hxxp://shorturl[.]at/eoAS5

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://shorturl.at/eoAS5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133540965459569218"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
1236	chrome.exe
1236	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4208 wrote to memory of 4272	4208	chrome.exe	88
PID 4208 wrote to memory of 4272	4208	chrome.exe	88
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 2212	4208	chrome.exe	90
PID 4208 wrote to memory of 3872	4208	chrome.exe	91
PID 4208 wrote to memory of 3872	4208	chrome.exe	91
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92
PID 4208 wrote to memory of 5072	4208	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://shorturl.at/eoAS5
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe93779758,0x7ffe93779768,0x7ffe93779778
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1888,i,10828650303997017319,14006463791995757698,131072 /prefetch:2
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1888,i,10828650303997017319,14006463791995757698,131072 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1888,i,10828650303997017319,14006463791995757698,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1888,i,10828650303997017319,14006463791995757698,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1888,i,10828650303997017319,14006463791995757698,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3904 --field-trial-handle=1888,i,10828650303997017319,14006463791995757698,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1888,i,10828650303997017319,14006463791995757698,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1888,i,10828650303997017319,14006463791995757698,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1072 --field-trial-handle=1888,i,10828650303997017319,14006463791995757698,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1236

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
1a84199c9ec9f2e4d4a0eded0bb13896

SHA1
f3b4de8840ec635fa896fd8a130f3da565a657b3

SHA256
32538074e1281a37532e2939509582fb26085fb74f6dfd9934f38b449111f40f

SHA512
04ccfac8860c720c47d3689c2259bdfb5d89ed410127eb999cfa61ae3f1b497833bb1d5030d6ec0dc3b570bb6d00e82747609eec909cd693f5fab49c7cd1f3ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
da76b38fa67d461632e6901e068c0b74

SHA1
330b242d1b6805f8f62892667dd0865403219f4d

SHA256
50d5d8fe4378ac9e9f57356506e75ad5737a881b1954e5a79a816b7bb7599961

SHA512
6edd4ed62d166261b70f88dba207585378ea9ecc041ffddb9ca00310c667dd04a7a51bf1d18988ce7a69bfeb6e537e9f9ce8ba6795e1c2a0d61058212065450b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
60b19fcce737c4e977faf7bf8fe4526c

SHA1
259e2437b11a67a371f309438ac9e8f5e494abb8

SHA256
d567fa78a2c346c77836218daea59262bd53a85a7b80015145007c3d37fab261

SHA512
131829ca6d00263c5af6a7d0ab7174daa9303c0678ea3182deae404ed43fec3dc1bcfa659edc9297a811aeccdf6e1a6247efc4cb134e47fc48853dc54fc29f23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5d15306677b05d44be2bca26365077de

SHA1
59fe98c38d5af8144f37cfa4ca6bea9177dfe61a

SHA256
08851bcc667bf7ebd2fdefa0884c6d18b7ca9aa4ee92c2f7cbd0286f581cdf66

SHA512
4daa628c5e150398fb44d93d934b5e951528ac9e95d09e2d7d2c95e276112a0d1f40a7e9ae11dd175f026e70a851e66ed94889833ec2c3ae77b8d65341017f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
c86484374a5b16ccaac3201089c9e520

SHA1
1b50f8dbcccb7a8d17d23b76bb661b259a714461

SHA256
808c5e71cbcaf33af0ce58676e88d5d7ff4225956b0224a523feb25dcde24b96

SHA512
171f9420c15b88694247701fc4651e3012bca00a07b091ae0955d3aedf166e01e941d8cfa71046edbee3df5ed140c7235f220d4aec484e018dd601d337377f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6f435c8788df375ea71c5814952ec09d

SHA1
efd48d607b3150eb3043f9b8575db9d94c0f4fb9

SHA256
5bc507f8be910232878dd8fa3c3ad5906eaa12d6425df1e934b2914eae9e5e09

SHA512
54bc6b4946ddb0be1ea039b0c4fb08ba0564a5b92c4cff79869bb443e28415f9379ad9acdcc09ccb4f9002db0e8093afab752ed9e8a7efb57129aa39402b7592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c1b154d6fa94630f38c7b8d2b7570d67

SHA1
70c89d9ca20da65acfeb679496463e7542c21113

SHA256
a9b697e1adc79ab13c2829aab495bf097ad1fb4e3b14494dabb664a215d8ccdd

SHA512
de2a960fa8f9e09e03ba27fe3fe55c7fe802e86160d43120e0c8569ef8bfb88a9454a00c270dbc49670d888d1612da3a599e97ecee528f39487537377b8e0400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
9ea2805269cb844274496773b4f1ab51

SHA1
7cbbcf71c3213b9a9669faba79fd0fda0a9f33e7

SHA256
5f2b7525c8164b644ef8f6b1b76fcab46ac256ed6e16d3f4796b7fd9781a7e2b

SHA512
83016a41c3d6c278a85105c22c7b8055d10fd63d44542b6d30198cf97466cc26c78fc4259793a41f1c7c1d707e2f7eaf16f372158326d1572f428b5d056c685f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit