hxxp://192[.]243[.]59[.]12

Analysis

max time kernel
150s
max time network
149s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
19/02/2024, 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://192.243.59.12

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528347324308981"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4816	chrome.exe
4816	chrome.exe
3324	chrome.exe
3324	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe
Token: SeShutdownPrivilege	4816	chrome.exe
Token: SeCreatePagefilePrivilege	4816	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 416	4816	chrome.exe	14
PID 4816 wrote to memory of 416	4816	chrome.exe	14
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 2924	4816	chrome.exe	36
PID 4816 wrote to memory of 4940	4816	chrome.exe	32
PID 4816 wrote to memory of 4940	4816	chrome.exe	32
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33
PID 4816 wrote to memory of 4144	4816	chrome.exe	33

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff930c59758,0x7ff930c59768,0x7ff930c59778
1⤵
PID:416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://192.243.59.12
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1792,i,4097654910864011970,17178100184256211683,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1792,i,4097654910864011970,17178100184256211683,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2672 --field-trial-handle=1792,i,4097654910864011970,17178100184256211683,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2652 --field-trial-handle=1792,i,4097654910864011970,17178100184256211683,131072 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1792,i,4097654910864011970,17178100184256211683,131072 /prefetch:2
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1792,i,4097654910864011970,17178100184256211683,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2684 --field-trial-handle=1792,i,4097654910864011970,17178100184256211683,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1792,i,4097654910864011970,17178100184256211683,131072 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3224 --field-trial-handle=1792,i,4097654910864011970,17178100184256211683,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3324

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
90f32c682a452546b96a9573faedf512

SHA1
412d80365e93c557aca3ba264ad235b8a75a2924

SHA256
2869025ee8b1923417bd07b88f634d6982e59ce898f06a70599144146a1c656b

SHA512
e349954a1c27c9e1b0368921fd981b027f12922b7f89b7fe833e97db0b7d9301235d061ef3d706b1a5d32e8d6c49b343a42a24c221f82b57aff1ea04e4502516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3bcb97ac60285df01db82bc90fed13d6

SHA1
3cb19e58c6f99de9229e3d848366527b9320c874

SHA256
e63dc1f26375738984b405fe719d2f679395736eca99f1354b678b76b9b703f5

SHA512
9da404124da97d9e3b8bb9e4f47ab809db86b40523b3d5681d9ae128787dff6c111787e0264d687e28efb1e8063e8226e8aa8039ce07cab02753dd6875c48cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
aece3baa434ec30592d05e2607269748

SHA1
a75f1883dfbb817db5fca3855663a04103732025

SHA256
0947dcab9e3eb3d284e7d0ad9c870e932e5b6a236b19a3709af447f58bf35773

SHA512
be333bac0df7504c180707467ce8a14aad3660c344d5fe13c1b689c4a82e6214dfa5846a26b6bdae6781c82c24ba26e46536e711b5263b02a940321a80123d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
caca9c0f40e9b69713761f413181248d

SHA1
1e43fe0edeb4943712ab4a266802a6d85d89b0b5

SHA256
f66c026f22e3161f26a0e14ed6715fee082306a2ee0b25736eb73f6bc4b14d7e

SHA512
c6266ce264f7c684e19dc6da88ebc1fcaf21aa2bfbcd335f82a4d8084efc7a3ff11086cf686c11c4e42afe2e40aa7b7dede9dcc17b7984eaf831dcc654c71ce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2001ddb449805472984d8f8f79c6f0b4

SHA1
6f797b638db61d11e82b04fa6dbd98651d3171e3

SHA256
15c54cbbd2b26082086a776904bbdea59bfa6e4808bdabadc83f58eb7061fde8

SHA512
cb681f0dc32fa7c7fbeb2505b2a35f1901267b9ba8aa6ce0544160155a74f8773c60a49c4150819021299e60f8eeab3c309d287c9d0a5a0fc13ec8c808ecb30f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
53d4cf68ec27721ced0c99652de00c4d

SHA1
b009e337095f392b896e301b1cdfd0ae1bd0020c

SHA256
aac097b6c257409d9a6b223fc41a2256d5c1ca3d390b6f93d7bc58296bd93f22

SHA512
a92159bb0a9252ccd8c8dd85ece0b58f8974431054d1ab2aaff53fe45a009431364ad17c16ac1b7235bb452a5c5a3e1bb8a11ecaa151c7b821ddeafa32b248b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
78117421d8fd05ec5f5d8e0f0dcafd0f

SHA1
c8bb1666c2e5ca5b3ce05bbb28daf686a128d04e

SHA256
49155774b8fcc3abfe6008b4a4bf749935e0a664e7a9ca019068f9f7126554e1

SHA512
af9b968373e52d2266fb3e7bbb2e452c36ea2556687dc383ea5d0676148551bcfc049ed2f946a921083a219a4d946bfde463c30e8e47bbf3cbb0b0b4ed7eefc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit