hxxps://tria[.]ge/240306-v87zesea32/

Analysis

max time kernel
137s
max time network
141s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
06/03/2024, 18:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://tria.ge/240306-v87zesea32/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133542230681929934"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1880	chrome.exe
1880	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe
Token: SeShutdownPrivilege	1880	chrome.exe
Token: SeCreatePagefilePrivilege	1880	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe
1880	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 240	1880	chrome.exe	72
PID 1880 wrote to memory of 240	1880	chrome.exe	72
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 2552	1880	chrome.exe	74
PID 1880 wrote to memory of 4336	1880	chrome.exe	75
PID 1880 wrote to memory of 4336	1880	chrome.exe	75
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76
PID 1880 wrote to memory of 1316	1880	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tria.ge/240306-v87zesea32/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaad909758,0x7ffaad909768,0x7ffaad909778
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1852,i,13860027817695270678,4258547735509507794,131072 /prefetch:2
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1852,i,13860027817695270678,4258547735509507794,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1852,i,13860027817695270678,4258547735509507794,131072 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1852,i,13860027817695270678,4258547735509507794,131072 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1852,i,13860027817695270678,4258547735509507794,131072 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4412 --field-trial-handle=1852,i,13860027817695270678,4258547735509507794,131072 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1852,i,13860027817695270678,4258547735509507794,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1852,i,13860027817695270678,4258547735509507794,131072 /prefetch:8
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 --field-trial-handle=1852,i,13860027817695270678,4258547735509507794,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4188

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
0d7500c583a1d4173d3f34e337882fd7

SHA1
15bee59c1a0403bb21fd2bb6393524a9183a7f4b

SHA256
5c4ae18be1033f97eab708f01e782830b5dcdfaca7fe1c14c9e25869b1a7dd3f

SHA512
4e34ce1ae7f320ef594512bf8d51739dedbb83ec8e01f4350b2c3f3e7ddca748dfef719d5ccedf88e16bba607f115801854ee9fb9de76c1168501f2df1eed5fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
eae7d46896602e4af0103b175f8a0d1b

SHA1
0901bbe669b49fcb0d64b97ee29ee3d4834d7fe6

SHA256
fca90361a07c62b0d96359a4fd71f341552bc43b7a3a498730aa5b87a08d72a9

SHA512
c6f74d6dd1b4ceb86e1e9a768ecf9ffd18c3a525870cbc41cc20fc6c683aaec7070cb873e827b6a73911c292fffa867ba00ade2de9ca9a586a99a56ceb42852d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
e04d83e1d430d7ab6c4fe1767a16a139

SHA1
7dc2fe251a9753a9b41a6f579c8e08618ea52d26

SHA256
bf9e2c2ffba5fa2c92a8c753a1820271cec2056dacaefc20858d9c9f38984ff5

SHA512
2b3a6ff0c720952522df7af91bbc6971bccdad950cef853f349b4a5b3a3854a79b997ea7ad0fdce789335df05e5fa1b0dadb32cedd7fef6a15513b53d84daa70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d636413852947a0fd4d82d149f6d0780

SHA1
194e88c18f45a8f1f09993b3542a23ad357a7033

SHA256
d73f665e2c59067cf401658b4eb159ef2ebf25000df9536baa4dfbd3f7d523ee

SHA512
3c5f003ac7a79686edbc985a5ecbacaaadf1d0f195c3a19d9e7dde84508c4eac7c20bec1b6ccdeb741f21769bf531392cf9abe9397c9d085d99ef935815305e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e078d45dea21e852e275f44af923040

SHA1
38c0ff61494b67e5aa1d4bb1ccc64167efeefd95

SHA256
8063318e83b56ff5373fa5bb72b3afdf2caa3bc327e89ccf5f228115ac179f26

SHA512
b19e0a1a1723bf63f67829a54bd5caf597bcb7e880b5de826ec86bc1db7b027f230aaa4d9a1335ff2caba18c47f4718a5a8cc835045bac27b532d19a80f98da8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1d4683c2c339f03bf48cc954e0d9af48

SHA1
d98ea4374b1e1b34886d310cdd7a997301ef142c

SHA256
06823065f9110ffc7ba67f87e88dfb53d14b6252407247761648f5386a238779

SHA512
ca9186ebeb6d70e18c9df27854ff974aca48faf93d094b2896328a2e42f965a5ad5e8ec97b19d483a7227bcea7d0aa986a5a4acaa96fbf53d6a36728861c005a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
52bddd3783945fedb798538fbe5a4d56

SHA1
2635a17625cc6fa7af6734dbc16a4e0a15bdb048

SHA256
dd5bff2757b39f775a6ae9c65916e94574ac9deed6e4b724cb6db0c07b12cc26

SHA512
a2f7bda607f916ce4f8c3b1cbbbddfe54088df5048f3c51dc005faf6f1d37ff279eadc5c6e1971ed75afc5d912ba18dc8103293921103582d659cf2d006dae32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit