hxxp://www[.]varsity-marketing[.]net/

Analysis

max time kernel
153s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.varsity-marketing.net/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546574643977797"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
8	chrome.exe
8	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 700	4352	chrome.exe	86
PID 4352 wrote to memory of 700	4352	chrome.exe	86
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4064	4352	chrome.exe	88
PID 4352 wrote to memory of 4884	4352	chrome.exe	89
PID 4352 wrote to memory of 4884	4352	chrome.exe	89
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90
PID 4352 wrote to memory of 4756	4352	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.varsity-marketing.net/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe69119758,0x7ffe69119768,0x7ffe69119778
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1840,i,7834313102086061604,8227440077378914537,131072 /prefetch:2
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1840,i,7834313102086061604,8227440077378914537,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1840,i,7834313102086061604,8227440077378914537,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1840,i,7834313102086061604,8227440077378914537,131072 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1840,i,7834313102086061604,8227440077378914537,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4700 --field-trial-handle=1840,i,7834313102086061604,8227440077378914537,131072 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2828 --field-trial-handle=1840,i,7834313102086061604,8227440077378914537,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=1840,i,7834313102086061604,8227440077378914537,131072 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3828 --field-trial-handle=1840,i,7834313102086061604,8227440077378914537,131072 /prefetch:8
  2⤵
  PID:3228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
03b34e74a6a2bfab1a0b37ba789ecb21

SHA1
42a9df4efd280dbee0416edec0051800a5f6c693

SHA256
42ba6224932d35c19af1099e154a05db91c53cbe52ac35fdd256aa2f569b3ac2

SHA512
9f0db3e8c8c47f3d45a2d1bb5c991a82d008fa60bcac193e1ef05c90227ab1e2fcc5524ab5a481746663f25b7fc25e21b5796bdfb0e4b123678c6c79278de554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4895d34f708c11c43089c545683c3655

SHA1
8cf1a91ae2baea6468b0729748d795f1252b9f48

SHA256
887d47a8f288f64952770a6a2c5786fb6356f7c74a72f3d4ac52851688f75dfd

SHA512
1fecf48fb823a2dbbe7eb0423cae71c9d5a64ce33df14ddd32f46287681692186eac4e8566e54fd949b6ad6016b34db1b519bd3f316590fc16e096d38584fd51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
2e3c89a3c4c5914c56a13c7a0d8db912

SHA1
4e337c1a61c967a043a394ad86b6271526060fc1

SHA256
6737220636f95a828f4049a726188823001ac87a11855a6087df2ff9ff4b66b2

SHA512
af1466c722b94b6e1a1160e46d6e42fa4505c0913e5b264f0df6a8bac94c0b61c252a03f2ef68c216e8be5875356ec2b6e619baa89e4e2029d00678b9e27f449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
2937f2ef1ba8f712eff7552404728486

SHA1
1a81667a632a7884b25a8b3ba0e3bc74c37cac8b

SHA256
cab84bebcc74760df97eb2137957e9ec2eb67b41e32f2852f723a293d92a9844

SHA512
6f66f6a92b1bee6833484e780dde4acb8f8d23be986a9aa9fc7eaf6c0c1e3c662e9c72927f5ddd5f43ef7134066003404576f873dd5a40321be35ab6ac50a3d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
c1009f0e203f72438aa001a69556647a

SHA1
0bb0a0d84ed83505718152b9213dea5aba8b0a57

SHA256
3d24ad08f149fd959071b15c534ff6ba9f804908da19a9c22241389a572e7570

SHA512
2d217678ed6c54e19a58148ec27ddec4f7a532ee4748f7bfe9f20f810d4ceada55e599875e363a58d54f075952de17cfd55a16f3bee0e07887595a2587b01e44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d7207a383bba146eb166de4caa45efd5

SHA1
84c2f48bce97f07adbbef1450faa25311193c43c

SHA256
141befbe043715b48a51e17c6286d61d74693e303bceccde989c1b725e0014df

SHA512
2820e051ad5f3671d21b4345cb6a7527a42e2554bc3a74a62ca8cba3e0f0d3870fe0dcf33eb9d0cfafa6fd0e3999e12593b87f8f59c00f28e51e9dac82215b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
534afa559e61cab6feca95a41f62257c

SHA1
02aada71310663acd2b738acfd19c6d9c9f6ebbb

SHA256
545cd625307a1ed174134b09755cae738b7f4b56691700c7a08461e5bb8472af

SHA512
1d84ea7f4c5a1519fc710048815ced1556b8ac9ed0d52363bf5b7a2c214d38ec2e6f8f20295dd0aeab439b16cc7d122680ddbbec7b3d4c4d0b39389c1cc26f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit