hxxps://www[.]wlcpromotions[.]com/p/product/72c69b7d-6f9e-4844-aaa5-933c28000b8e/ice-cream-scoop-it

Analysis

max time kernel
1199s
max time network
1178s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
11/03/2024, 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.wlcpromotions.com/p/product/72c69b7d-6f9e-4844-aaa5-933c28000b8e/ice-cream-scoop-it

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546409357696673"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
976	chrome.exe
976	chrome.exe
3612	chrome.exe
3612	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
976	chrome.exe
976	chrome.exe
976	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 2360	976	chrome.exe	80
PID 976 wrote to memory of 2360	976	chrome.exe	80
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1076	976	chrome.exe	82
PID 976 wrote to memory of 1480	976	chrome.exe	83
PID 976 wrote to memory of 1480	976	chrome.exe	83
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84
PID 976 wrote to memory of 2328	976	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.wlcpromotions.com/p/product/72c69b7d-6f9e-4844-aaa5-933c28000b8e/ice-cream-scoop-it
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc6aa39758,0x7ffc6aa39768,0x7ffc6aa39778
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1788,i,6372199784667054901,3378667706665885257,131072 /prefetch:2
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1788,i,6372199784667054901,3378667706665885257,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1788,i,6372199784667054901,3378667706665885257,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1788,i,6372199784667054901,3378667706665885257,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1788,i,6372199784667054901,3378667706665885257,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1788,i,6372199784667054901,3378667706665885257,131072 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1788,i,6372199784667054901,3378667706665885257,131072 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1788,i,6372199784667054901,3378667706665885257,131072 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1788,i,6372199784667054901,3378667706665885257,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3788 --field-trial-handle=1788,i,6372199784667054901,3378667706665885257,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
c1538faa1d8c300941a3305662f53307

SHA1
eae1138e90e90f1b707a86c37ef404836aa83b9a

SHA256
698e7effe5a49ddb6239191c9d2f3a4f4ec23e32de99a195b6d3b52cefe8c021

SHA512
f6d33a0edd61cc38f2f6880329d172a1fe84d8bd16a2070e8c93260cf06f221788696bd786a48e73795b699132628a657a10906f16b1e966f152c26252872623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a050e50fbedcfa3c7e36387eea52ab65

SHA1
ea15a7e81874a50025ebe2de9ddc83e9c94ee293

SHA256
2b5bcd270015a333dfcedf82f9a9fb90b499682cbe3af58b96042428ce3dac75

SHA512
0456a90d9e01be6efb850a18ebfeff582deed7f0b5ea71bb9bae4f0909cb6d82963fb0b69868cb44b02623ce4fdfdd2da43ba949b2bdf9c3b971ad90baa11e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
342d60b2333aed343ad79b097b77d061

SHA1
c3a4e68b0cc0dbb6d2784f7ce2e2ea99bae11d7f

SHA256
3efbb1a3f193f4768bef86aea509c81c2a8d5ba0805b25358e06caa7b93df52f

SHA512
266d5d090ee17344ca324d5042b7c2c8f977f2c1109619222330b63f5f1ac93572f9171f7c239d5766a3571d2db63fc31e98b73e4e7e1b616110d81a00e44506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1166a5ecdc99e1b3a673ef1467fcfe97

SHA1
0e69bee7913f277ef1b2855c831b0616cd59ddc4

SHA256
56acbfbffc88583d7e50820cd5c458ac6ff7c18699259516364c087b021118d9

SHA512
54c54e41e004191ee6b6c7f8abb728ff164df6c51785fd7fb00d3039908b81d5ad62140e23f6302a015625b3f07713020b364edac8a547a4f777dc13de15402b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c98521fe9a073f3b564ba651b30c6819

SHA1
b5cbc243b72736a2537e90b1362613c85006fb9e

SHA256
f10b15e6ea57edb7a08dda8f97e89b6bc5eb8c7e442aa3fb14efb15f4bf234d2

SHA512
e37ce78e4ae65ff7a79809864e43a8749663f5c2015cfcce104f953d18eb2546781921572b5a3c67440cb26d8cbdfcc60900261a6c341e029e96baf572fdc08c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
52b196057c7af6e58dfbfff0c8fd2313

SHA1
55f6172ec6963ce01650227848bab40ffe1a5a70

SHA256
03ef703427a79fc22440df69e8d5bdb970db24851d3fef3e9412b191a021cef9

SHA512
38ea2eb2ba98e1a8eb14de4de304a667b8f4983094366d870116869797383101898b450112c97578de0260cf5d4f7468fc96cb789ed8a227c40444666810b685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
8abad2aebeb9f200a27c54716cd89a89

SHA1
42cef0a5660630de0062462a4851ae5975de6d22

SHA256
159c9ed82805cf74a08dbbd37bae9f5679b3b1fe674e619f5b0d9749cf510a4f

SHA512
6bb8bd7f899e07bfaf8d7f144d2ff820a92b5b095d5f8b6d036173d07320a7b0e26cded94ed1dd85889d1c3179196a21fbe03eedbd89c8f6c92ece4c4fd30dd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit