hxxp://skyportaero[.]com

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://skyportaero.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133544083954200784"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4468	chrome.exe
4468	chrome.exe
3288	chrome.exe
3288	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 4788	4468	chrome.exe	87
PID 4468 wrote to memory of 4788	4468	chrome.exe	87
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 4420	4468	chrome.exe	89
PID 4468 wrote to memory of 848	4468	chrome.exe	90
PID 4468 wrote to memory of 848	4468	chrome.exe	90
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91
PID 4468 wrote to memory of 1744	4468	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://skyportaero.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff819689758,0x7ff819689768,0x7ff819689778
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1868,i,13893340614463283144,3367455607174149536,131072 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1868,i,13893340614463283144,3367455607174149536,131072 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1868,i,13893340614463283144,3367455607174149536,131072 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1868,i,13893340614463283144,3367455607174149536,131072 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1868,i,13893340614463283144,3367455607174149536,131072 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4600 --field-trial-handle=1868,i,13893340614463283144,3367455607174149536,131072 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1868,i,13893340614463283144,3367455607174149536,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1868,i,13893340614463283144,3367455607174149536,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3324 --field-trial-handle=1868,i,13893340614463283144,3367455607174149536,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3288

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
a40039110fea14106dcf6c948f89198c

SHA1
e598f636098a21b3dd9f3380e62224f0e4f4dbdd

SHA256
d820a339deabbdecd9a0bf5edc292c284d42abe7bd0fbd1b8aa6f1c14d696e23

SHA512
754d2ae7b7b7c3215835994c738150d1fece8269dc321874eb83747ab5836469efc0e4e0198de3e06138c1b5671969bf287ecd92610ecb08b344ca067c970323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7daeac6d3dbc4ac67aa7ed99fd458c7b

SHA1
43ab5855e94c3cd071e50c9787ba4402a9df39e7

SHA256
6edc9bb2816dad5d8a739c2cb571efc29119aaa82756ddec3647c09b4e54d747

SHA512
f9d70845e9c960d861cd66498c08fe45867e6b1b5b65450c914eacdc20d484f192de044445929fb8bebbea186376679d68349ad1f027b2099d73d5c9bc895d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
34b21ffc390b45c2ed2cfcf5815e4eb2

SHA1
147311658377d09f7dc8e8303b95baaca6299bb5

SHA256
043745cd35ee192f6daf4ff9d2dfc19f863fa53c3cb73cd41e3f932e1928b6a5

SHA512
231e965ca3bbdc4e56f12ea2b10ed73a959b50c04029540534d05269ee9c23ff2edc08deac0cc56cea76c7b4eda912a559eabd2d2751ae5f9a7defef688c2341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7bebff6fa22d161b71dde77dabd02eaf

SHA1
3641b391c1a8e26089a9ee33f0344c42b231c509

SHA256
0a182e7e199f8acc78a1be43a09c8bae377e3cc24be8b627a8639f3a9b7f3a80

SHA512
9eda556249e0dc221a65e7d85e8725bc935ca65bb14b527c670d0100e1eb49572d83cdc31569c051647bdd5a15644a1a9ebf66f45810ff4fd4d285f5732acfc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
46e3ccdab04496e5052cb41328c078ad

SHA1
2e5b0938902272350c2d4e072d43e6cbf1f09946

SHA256
42a5e41bbbd866a553a2719e9f6a6839a17403269eae6c416f807451b43a2673

SHA512
606663c6e0ef4a5fec38a8afc9e3c11337693d979efd940f2c585a033fc7b41fb019f5ddd68ecc29c4c6e0f7bf1c2c9aec2639d82149128b05db4595520f13eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1551642f304592dd87fed4fa6f2af881

SHA1
2823d72be9a80b5d952b54152d88853d0995d972

SHA256
f3fc85694878e8bf8530630dffe8666ef729e1fbcc01b6e8dbd950c8e77e379f

SHA512
6a794826481ef2a0520a662576de5079b3c567b2cc655db748850bc1ee8a16a9dfa66c18386361fd3d1d814bb1effee51a3f247b6b90a10f3c3f9c7c3f4fcea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
39422fea6e14c9105c3650bcbeffc74d

SHA1
e3050e7f83bb1266d1ad3aacaf2c58db79ba7610

SHA256
c9f34ef12ebd2e7b4b9e0b95daa50d5e541b1977f2486333b28e3b89ccbe2dd0

SHA512
3936a76355d9d18f7695fd30e69d790344662601a246e7070720c6444b7353e2c44b4717c2242201caca5ddef824cfc5210578899d34aa6823a5145ca8b871e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
2a74992b62ac807fc063c79ee30a0fa0

SHA1
f6252f5ff30bf5867504b70087a00d8167cc6d97

SHA256
7ed96bca9e7ce19f156aaf48f15f2a6834ccd02f9f1ab61b534a3282130a30c1

SHA512
554884b665677604bed95feef5edc984c58da863bf9e806b5fd00217736adb270064d72df519367b4b4cfc6edb3513709cd84abe80c85feb178b22479aad0bb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit