aad64dadd39103d7662146533048233

SHA512
8f730b2ce43a8195e13e6c3b2def650ecc44b2024fd1ed5bbeb1f1443aa10d34c1725cd0e5da2456dd93492b8d706a88984560ae014be1559d1bff1b2adfb879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
7d7ef3857e608e60f15fe5a68901f05c

SHA1
9a3be498291453fd4cbfd96b3e32be2bbd70f313

SHA256
d385bdea1b28995df70a6ee1e43d9fa48cd75e6c4e63fd6b41769a2cdb7c135f

SHA512
0bf2b154502f1cfd18928a998be2953a53e9317d8a35c7afa74858d86ea8d61d9856975f506401028fa9111f24b2aa6fb87175dfd4bc56447afc0915db5887ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1bda3a6d7d469ee2b75a2ee8f02c3b3f

SHA1
e9423e038ec83ccc473f1268df0dda2a74c0b791

SHA256
de252df3610a0816eaf46ba959a0653424ee5d901cfc39f06f33e4e6fcc9c73a

SHA512
25e38bf90127c0819e615c22a9ba770b1a329a091d4dd6cd70c15627e2845213b3f38b9c058eb6fa301697d90750c3ef18fa1262aa34bf9f34b0b72f34601d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
e306ff11871fc0b96d76194549c2ee94

SHA1
19461fa708e9bcd925636cf5523b3ce010dc89d1

SHA256
7bf3de862a89a1f459e306c076ed645f73ae8bbac034c3feb0f27aa2bf25c9b5

SHA512
018f4970965471a4954f9d5c8d2ae3fab98ec4ee65e89efc5fa63f7af31ce2353ac4c25ddbfcc3fc536268bb18079b91f2afe8d6c6504417bcf1182b4692dd84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit