hxxps://grabify[.]link/N5TVSF[.]mp4film[.]php?id=

Analysis

max time kernel
40s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://grabify.link/N5TVSF.mp4film.php?id=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133543177128204817"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 1576	4820	chrome.exe	88
PID 4820 wrote to memory of 1576	4820	chrome.exe	88
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 2192	4820	chrome.exe	91
PID 4820 wrote to memory of 920	4820	chrome.exe	92
PID 4820 wrote to memory of 920	4820	chrome.exe	92
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93
PID 4820 wrote to memory of 916	4820	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://grabify.link/N5TVSF.mp4film.php?id=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee1ae9758,0x7ffee1ae9768,0x7ffee1ae9778
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1904,i,1376746581342407220,12349445732625479054,131072 /prefetch:2
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1904,i,1376746581342407220,12349445732625479054,131072 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1904,i,1376746581342407220,12349445732625479054,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1904,i,1376746581342407220,12349445732625479054,131072 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1904,i,1376746581342407220,12349445732625479054,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4812 --field-trial-handle=1904,i,1376746581342407220,12349445732625479054,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5284 --field-trial-handle=1904,i,1376746581342407220,12349445732625479054,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 --field-trial-handle=1904,i,1376746581342407220,12349445732625479054,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 --field-trial-handle=1904,i,1376746581342407220,12349445732625479054,131072 /prefetch:8
  2⤵
  PID:4388

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.twitch.tv_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
9fad9b971892e54e648aa8a4b2b5caef

SHA1
681fe5fdbc9c2ed206045b3791cec4af4acd6397

SHA256
2636bdc6ff584e35ce71e8437754050663e6402ce65cba5ab232b7d7e252cded

SHA512
4b38bbffc793754c017eb81bd098acc577e362e1804478b2fcbcb0ad94796ecf412828a4e33d48d51ddd08e0c70056ba9b8fb8e81440e69c60d7e96a152b91a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5cb6526cd49016690f5f01b2793a3447

SHA1
adc3a498675af900a9bcdc100b0fdbddf9fa4d02

SHA256
fa1b5d70fe7141bf8b0ee3583f3313f447c44b81ea052722f0b6113d91b886b7

SHA512
dd5f3b0894f79620f104658c922797a88026b356d48f04c86f9fcd7558021c24476c6a63c734b5730de4d5502d6f9f8f2ad95a5bd915199d1dc3fa4a73abd5b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c92c73eab9a1b16ce506e3138a0d7560

SHA1
e0bb45705ea1d88825df90c9b9f287139544c301

SHA256
8ae1cabd0bd923bf39ecddf790e5044b31cbbb4f2ea012243f82261dcdbbe480

SHA512
bb0406e916cff514360011023ff8c7840e8998d200f0e77e39468a42aa4fe10b5d15c557f1e64daf4ead21fd40bf8f4e74d582689cb29b008099889d5fe352b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3d57da3d7a3d1293ab7e45805e63051b

SHA1
c6b507da4e6f9ae999a696eac43d0859b652b6f2

SHA256
00ff91a1d413ca08e14a4ebb9473632f09098c1bfdb0f25f5b9f1e03c1987661

SHA512
ec0f72fc52347f7c5eebf1e5ff45778afa1f3f2e5c793bf87976ca48848b2b4654e7992b28106061d682ba1da7dde6304b39e2d47efbf30bd5d913907b6fcc89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57da33.TMP

Filesize
48B

MD5
891e4fbc1e6bcb9912621abe62f8cfb2

SHA1
1f7ead55449735873c2f411888c8c099ac8024d4

SHA256
214dcfe8bddb181c8dd160e57b866c881386d0c8d0b2839a2c01215f7fa04a5f

SHA512
591038a4c019bf5b9a3ba7fe9e407553e12cd2fb73218f456f6165a928e7d151eb0daa339caa09e260e09bb097cb7c6ca7b55c7309fb2ccf999457df26006b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
a75c85b2f15b357553c2db036ba704ea

SHA1
31844238896be0c23788017d8dcae06cd657f335

SHA256
8f998b0e959873e4780ba2f09ef3a4497e1b29c82df0259b51694aa75b77e0e1

SHA512
26486472c0a406417805e6ae26d082650ee7e0baaa944ac4c9e033c49e36dc05d3b96792cde9571bad15d29af027292381005aae3a76f04839d92709d23f8321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit