hxxps://go-link[.]ru/mp6NV

General

Target

https://go-link.ru/mp6NV

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133539272629556480"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2028 chrome.exe
2028 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2028 chrome.exe
2028 chrome.exe
2028 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

chrome.exe

pid	process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2028 wrote to memory of 4788	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4788	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4324	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4320	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4320	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2116	2028	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://go-link.ru/mp6NV
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff28479758,0x7fff28479768,0x7fff28479778
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1940,i,2743515251798755951,13401298587041914918,131072 /prefetch:2
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1940,i,2743515251798755951,13401298587041914918,131072 /prefetch:8
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1940,i,2743515251798755951,13401298587041914918,131072 /prefetch:8
2⤵
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1940,i,2743515251798755951,13401298587041914918,131072 /prefetch:1
2⤵
PID:1240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1940,i,2743515251798755951,13401298587041914918,131072 /prefetch:1
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1940,i,2743515251798755951,13401298587041914918,131072 /prefetch:1
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1940,i,2743515251798755951,13401298587041914918,131072 /prefetch:8
2⤵
PID:784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1940,i,2743515251798755951,13401298587041914918,131072 /prefetch:8
2⤵
PID:3084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4468

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
476b13d20be0f5110e43af048275cf68

SHA1
537b00e9772daae7ecdbec5b6342cca03e6dbe4b

SHA256
a5cea61ae1359209c045bc51b40610dbcf2d24e4aee43d215e71f54ca86e48ef

SHA512
fbe14923dc40a0773fc3e82733e14a49028f3e457e279d9609c661bf03ffbd282a896317222cd22845784da7d81fa482dae9b30b21bce8eba3e2a44e54c8581b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
6f99f82b1d41bad4739991284d6bc505

SHA1
3cf3a154f87c7347f34e65dbcaf0d5fc75ed8fa2

SHA256
0543064491c05a7feb9f784100638a134279d9fd31a96099ac59d5844ccf6046

SHA512
8e01396ac9f2d96ba9f0f386400116cfde8c73f552de6f94404b176d0f4d072cede3a9f782645803684c417b0f8197eddf6451cb5b8b7edca2425f1cef0da99f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
5ac61a29daa1f7795afb0f072ea9c9bb

SHA1
d4d5bf6f40d2aa5ee2998e24bd1888223ca93cf5

SHA256
591972ef93807fb24590eb512833ee3461b8caa916d189347443868128020719

SHA512
1f9a9c929e522675c34ed9a560a57d7ac72fb895f67e388ceb981ed8644235f131a0edca78ea0118afac829cf1df63126ea8d0f863cb32d0125497e44c0274c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d741a22d-0f55-4fe0-80bc-948c0a91c574.tmp
Filesize
6KB

MD5
ec1ecfb986a509d27ee9e4e6d495c8c7

SHA1
38a432d7647c957a15f487e920bfe6889949fd7a

SHA256
93b4e333aa964715cdd865055c989f6f311601374df15375ff0a01274251cac5

SHA512
f5b763bf515658e4637840ad636c5f637ca20ce9659d83ae19b60d59b7e1f8cf5532815c862e87b70b2e02983bdee2a7468a7a1dd766943824412d4548ee6220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
603edab8f0268ed3ed6df442ad8cd240

SHA1
7645491eed5565a9799b93242834b732e6ac23a7

SHA256
e8957e801a213f87dacbf421eacd97692621739d320d4052c62a2a21534057c9

SHA512
9e89334c792de270f8c505e09c497cff6c799a595577c3778b05beef9c34254cd74613a5930b89659b2c28f926cbc1b49603f2d32e388c955e2f3331952992f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
206e9f59c2691e570f22c8b0aad43b4c

SHA1
49be290fd954d99fdfa4b64c24b773c76bf6b10e

SHA256
48533640238d11afb10e0a28b2c2c4c56f576e0c60bb84d48dd63228f11976c3

SHA512
ab32203bdb5a0f7f898c2fda0ffe574070f1049bfb74ef40b51001206977ad5d5b91f9d8af1425df212d9402da0a667c54de69d08de782d9b786344d6f64b016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2028_XKAFBEAKVVZRCEIH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads