hxxps://www[.]gloriousgaming[.]com/

Analysis

max time kernel
599s
max time network
604s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.gloriousgaming.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529374518119383"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3672	chrome.exe
3672	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3672	chrome.exe
3672	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe
Token: SeShutdownPrivilege	3672	chrome.exe
Token: SeCreatePagefilePrivilege	3672	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe
3672	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3672 wrote to memory of 1724	3672	chrome.exe	84
PID 3672 wrote to memory of 1724	3672	chrome.exe	84
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 2256	3672	chrome.exe	88
PID 3672 wrote to memory of 5028	3672	chrome.exe	86
PID 3672 wrote to memory of 5028	3672	chrome.exe	86
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87
PID 3672 wrote to memory of 1680	3672	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.gloriousgaming.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5f339758,0x7ffe5f339768,0x7ffe5f339778
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1908,i,7226050469323860154,4842070007027732765,131072 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1908,i,7226050469323860154,4842070007027732765,131072 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1908,i,7226050469323860154,4842070007027732765,131072 /prefetch:2
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1908,i,7226050469323860154,4842070007027732765,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1908,i,7226050469323860154,4842070007027732765,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1908,i,7226050469323860154,4842070007027732765,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1908,i,7226050469323860154,4842070007027732765,131072 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 --field-trial-handle=1908,i,7226050469323860154,4842070007027732765,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4bdcb70a47aa85815f4ef207f50ebd91

SHA1
a17c9fa373dfcba50f4e56fbf1bb9366a9aa35d9

SHA256
6c60593376a1cb64789012a247d71da19eaaad3fb9871ae21b2f7e5f66971b27

SHA512
3a7540fb952dbbe82736ad959c780f428278f29780952bae0860db5d50f14b0fa68c5c1dbab8567dc4c4becfd2f11ef335b051a6e205aafa5d52c6236978e2ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
c915186a8fb6d8da5263c1b7dd3886c0

SHA1
1a3ccdf2953a4e1379a6f7889f4d4f66d42b66f6

SHA256
f8e4156301fbe503f5045a9aae7705886db3419e36f76bbfeb4b2d0c5a4946bf

SHA512
dca27cb5038084cbcb0f53d380c36fe003afe3c3c58516e00400c190e91d252f0d287ddd146be329740cc80fee07ae26924fb943055b2f16312f8d0df44d06a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
350c09b4554dab7bcf8c1acbebe7a834

SHA1
6f83992af234821de3d2bb4333f59d5cf4665222

SHA256
fb28f06b921ff6cd0d7181f67a018efbb01de3ddf856e696657606fdcec9c2e3

SHA512
1e9bf11d8b3583c6627788eac41644a4914f9f71ce73aa9335f7f544274117756a568b75a2bde82dbda55de50c1319718a851b5ce11530acaf3699672790a345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5c3b5dcc0185d3c4f749401624d749ce

SHA1
43f7a2508495aebef3336cc5baa1088f27e4ef5f

SHA256
0044f6ec54e8b77c5b4e053532d9047e3ae76d010293b584af73d6e58b70cb6d

SHA512
9d472dde8da6daa45aab47aeda100214824e686db3f22a185cc2b5d1de5fc644c0f1b0205f458385abaae9f69ee268cf9043a1ccb0a54dfe43b8ae99e273ad42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74a21bd6f27385503c5ea0c7d0642719

SHA1
fc25d7e9b953599f0676a973808f82ad9f1b13f8

SHA256
51e96e9fcf68cff3568c3e65cae71cf195abc8588301b3625c5ab3e5944a1ceb

SHA512
3d227799aa25f5ffb9190ae9ec9e0932a3c6e63ad24b5ed68b996b8abb019a8a0df99a4c7640186e7c4226b90c826cbc28feae207cd678182f6f6abb164d3447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
d8e9cf92d5ca5e4275adb545ff2bfb55

SHA1
0ffd131a0546fd6412d1abb5ffe28218a3492404

SHA256
e42641e52459cd0b0fdb224e91733a4e1bc36f1ea031ea7f568b7bed868efa86

SHA512
09661bd47450a4e562b0ac6b9299d55719af5623fefa8759667381b886244f25719198e52d01f98eae51ae2f1d2e5fc1669295a156d9249809a4cf953d825b8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit