hxxp://burgs[.]io

Analysis

max time kernel
149s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://burgs.io

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531071524789142"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
540	chrome.exe
540	chrome.exe
3080	chrome.exe
3080	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 3512	540	chrome.exe	56
PID 540 wrote to memory of 3512	540	chrome.exe	56
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 636	540	chrome.exe	89
PID 540 wrote to memory of 1528	540	chrome.exe	90
PID 540 wrote to memory of 1528	540	chrome.exe	90
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91
PID 540 wrote to memory of 2236	540	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://burgs.io
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa48d9758,0x7ffaa48d9768,0x7ffaa48d9778
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1868,i,9615043408425261355,7549726470844299870,131072 /prefetch:2
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1868,i,9615043408425261355,7549726470844299870,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1868,i,9615043408425261355,7549726470844299870,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1868,i,9615043408425261355,7549726470844299870,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1868,i,9615043408425261355,7549726470844299870,131072 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3904 --field-trial-handle=1868,i,9615043408425261355,7549726470844299870,131072 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3312 --field-trial-handle=1868,i,9615043408425261355,7549726470844299870,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1868,i,9615043408425261355,7549726470844299870,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1868,i,9615043408425261355,7549726470844299870,131072 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5112 --field-trial-handle=1868,i,9615043408425261355,7549726470844299870,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2232 --field-trial-handle=1868,i,9615043408425261355,7549726470844299870,131072 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3552 --field-trial-handle=1868,i,9615043408425261355,7549726470844299870,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=744 --field-trial-handle=1868,i,9615043408425261355,7549726470844299870,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3080

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8749ab4d7b80a9a0da6da25c2cfd5082

SHA1
9aed74fbd8e3f7b0d0e846b2ffa33ce41b07413e

SHA256
ed9019a7dc2ed73f21de922edcc79f5df2a1299e760b9ad2cbae330b9ace3a0f

SHA512
8c1c8d674753ab605e7a299cd4373d833a5c2d6326d297456938a388250ad6fa8e1c8cf93769aad1b0c506c1823b114cb67c1607dedc7cd9ea7f7d462a6b19fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0fa6339b7f29caf112d984bf87aceee4

SHA1
7ebee5ab0ebecf755bc5c7f84a2a798d949a5b29

SHA256
d9a0cd22a8764b891d2fab2136ee8cbc9701f0e6093b39bf0af9d9e325eace0c

SHA512
4f47d84a77b2e42f1bbed037907f73d42adb7b713fdd5b4f6560587730a896d399197f3020f9b3cb792d8c296b05c155cb7977480bce6117ece9ec53a0cd54aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
30eeaab23075326ba4498d2ffb80c9e3

SHA1
cbd3d0fc91b280191bdba348aeb1c3e67b0a0ea8

SHA256
a12760f6bf8ea3386a6a6610f9f7b06f15b8a7da70a2cf0dcba7da8c2b9bfc69

SHA512
86bda5976e1577e3f7356957d19c3a5870989157dd6ed09e0c44c046e87fc7e60f01ff026d5542cbac2737353ed8c9d78458e57a04e65e12a3a4e181fa67510b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
2677432b2a4fca35663074845f0dc1e6

SHA1
f1013f9e32bb2bef05ec09bd54339c8f63a0cb0a

SHA256
b6e3088619d3711f4b2f570748cee548c6be2657f3bdb845f4109a2909ea0bae

SHA512
8d2675e0daebb99fdd64cb42630bc3931c80e0ad9b6637ee84f5d0b5008c2988419b7e7b788a4ac0eae3a85b0e52ddeef682ab1adbb6432f59af09f7efad41ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit