hxxp://actionlogics[.]ai

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
19/03/2024, 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://actionlogics.ai

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133553184640200016"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
3704	chrome.exe
3704	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 2032	4852	chrome.exe	81
PID 4852 wrote to memory of 2032	4852	chrome.exe	81
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4796	4852	chrome.exe	83
PID 4852 wrote to memory of 4944	4852	chrome.exe	84
PID 4852 wrote to memory of 4944	4852	chrome.exe	84
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85
PID 4852 wrote to memory of 956	4852	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://actionlogics.ai
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdd7139758,0x7ffdd7139768,0x7ffdd7139778
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1908,i,17687425754615892827,3574691384257734582,131072 /prefetch:2
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1908,i,17687425754615892827,3574691384257734582,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1908,i,17687425754615892827,3574691384257734582,131072 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1908,i,17687425754615892827,3574691384257734582,131072 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1908,i,17687425754615892827,3574691384257734582,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4776 --field-trial-handle=1908,i,17687425754615892827,3574691384257734582,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1908,i,17687425754615892827,3574691384257734582,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1908,i,17687425754615892827,3574691384257734582,131072 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3588 --field-trial-handle=1908,i,17687425754615892827,3574691384257734582,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
ebecaf22ffeff0be1b9a744cf65ccf5d

SHA1
48dd4a2ac88273b45025bca27abe6dfd190c3c63

SHA256
7fe037dc36e03c18a09faf809f17bd691ec1a8d7ce8bd0b00c363439d9aa9c11

SHA512
0ba872e779cb44f00cf25296c22df19335d5d8797c555c29b13452d252983a33809d2982110e221af94721a51bdc37a35ebd2afdb68d7c77a9173fc01fb647ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5ef52733accddbfc35d1fd834411e9ab

SHA1
88f0cc19d898b3d076c129037572fc4dc6e40417

SHA256
5ccf089f6ed34f4a0a20340bdd6a9294c5761e0f83ad4c9d9daa9c2051fbe4a4

SHA512
979f4865e4167033cddde23a99c4f37d5381dbf256cada1d688838669ef4479094764dbeae3b68d09131dbee010cf25571460680dad4e71a266a01ce99973a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
94484409201cb9c7aa2f554f18403bec

SHA1
4e78d006b46a5b08bf8180bf6695d9d763dcb8ee

SHA256
23242d48b4cf61d688ed1b87ff616d55c8ffa2084f761158870052cf77bab2c2

SHA512
0227cd6612bb17b79999d79ba41c090885862cd0f522d0754e97b86bb3ed5767e7c72bed168a4a7053bec4232a3e2075e09e6a907cd7160cc22c341e81906c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
135a12ab9825d98a3d134bed155b94e5

SHA1
df448fc5514785925fc8e428fa2437f8dfd81a2b

SHA256
895bd02d326915b9395c5a2d43d48c45fdd27fb82bb871b8c810678781f12ef9

SHA512
e55ed3d0d0cb7323837fddeae88a9fe7e9765d0f932acbc30b16085970342c9a99e703af846dde13930872ef0bb83156780dfa880737ed405fd1a39c3a9be4fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
da08810efdd224e4f90304ef692ef52d

SHA1
200cb27c10fbb73ad3fe7f2d0ee68649bd0ed7e4

SHA256
5098ed2c855a018c7770e77b6941e97bcab06e3a5049ab25b5abd877a552ce67

SHA512
e7c5c411f64f82b513cfbe20b74e29bb3348ac892c31d59269464d43bc72f7de34bd7622962735312b81609cb994e63d0972174c35b9491f9268808691ca6053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
fb742dccd45e628a8aae63a31560b8e6

SHA1
c1541acdf54d43cd05653b469b27c83d0fa613c2

SHA256
c7cdb4954798dc59f2d690a94e7ff96d73155db6364208c26f04289d50b51289

SHA512
a30021fe8d51f4ee778414729d1d6ee5dae4b1021476e0475763349d120492dc321b3adec15132c4babe324778c7e88299f303280da681c2051f1bf081b6284d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit