hxxp://wqtn4stb5jv6mepsiktgbd0a[.]gossipinvest[.]com

Analysis

max time kernel
300s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 06:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://wqtn4stb5jv6mepsiktgbd0a.gossipinvest.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559077614853938"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2164	chrome.exe
2164	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe
Token: SeShutdownPrivilege	2164	chrome.exe
Token: SeCreatePagefilePrivilege	2164	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe
2164	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2920	2164	chrome.exe	94
PID 2164 wrote to memory of 2920	2164	chrome.exe	94
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 3484	2164	chrome.exe	97
PID 2164 wrote to memory of 2632	2164	chrome.exe	98
PID 2164 wrote to memory of 2632	2164	chrome.exe	98
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99
PID 2164 wrote to memory of 4640	2164	chrome.exe	99

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://wqtn4stb5jv6mepsiktgbd0a.gossipinvest.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe12d19758,0x7ffe12d19768,0x7ffe12d19778
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1908,i,17495508684347125183,3231732235249870998,131072 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1908,i,17495508684347125183,3231732235249870998,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1908,i,17495508684347125183,3231732235249870998,131072 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1908,i,17495508684347125183,3231732235249870998,131072 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1908,i,17495508684347125183,3231732235249870998,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1908,i,17495508684347125183,3231732235249870998,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1908,i,17495508684347125183,3231732235249870998,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1908,i,17495508684347125183,3231732235249870998,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1908,i,17495508684347125183,3231732235249870998,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3992 --field-trial-handle=1908,i,17495508684347125183,3231732235249870998,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:888

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3816 --field-trial-handle=2232,i,10468259530860544675,2192522633371581869,262144 --variations-seed-version /prefetch:8
1⤵
PID:4144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a8f5238a5aadce9354042c28c07355db

SHA1
8991a975d25cfc98974d9c2d0e02066659a43926

SHA256
0e213b421cf0ef403cc672930ecfda48f8be7160ade562b1c11a18bbbe736a32

SHA512
8fa7348ed741c10b60e28d7656a799c0480972d3f4273bf59448b2ebe75e4c3ef91a9bf5f25764335fdde78c99dcd05af7a825f9c99d5f29a42e1614a158805d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
239c03871ae9aac4bd870e70f0793a00

SHA1
2810785d001b983e208ebcd540ab56666decad4b

SHA256
135c12821fa98250c767b7ee42456e70cf554eb079ed7dbfaa2feaef252b9176

SHA512
09dff56fc5cfedb275a09df9ac142957590793b8e18013552fd4b054103b5399019d006fc2b98648ccb82d9cbdcd91e6d57fe96de5f533b8aa5935a93a3d2e5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
31039fb83b1d8a8af0e9ae8be2e43155

SHA1
07dab3140a31dba83c372e888533b3087e46ae49

SHA256
c8c8fb45486abf5cbfaadc086e29045d34f4a8db4d7f5811bcdf8b9203a249e6

SHA512
1903bbc84ba98882156c4d1797af66204ff544318177525a22ece3a2cd14ad678dc1c9dbb796043bb008695d3bedbc1ae9b3e74b8e041d07d9abb6356c9b7db5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
3bae0851090b1ae679b736b6b1fae364

SHA1
0e083d3b303412e1970adb34a2234cd9f2995288

SHA256
b6652547b15e0b1e7e4f3173a2fcd92593abd5892b722ead6997b20c14f3f16f

SHA512
c83b443838b394b04116fa0ab789c5f114043cbe4ed33cc60efe26322e1aa64bb69202b1da2eec4b80dfef036c499d20efe63c8cb1fb43a39446ca34794c030d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
67b4399b9b7c1bc9dec2cf16caca1903

SHA1
2202b30d31b6bb6586430bf3b54a5989195b6236

SHA256
88be8d5badef8a8a455826200ead5bfc1a9470f6b0086706e105a919d6fa56bf

SHA512
5a43402ba6e4780fa52dae3c636ad36c06f1bad06d3e73351604e3d146315fc7e41e7e990ba42e432dc52d5c5f338ad63cdef5236a8e8cd17aee9c0f215fa97e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
f2c01a013442b652f41b9a4031d470df

SHA1
3e8d61cc70d1504e6e6d4f566d706002d589c28c

SHA256
2e9f8fd3330fcfb0ac9028f2563ea478965ec972f611b213511b3fdcddf6d7a2

SHA512
cd9cf0d6e2a2d1c46f36129c8c9d170ff4723a7da07d0e7d6cdf2a5a2f5ce58ba201a6f0de34671c9df3979193021c275b0fb9d7c9d0e5ba93bd2909c68cc4e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit