Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28-02-2024 17:49
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://bit.ly/42WwekQ
Resource
win10v2004-20240226-en
General
-
Target
http://bit.ly/42WwekQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536161893148257" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 724 chrome.exe 724 chrome.exe 1168 chrome.exe 1168 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 724 chrome.exe 724 chrome.exe 724 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe Token: SeShutdownPrivilege 724 chrome.exe Token: SeCreatePagefilePrivilege 724 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe 724 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 724 wrote to memory of 444 724 chrome.exe 66 PID 724 wrote to memory of 444 724 chrome.exe 66 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1792 724 chrome.exe 88 PID 724 wrote to memory of 1436 724 chrome.exe 89 PID 724 wrote to memory of 1436 724 chrome.exe 89 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90 PID 724 wrote to memory of 1368 724 chrome.exe 90
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://bit.ly/42WwekQ1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:724 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb61f9758,0x7ffcb61f9768,0x7ffcb61f97782⤵PID:444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1872,i,3497966289479599607,1453365555091980904,131072 /prefetch:22⤵PID:1792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1872,i,3497966289479599607,1453365555091980904,131072 /prefetch:82⤵PID:1436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1872,i,3497966289479599607,1453365555091980904,131072 /prefetch:82⤵PID:1368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2688 --field-trial-handle=1872,i,3497966289479599607,1453365555091980904,131072 /prefetch:12⤵PID:448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2680 --field-trial-handle=1872,i,3497966289479599607,1453365555091980904,131072 /prefetch:12⤵PID:4944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1872,i,3497966289479599607,1453365555091980904,131072 /prefetch:12⤵PID:1496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 --field-trial-handle=1872,i,3497966289479599607,1453365555091980904,131072 /prefetch:82⤵PID:836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 --field-trial-handle=1872,i,3497966289479599607,1453365555091980904,131072 /prefetch:82⤵PID:2000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1872,i,3497966289479599607,1453365555091980904,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1168
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3120
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD55433ede9a9653d5ce798a8ffb4f6b48a
SHA152dca1dda59bf66b7ebc210c543585b119d21668
SHA2569d8c2f34ad898c47545749ab4c1c5cb690558f7d00f77c2eaf3fb5bbf3c62555
SHA5125cd9030753368ae9b2f063b854fc30fdd0be036b3bc41f801d54dc78a847e63942edea600792b12b8fc38f175ed7bd3e29d49daf88ad1a07dec6196aa2345261
-
Filesize
1KB
MD5375f375aed0d84ce40af1ba2f000499f
SHA1350348dcbb91cf2f33d613f7fddc513132c74e27
SHA2561dbe8519ee82f2f869decfa5f4e22f0c238a89669d781b30e59b42510fdd1a65
SHA512418cf66e841e36e625e4c3e0c7f0c7b7ac3682adb51b90f91e19507e91513dcc728c098e7aabf0efe362f9c66fb3466c52831679d2cf59880231908b05c201b8
-
Filesize
539B
MD5f03efebf7b030c811079b8d1efc55de0
SHA18b6bd16ccfcb2004e62875211b262968e40b48b2
SHA25653dc5d412c9df938162d1d2c5b6d319795947f79a4b406bd9b6ada1f58c0bc03
SHA5122d65b7862b891ecde8d24f0bbd95d84db4f15121dcb7df18e020bd68ea0be7d2f596355c10e161bbc99755a1a7114cacdd9bd277e911f24c6a37611399dbe74d
-
Filesize
6KB
MD597ecf267af28f9289d6cec0e364e1a50
SHA17f428418b8c5046df714b7b30098215451915358
SHA256138ef05bcc465f3edf2ff986bae985f4d3d5edbb5d0f363512958303a6794c3e
SHA51290501bdbdf48e571080a047e2cb8fad26ac383975c66a8e45388fb98f8a7d649f7cf356a4aae92f3640aeeb7e7618ddf0aa4962778b5cb2bd9cfe4af45edd735
-
Filesize
128KB
MD5d02e3f6af039c3b55c160a0d56b64684
SHA1ba3312754fba22fde1f2183b0db0a95aa144a021
SHA256c0fe9e099bf1531d51c98fe32ee8111eddb366f03395daab68b6dd9f770ae81f
SHA51219827fd3cacd0927b138cf96c2af276a39c592e48b8b1ff1008324b02f0ee360f90a24847057c7024f44edc141b748c1d8dd511b184f78331d42a4999ae4a742
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd