hxxps://tracker[.]club-os[.]com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=414chestnut[.]com/minde/css/sdnfkjdhgkadshcafasuhgd/bjdyskhdufasa/jsfdkgfhsdafghjdsfisgfusdfdagfidhfsdgcuxgcjhdscghdsj/839/qdj/eW91LmdldEBjcmFwLmNvbQ==

Analysis

max time kernel
84s
max time network
78s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
28-02-2024 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=414chestnut.com/minde/css/sdnfkjdhgkadshcafasuhgd/bjdyskhdufasa/jsfdkgfhsdafghjdsfisgfusdfdagfidhfsdgcuxgcjhdscghdsj/839/qdj/eW91LmdldEBjcmFwLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133535716312925273"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1440	chrome.exe
1440	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 4804	1440	chrome.exe	71
PID 1440 wrote to memory of 4804	1440	chrome.exe	71
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 1076	1440	chrome.exe	75
PID 1440 wrote to memory of 4340	1440	chrome.exe	73
PID 1440 wrote to memory of 4340	1440	chrome.exe	73
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74
PID 1440 wrote to memory of 3520	1440	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=414chestnut.com/minde/css/sdnfkjdhgkadshcafasuhgd/bjdyskhdufasa/jsfdkgfhsdafghjdsfisgfusdfdagfidhfsdgcuxgcjhdscghdsj/839/qdj/eW91LmdldEBjcmFwLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff952b19758,0x7ff952b19768,0x7ff952b19778
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1752,i,18038606448608902767,17285629030479430229,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1752,i,18038606448608902767,17285629030479430229,131072 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1752,i,18038606448608902767,17285629030479430229,131072 /prefetch:2
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1752,i,18038606448608902767,17285629030479430229,131072 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1752,i,18038606448608902767,17285629030479430229,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1752,i,18038606448608902767,17285629030479430229,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4332 --field-trial-handle=1752,i,18038606448608902767,17285629030479430229,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3116 --field-trial-handle=1752,i,18038606448608902767,17285629030479430229,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1752,i,18038606448608902767,17285629030479430229,131072 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3140 --field-trial-handle=1752,i,18038606448608902767,17285629030479430229,131072 /prefetch:8
  2⤵
  PID:5032

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5c80836a-4b65-4b03-b336-74f3edfc5559.tmp

Filesize
130KB

MD5
eadef66a2209a2cfc69de283206af8a6

SHA1
fa6adc59732f0f421584f5fc826e64c884244f67

SHA256
148e9e1d771040ade5e168788ff15908e1e023975a4a12843ef1394b31a46f61

SHA512
cd30f6afdb1884d3507db07b3dd75166d7c6743ac4d32c70ae12664dbc2f0417183fe35c41805426a824003e63047e30a59e1c8092e95ac926f5d88d9f2febca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3bc162b67e59c4a7ae6c3426d2e6c55d

SHA1
f89f93acc3217905645173e020eca9298fbe9d6d

SHA256
ccb8e74a7aebb131f1422cdb06b5b60d117d4a18333304e71ba4bdfe5264e7b8

SHA512
ba1255f5edde666b358dd996650ddd32e37cca7a21400a9367b7f3750b18b72a35c0b85ba663d168596252d52b77113707ff427562bee5560a17752e0af9c6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
70d882486387640eb91fed7a9aa4bbbc

SHA1
e9f066ca32f6d2597548a476ade6439549ebd803

SHA256
f569c3dbad8e83757af5e279643757cf4f9b4de782534ae24585d6320787eff6

SHA512
a8ead0208e10d011c3bef871708d245f3874923e61889a5038fe7e524a43e1719b4c0a2109fb5b26ad7a60b12ea8867c9942f1d29f67d2d2be69a3d84d93c9e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
79a4f1cb615b6e0a6f01c0827d3cf749

SHA1
83f0079b758b7fd2f88d090a1566e8b3eefee5f5

SHA256
9e58fb1b4f0f5f45eab7e5bd5684d5fa920afd7d73d98ae2b4882dbaa5c9c8de

SHA512
b892c4c7d24ce461c127249c3179483a3da317570815a4b4a3a5ac82ac39e783a5e01b0156f29f84165ab71a2c79225e4c0e184154eaa0a78cb7710ce264fff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7b1d711ee64c0941f05016ae1abefd9f

SHA1
ec7c2bb361fe906d31c7c087a3b4f9257476b334

SHA256
33d56a01731f79869bb5f2cbc016baaf796fc12133dcddfbc6485a698968a0c0

SHA512
215f5ef71cde031f24a48ec774eac3a7b78c1c7eeedadf146721b33bf46c1a8fb824f214fc916e73f84dd15ea270e1c4b3454676a6aaa716106c0fab8307e203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit