hxxp://www[.]elektro-stoerzer[.]de/&token=10a017ff-4158-4e04-b68d-2e14ff3bd4d9

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.elektro-stoerzer.de/&token=10a017ff-4158-4e04-b68d-2e14ff3bd4d9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532534218500323"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
3188	chrome.exe
3188	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 4524	1176	chrome.exe	62
PID 1176 wrote to memory of 4524	1176	chrome.exe	62
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4268	1176	chrome.exe	90
PID 1176 wrote to memory of 4076	1176	chrome.exe	91
PID 1176 wrote to memory of 4076	1176	chrome.exe	91
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92
PID 1176 wrote to memory of 3096	1176	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.elektro-stoerzer.de/&token=10a017ff-4158-4e04-b68d-2e14ff3bd4d9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef7619758,0x7ffef7619768,0x7ffef7619778
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=364,i,15159796251670231744,7002798433834659736,131072 /prefetch:2
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=364,i,15159796251670231744,7002798433834659736,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=364,i,15159796251670231744,7002798433834659736,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=364,i,15159796251670231744,7002798433834659736,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=364,i,15159796251670231744,7002798433834659736,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=364,i,15159796251670231744,7002798433834659736,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=364,i,15159796251670231744,7002798433834659736,131072 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=364,i,15159796251670231744,7002798433834659736,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2552 --field-trial-handle=364,i,15159796251670231744,7002798433834659736,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
33fa1da8acc4f77f6de4a7af24c515c0

SHA1
4133e306b7fca8941f83f4da438c309b305feada

SHA256
fe9ef770400bcd9d2bf839f594ce1008d15d334ec825778a4e4564d7bf4ffeb3

SHA512
8d4c51aa62abb6956626f64ac434a8ad94eb3c655bf6139e5a870b8f6b1f7523106ddaa3db6fc8f6951c0be4c0fdb1c79a590e35c18c8789b1ea39deafd06885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
de6fd04cf28706dda95939025d414894

SHA1
9b6d9f91cb98010357ff5863871cfc93f85fe3fb

SHA256
244c4921eabc36a51d515bf509ae8b9c6fa000dbd153b19fa7ec7ef4ed829150

SHA512
a67a89504c443e108576bf7a80156a17c21dcb7380c0521406153465d4622276d89e133a47cd0ab27257ae78dc0385526bfacf5f153c3dcd6fece609584aea11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
cf34fd491c9d380cadedc18fb44d8a46

SHA1
6dc8e0b215bd95a848ce20b70db64548de073880

SHA256
109bf3654764998914e8a8ba99f5a92d22b95abe0188d83355ea059af5673294

SHA512
cd999b121a4fa01a4339f37af56a85f11bcfc90bb62c5cf225c5951e4b427f38da450b609f886f596e218c504fd22b1d216f47397287bfe0606f8fa3bac5f698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
802f04bf889dc96c8788b1fcdcb62151

SHA1
fe3cd4deb9f8fdca2a3cb94fd2f5593560ebae27

SHA256
1c4d6a9591df48915d797b01194d1dfb897b094fbfcc1dde77e8baefed457ae8

SHA512
b40ff0ac6eaabb93ef7aec45ef69a06dc119ef6e7dc1cf2a328e9b00ab52eadb0e3cda94566bc6762f4b93bb697ba816d077b34e4b170ab3a369bfc723631481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
60146e15ef6ed415f5b16a28d46561e3

SHA1
141145fe2af191b9915d0ddd806a2115688356e7

SHA256
b76b0f9fbdfbd3d07ab3a38692033e8b2d5a4f87f8746e34310cdfc34166e3fa

SHA512
fdfcc1d44d1db58200740e27c9089489bc26d3562d2a6da8c906c218e4aca6f00a1e69d4c539baa7140957efb9a689f6f61bb4039d4f66c5b412b3de0ab192e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
bd73d9e569be42034ed510cb4dd7d270

SHA1
4c8fd70f1554b8120dfeaecb65f5791e571481a5

SHA256
1880f26df0a47bfcd15c8dd3c16826f59dd64574f1f04053df73814cddcc775c

SHA512
21b0e77ae459ae3d42a93f1a928af0c2f180cd9e53f67731b5b568cc3525eaa88c8f1a11c46d8909ed99fa932303506892be05ef259344e645cac14dd0a4b612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit