hxxps://sweetprimefinds[.]com/x32/claim-it-now/checkout[.]php?affid=2&c1=&c2=3LtG96r0GFgn&c3=&c4=&c5=dwltbkpk&click_id=572a0ae428974861b046a1047c0b5d1f&prospect_id=9430791

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2024, 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sweetprimefinds.com/x32/claim-it-now/checkout.php?affid=2&c1=&c2=3LtG96r0GFgn&c3=&c4=&c5=dwltbkpk&click_id=572a0ae428974861b046a1047c0b5d1f&prospect_id=9430791

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133553737074191107"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
2756	chrome.exe
2756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 2844	1108	chrome.exe	88
PID 1108 wrote to memory of 2844	1108	chrome.exe	88
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5752	1108	chrome.exe	93
PID 1108 wrote to memory of 5468	1108	chrome.exe	94
PID 1108 wrote to memory of 5468	1108	chrome.exe	94
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95
PID 1108 wrote to memory of 2028	1108	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sweetprimefinds.com/x32/claim-it-now/checkout.php?affid=2&c1=&c2=3LtG96r0GFgn&c3=&c4=&c5=dwltbkpk&click_id=572a0ae428974861b046a1047c0b5d1f&prospect_id=9430791
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccda79758,0x7ffccda79768,0x7ffccda79778
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1912,i,11790631885845611012,5697655107647136136,131072 /prefetch:2
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1912,i,11790631885845611012,5697655107647136136,131072 /prefetch:8
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1904 --field-trial-handle=1912,i,11790631885845611012,5697655107647136136,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1912,i,11790631885845611012,5697655107647136136,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1912,i,11790631885845611012,5697655107647136136,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1912,i,11790631885845611012,5697655107647136136,131072 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1912,i,11790631885845611012,5697655107647136136,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2844 --field-trial-handle=1912,i,11790631885845611012,5697655107647136136,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2756

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
7fcaeba473972dddf87a5f4cabd93901

SHA1
6d2d7d818dee7949d1fe84020a32eb9132459b68

SHA256
ad4a5045256cecf43986302e364dc3dc3ff2c300e06ee0b8aa785ced9821e037

SHA512
0d0031f9eaefdfb4bafafa04cd07e171781561684b64ed71e1f593115c51a3e06c321405769aa8031fba140826fdd69b544f14f366acbf6dad89e2000f7887ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1642574f3a1ae6322d05e8a93a3cd6ee

SHA1
0883ccddc5c6c6f328d6b2dd16321d1acd9a0393

SHA256
8456fa9258b91e89e62996254b23e74c4e3fceb80bdd5a71229c0bb0edb6a665

SHA512
8cef8b66c6d5b8c1ab5b5cfe8a019a8dc2022d8984f9a4be8682b579fcf28cd503de854ef6bc3ca75913e90c38604b839ce4b31b788aae8542ed17dde605bddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
77310ca24004055b781b861dec3135d2

SHA1
d9f43b47d7b620f17aef10516878d669ea3a779f

SHA256
b552c26d4be6aee8eca7025761bf737694ffa06a7cbf8068032ed6b0470f1044

SHA512
8c30952708ef999528f1ce351869071a3ad8a4f86c11f6c110bfd12836205d855e0030937dacd71b6676b989156ce2eb159126c07f46469043a60ba19d181ce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
064a4931b3df94d0a897c33291d4156d

SHA1
4899db030945ad6697730ddebf35dad34498eb9d

SHA256
c49b6e0c6f13a8c0486b1edef99e7f8617f6869d6623e605aee4962cb0bbc93d

SHA512
ca4ec737ad27ec34ef408d2f73ee71229d4454450e869b7c366a41de413eed1b8d53da85eb87849806a850abb9b5a7e951f972e3dd96696e5e57b9d41ce23e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bdbad1f3c4d19b8a421d716dbc89c8f7

SHA1
3624240dfee6f1c02be7803931b82b22dbcbb5d8

SHA256
48febd48c5c58c5577bf74cec3622edb3d754ab806013dc2546fbc5a91adb0cb

SHA512
f84df826eb8f592d958b0d5ef097f8a1066c552ce1a9559aa4dafabc696481a7e1f8e8b736c3c2ee3a6bd603c4105655e126b68e4351310af582c9f0c81ade31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8bd11f6cb049da0c3dbcb7658f681730

SHA1
362e9c8575445dfe121026be4695572362722d51

SHA256
4d748d58e933966a803898b88a273742d173a3617d79e2a69455627d5b1dd456

SHA512
fe7e907042321a0d81b9758d4e3458d7774cb4057bcec472e47b1205afb809a0419444b11aa834a0e5838b340f7df600afd89c316d813a7f5ef1d45e859addb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
73ff0f36c8e529d1ee415bd6bb0085d7

SHA1
37dd63cb05f6c7b5b4b2521d7111b393e9ba7838

SHA256
ca60e4e9cc969169a1db91f5b84854279e9fe9c8a371931bd0fb73114b235d26

SHA512
13e42c76c585ff0494f9448c02bc94626efe5ada68453a704f008faecc1696e6f79055c3f8bf324033be102502120814880dcb48e4438fb7d9a65fcb56085a10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit