Resubmissions
20-02-2024 03:51
240220-eeqv2sae5v 1019-02-2024 21:04
240219-zw4tfsdg32 1019-02-2024 20:59
240219-zs65eadb5t 119-02-2024 20:58
240219-zsep6adf64 119-02-2024 20:55
240219-zqfvfadf37 10Analysis
-
max time kernel
599s -
max time network
596s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
19-02-2024 20:58
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://141.98.10.72
Resource
win10v2004-20231222-en
General
-
Target
http://141.98.10.72
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528513939704092" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 1976 chrome.exe 1976 chrome.exe 1120 chrome.exe 1120 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 1976 chrome.exe 1976 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe Token: SeShutdownPrivilege 1976 chrome.exe Token: SeCreatePagefilePrivilege 1976 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe 1976 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 1976 wrote to memory of 4136 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 4136 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1876 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 4840 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 4840 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe PID 1976 wrote to memory of 1572 1976 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://141.98.10.721⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbda19758,0x7ffbbda19768,0x7ffbbda197782⤵PID:4136
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1928,i,1150713926706619495,4047433867834376362,131072 /prefetch:82⤵PID:4840
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1928,i,1150713926706619495,4047433867834376362,131072 /prefetch:82⤵PID:1572
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1928,i,1150713926706619495,4047433867834376362,131072 /prefetch:22⤵PID:1876
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1928,i,1150713926706619495,4047433867834376362,131072 /prefetch:12⤵PID:2280
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1928,i,1150713926706619495,4047433867834376362,131072 /prefetch:12⤵PID:4620
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1928,i,1150713926706619495,4047433867834376362,131072 /prefetch:82⤵PID:1668
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1928,i,1150713926706619495,4047433867834376362,131072 /prefetch:82⤵PID:3656
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2372 --field-trial-handle=1928,i,1150713926706619495,4047433867834376362,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1120
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4972
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
114KB
MD512e49e664782c78e69763ea61f114e8e
SHA1bca0226ab9f8a90dab5e27fc2664621a2d0f87f3
SHA256791737d350afc608d8110e9ccbabf1aad32cb77a4223b1a2f84d90f78d8480ef
SHA5128ebda670eef76c9a4c1f75d6753b7f10878ffd37e748929b4e8de2ef49a32ce65f9d8afc606d74210ca864230337897d1a6cfbb744b826d91ba4e6e39ace695c
-
Filesize
1KB
MD548bf3b33c354eeb0f5987ce609eabe41
SHA166ef2a8fdc2ad74e6869cd40188ab672100617b4
SHA2564c4535908bc7bd2041be7f21aaf628bda9c3e8f54d3c75df0e3a1003b9500378
SHA512259ef53d9e675269b468666624fa88020860f9d745306cf0a5e8ad039be62d8f9ff06b8f2a08c0c55e98b219382fd5a547e8f4016338b9e9326f55a714917472
-
Filesize
824B
MD52d20137b47e8fc7e407a5c164d271e71
SHA13f30cf026e535f010556fcecff19843d5c084f77
SHA25648dddf25484cfafebf8fe960d6abae16f9501bacf1e3e286ec5cae61caf82b01
SHA512d1edad9021c7abf6757b03719ea9a37ae0c3fbc55c98b0680a2a34e5bcfe377c67470c1690720fe7bb980f257d1f0f9e90d857d474cf8956d3d37935ab0da65f
-
Filesize
6KB
MD5d76c5c1098c51e55cfdf9e770d50a379
SHA122c8613e86e66f7091498e14786292071803fb11
SHA256fdadd9cd4e01c788af475f8793dad13a2cefaccdfbe127e08407192dc46826c6
SHA51226780bcdfd37e800808abac476a0e47d5fd83b693606602fd349773daf3a96e9ccdd8d9ddec0577a6f44042532ae96cd06dd8e7a2d3062dc4d4a904f2bd246b4
-
Filesize
6KB
MD53fba56a540136b508c882e5a2ed74c08
SHA10780207f7e114c7f9afb255cf03e64496928711f
SHA256d2da35fb722d9407abd0f40c16d4bd79ab1fea0a40f68da7d96b1fb9c6375aef
SHA5129bacd97017e0933f20fcdf0482b26e88af17f83a7a0eb998f902b9f9b37fc0ca53fafdc3544da2a63d62e8f4a30de3611cf7ad068cb371d75407beb8e3c76f76
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e