hxxps://u[.]to/xup2IA

Analysis

max time kernel
96s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240226-es
resource tags

arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
15-03-2024 10:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/xup2IA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133549707357590811"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 776	3624	chrome.exe	99
PID 3624 wrote to memory of 776	3624	chrome.exe	99
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 1220	3624	chrome.exe	102
PID 3624 wrote to memory of 3796	3624	chrome.exe	103
PID 3624 wrote to memory of 3796	3624	chrome.exe	103
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104
PID 3624 wrote to memory of 1312	3624	chrome.exe	104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u.to/xup2IA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbc509758,0x7ffdbc509768,0x7ffdbc509778
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1876,i,3583215121531938210,15457165720393323882,131072 /prefetch:2
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1876,i,3583215121531938210,15457165720393323882,131072 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1876,i,3583215121531938210,15457165720393323882,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1876,i,3583215121531938210,15457165720393323882,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1876,i,3583215121531938210,15457165720393323882,131072 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4688 --field-trial-handle=1876,i,3583215121531938210,15457165720393323882,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1876,i,3583215121531938210,15457165720393323882,131072 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 --field-trial-handle=1876,i,3583215121531938210,15457165720393323882,131072 /prefetch:8
  2⤵
  PID:5640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5252 --field-trial-handle=1984,i,6250324430674571549,669234090731242346,262144 --variations-seed-version /prefetch:8
1⤵
PID:5716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
ca27428fbb93852338446b32ad58d1f7

SHA1
fab92b284122d6f88015516c65172b493c97390a

SHA256
4fea45b3fcb9ef1ec2bbe5516a0b70a0ee6377fb082dc123219100fddfb80e95

SHA512
f22ecc68c506cdc4b8a395ce75fe22a093b93a4862ba86e29be919ac1c2202c30face2bae29b12826e78baf0df01d0fb3849efa68bbb3ae01ea3820b6cdee8fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
fc27b3185873d14fba2955f61953e835

SHA1
30f5791c4b9ffcb61bf487195175854ece2478b4

SHA256
6996b30a26bfe145ebe64a4b9b6a4712ebb2e72bc088a85f63c3c0890946188c

SHA512
7cc3cca70cfcc335eafffb6f4da6b18a0383fbd951912976f7ea10b8c9ad9ee49ca6cfd8267c5e70f56d35de60ef604deac619941107dba696aa26e9b7f88f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ac839cf9f971d9ab8a21cb40d0fa3951

SHA1
33c156534f9501bffe472454f477244df221cec2

SHA256
d059a767cb90f1248a718366cafda1c175a0c458b69cf232a2839b4502ef1c61

SHA512
3e8783e97ed164a8fe89add611ebd8584924cc7a4fab206aef9a365975135d9879183f21e629a94db89d07998d6680ae8f06675d660f0877b339e311d74763e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b6acf06a-9a71-4826-ba19-6d4167e06b46.tmp

Filesize
871B

MD5
1edbd7185790ccc0826062424263f599

SHA1
594bb4f5b3095616ac3caf1101c73693f197a582

SHA256
aee894aa047d87dc54b510b128563f8e29867211d1a3592e44880e993fc03e8a

SHA512
b8e61ad6c055a643fafc89f26c8c414dfaa162c9c1860d7dfd16f73f0171a845d32fc71dcfa38841db88fd7ffcb3fc3e1f7bef7acba50fc8e45cb3e47c0ea15a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a9fb4c9a85910bdcb27ece008d1ba84b

SHA1
8c27b0bef4df2a68238634ff27a37dd6c70ae2b0

SHA256
6d02b42eb81dba42931d125f4d1cf6e396a98887f364877d12a47f84d3fb3461

SHA512
8aad4d29a6e5d0a485ab45745e6e877b6f64139e73f0fe057f0f25a2e9f099c9bd1b2c07a0bd0c207fcddcf7d431219aa4fd85cf3d4d1734e54f7c392fd512ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4cad853577b64322b8b73f68ccd9ee8c

SHA1
22531967b55259ad08033f5aec6ed4f9a318449d

SHA256
4b12262c440a1d8f238d4d92cd9b859261033d3aeea0d6f7f22b5c6fef243856

SHA512
fe8f5324fe0ef888cfd3d95dfb5dbb81f8b80f7fcc6dd8617501a455a79627b1ebecd51834591456f1ca5cf08defc98cee315e8949b3cd11868eeef45f8b8491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
77269651e39faa48c29dec155ac9d44f

SHA1
a40d93cc2ededf2b672583edc9a9ebf0a00a8168

SHA256
62f1182961b835c2dbe8b3a611a7c5b14a130d3de2f29e338eb6fb125675cf12

SHA512
f92707264e0215c43c3d6333b27297c3b6299f40e04c578058688b5b10ecb8f9b67eb0826aed10d25810d6181600ac0b867ab1ca25fc3c510e3663a4620e899a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d81b7310fa3475c9bb39305dd5aa6ad7

SHA1
964094593068fb96356cbd426c67167ca01a2543

SHA256
978e478a01ba8c7bd94cb278731c9c1955401d94d6222d830269f952f588e9ae

SHA512
61a381afb3c6e1d7f992ce42ff22b4f6b4af3e5a7768c54f2520a1840feddc37fdd087fac409cb7c21acc0d61960fc58410dbcec5152465288aa6a0fc54eb54c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
82244df8d7cf9f270795561b6973b68e

SHA1
a544e67d701746c50c7999339cae6e948e840307

SHA256
03094ea83dfbe6b545dba233b555fa96ea381105667b673dd2ac456da8763b31

SHA512
29adae62ba32acd8d343a171344e193e4d1ab0c4ad6047109afeb90b0c3ac4c83fb56342db7190f403ba22a4f92bdfa32403b8b079cef3ef6962032c61aa3c73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit