hxxps://www[.]southlandconcrete[.]com/

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-03-2024 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.southlandconcrete.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133544229791237605"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4756	chrome.exe
4756	chrome.exe
2440	chrome.exe
2440	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4756	chrome.exe
4756	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 624	4756	chrome.exe	89
PID 4756 wrote to memory of 624	4756	chrome.exe	89
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3604	4756	chrome.exe	91
PID 4756 wrote to memory of 3376	4756	chrome.exe	92
PID 4756 wrote to memory of 3376	4756	chrome.exe	92
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93
PID 4756 wrote to memory of 4200	4756	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.southlandconcrete.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff952da9758,0x7ff952da9768,0x7ff952da9778
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1896,i,10800281178057165772,3257718100959922442,131072 /prefetch:2
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1896,i,10800281178057165772,3257718100959922442,131072 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1896,i,10800281178057165772,3257718100959922442,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1896,i,10800281178057165772,3257718100959922442,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1896,i,10800281178057165772,3257718100959922442,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1896,i,10800281178057165772,3257718100959922442,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1896,i,10800281178057165772,3257718100959922442,131072 /prefetch:8
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 --field-trial-handle=1896,i,10800281178057165772,3257718100959922442,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
1777d0e08aca1f949aed682713cc081a

SHA1
d383995d6cf78c1a8c3a36088d79f02eb1ae42b3

SHA256
6427093ab126ad051312a944ad99a3157c52fd19eda485d03aaaf1f381fc3205

SHA512
fa38e8339a9ac6d2c5e467b87e96794bc4eb1069b671a29c6d25cf9eebfd5aa3310021f3e691dd53c85dc5f1469deb681ea0c77dbf5ee01ef06db3bb0fb8604f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ba5e45a9202eed37043c46933b310f92

SHA1
d3cde7d4a2d8edb060fad596acded37e0a4d0ff9

SHA256
a5c5951eb7cf35eb41c8d420a4993ce18163150a05e582c4c0e7d7bd3ba17178

SHA512
ebeb87d5c7a24e1e96f6c03e56ef1ac1875bb9c894dd3c9b1e7153d189380144cc04ac5963bc430954df7d007d116bcf71f2041964e5f15ba7e8cfaafcdfc64b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
b71df30b555cce5cd22bfd0cc044ac85

SHA1
14f47ec2ec8e6831f84a000aa78fdedb96638754

SHA256
bf5543f5f69c88cb748e4013b6f816c0faca47148902cb0f385d69bc43d45e4a

SHA512
c24d7d02bcb11b2b28a776870ab621e3b20bbb4bc6efe2775a632da1f30e977b1085fee55b75cb0cc8c9a7dd03cdf7f1727dad8a3d5435f2809ff3e81b510bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
71250b86c52a2677e9748c1c3a1337a5

SHA1
5909f0cc460bd511036ca5e66ac7f6505f2227a0

SHA256
cc92118147d2652ff4a93c05392032775baf9d9b4b13ceeb9215d9416ed94b79

SHA512
89aa07988638fa120720449d1afa3f1abc02e1a15aa9652b3e6088c3f7dbd9bcf0a3094bdc6dc8b3976df51ae3c7461843f8b225d4cd5f5d7cdc69415f7e906d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
5d6f65821896def9ceb305b0c46b1d99

SHA1
d8a81ad9255e9088ed2d905040d6a877e60b130e

SHA256
dff0f0ca2a7e8a1cf18492bbf358ac53938c62291ddb0f44bf7c8bf9fd540c8b

SHA512
ba27ab414fe7a7669dc5b78928eaa852f792c902e4c551fd5619433b4c9a7f78f8df5c557ea458fb9d5ecdd1405a5fbc738f615688f372bd5bdcec0dc276f172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit