hxxps://simplaza[.]org/aerosoft-offshore-landmarks-north-sea-v1-2-1/

Analysis

max time kernel
32s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://simplaza.org/aerosoft-offshore-landmarks-north-sea-v1-2-1/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133535307742785034"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1632	chrome.exe
1632	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1632	chrome.exe
1632	chrome.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe
Token: SeShutdownPrivilege	1632	chrome.exe
Token: SeCreatePagefilePrivilege	1632	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe
1632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 4152	1632	chrome.exe	54
PID 1632 wrote to memory of 4152	1632	chrome.exe	54
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 2824	1632	chrome.exe	90
PID 1632 wrote to memory of 588	1632	chrome.exe	91
PID 1632 wrote to memory of 588	1632	chrome.exe	91
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92
PID 1632 wrote to memory of 3832	1632	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://simplaza.org/aerosoft-offshore-landmarks-north-sea-v1-2-1/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff27d19758,0x7fff27d19768,0x7fff27d19778
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1896,i,1150228217293515491,8411770921845101003,131072 /prefetch:2
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1896,i,1150228217293515491,8411770921845101003,131072 /prefetch:8
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1896,i,1150228217293515491,8411770921845101003,131072 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1896,i,1150228217293515491,8411770921845101003,131072 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1896,i,1150228217293515491,8411770921845101003,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1896,i,1150228217293515491,8411770921845101003,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1896,i,1150228217293515491,8411770921845101003,131072 /prefetch:8
  2⤵
  PID:60

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
298KB

MD5
55d7828183eb4d45b35783ccd4231237

SHA1
c3e4e73c70fdd1f7e1e9568ba0050a46ee66be48

SHA256
8fb83b7c9c0e0e341759e6c91da5b8de92d7206b82c3291c982c40ab7d748041

SHA512
cdbc5a12931a13ac1047f485280b867cbe45308b6bec395b31eed5b3219e04acf941a6003b8c264476d1101bef42a480b01cf9a33afb6e7781c855b1d309f751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
16a76e4a150f499f447a1af6bce89d14

SHA1
706881e5ff4a62e1a6a66251474bdd71d650ecc7

SHA256
94dbdf81ea3eaa26048c7b62e1095a603d3bb69d58e455c2e5b8c05810b6a727

SHA512
7580baa73a34998dcbb86b2218e64928bcfef2ca867bf68122fd7208a896ebcb7cd32ee8723636a594832340d4edb551cf8bffd793cf6c69ccd0cdbb58e57170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0f70aa39ebd57ec73f5d78336dd5da24

SHA1
87f9b21417830323fd3da1b7c83720158fdd086a

SHA256
225ce76a87077a226d54b7168c848447b9e7acd279dc4c6f98f9e42e56c03f33

SHA512
939d33627c64e7ecb80958d594425702997dfb4c50c6d910474db0d434f5343b4dfc81cb857a48f5525c3c59f2ce8f539b8494bd0c91ea5fb8f9f405141b3978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
66e773eb45da4a24a891052913fb2127

SHA1
52c82712d578e60516898222c3b2eb3103a2506a

SHA256
f358a3adfae1158df0afad9fe51e71636eb79a5900fb867f9834ebba2ae6ea18

SHA512
de517a852c8e293a71be7030221e550cabf06f692a132efb5b70e503a2b643429768553d62050595a371f7451c5fcd2e9a6b4d6e2b22388996c18bd636697d4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e0e25dbb70dfb12d60e2447739cda1f5

SHA1
398fd48a30809220792abe31c4592e6a93b5a7fd

SHA256
0c6f292d1adb51ddca23edade51f7604719b77669a1ebadb74ca8bbb4a5a0624

SHA512
83445ed39a53b6dd9a4e9eafbbb110309e4085afba1545adea792e0fdddc9af71d5d6159cfec6960e6c5e3a391d201f03f2ec43c3038847db0c8bf1199ab8702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
004fa429d40c586d5ff4b536fefea7fc

SHA1
47ac1a30384733686743766f70a7327b1833eb24

SHA256
5793c1668a2ee21f29d58112fe7ef44c596b65d669cf77a2f5d2ecfedc2c3d1f

SHA512
fb61708db6f0ce233c4df213c83f737332b7f0c630840b50460b6b13130193c912cdf36c22e90174a9f0ca4641dcb813d12a93c57dfbd4c9ab47762aa6d36c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
dce3fd385ea39a999310102a2977139d

SHA1
333f00a20f6036f3167f375dd648c99faf1b21bf

SHA256
b672860eb84a1ae54bc737019c69a21520754ac57bdc7e79338895317d8e7bbf

SHA512
acdcaede7a9462bdcd4f92c6f3df037f95fd7f472c329569d783dc7a309d0636370a7ca0bb642fbeb9427cdb2368f66c36fab059d9ce8fd3c20c89393d7cd661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
a0f520f95ff9a40061fc403ba3c46c97

SHA1
6455bfe1dc75fa6ba475e8228b5856caa8acb3a3

SHA256
35cad2121ddfc809d06e9a58a7a3c1b5cf0a85cd323ab23f4f3e0aa4fd052b0c

SHA512
03043a719a85980d011acba0810a8d24f3010feb062896a750bf605602b1b505a211a8ef4eb46686826148fb1c9c37b8bf90041c9fca643c916a0106d30e83ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit