hxxps://decath-lon[.]info

Analysis

max time kernel
300s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 08:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://decath-lon.info

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133560011494342350"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
888	chrome.exe
888	chrome.exe
6072	chrome.exe
6072	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
888	chrome.exe
888	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 844	888	chrome.exe	96
PID 888 wrote to memory of 844	888	chrome.exe	96
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 2280	888	chrome.exe	99
PID 888 wrote to memory of 4852	888	chrome.exe	100
PID 888 wrote to memory of 4852	888	chrome.exe	100
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101
PID 888 wrote to memory of 2276	888	chrome.exe	101

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://decath-lon.info
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffea4379758,0x7ffea4379768,0x7ffea4379778
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1912,i,5988523476264339193,12401287311273875357,131072 /prefetch:2
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1912,i,5988523476264339193,12401287311273875357,131072 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1912,i,5988523476264339193,12401287311273875357,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1912,i,5988523476264339193,12401287311273875357,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1912,i,5988523476264339193,12401287311273875357,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1912,i,5988523476264339193,12401287311273875357,131072 /prefetch:8
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1912,i,5988523476264339193,12401287311273875357,131072 /prefetch:8
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3852 --field-trial-handle=1912,i,5988523476264339193,12401287311273875357,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6072

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:5144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
668289ed9a5b4ccc486234817208b2b5

SHA1
47ba3c3eaa47403fb5eedb8a5562ff65b3656542

SHA256
141ea95b113978efa3398793499ec9c7e774a456bee09404c03f58d56f00a606

SHA512
8ef0024b1f2c7da05d710b31874560f39488a1cf060a015e5303af5915f60cbd27cc10cb4350db262c583f2371607fb73e17ef147bc9cc8fcca28ff2f50b4824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
482f4c730f49a8fecdbada13e349a52d

SHA1
e8e7ed9a6b4e77f204d2c5eeb5d3ef1dd7ef52fa

SHA256
3cf4cb45b9f714b8c51988ec3dc3a779070ffa0183c128b42471f44f00e3359c

SHA512
0e06f0034ece92952b7ff6397ea4d9d2b1188a395fbe42e080989e1cd6df279fc5adae012e65eb7e2a2e8690b7cd14edfeacd8b91bdd660c781cf3b2356389a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
d9441d47f7d9dd88a70d7dda21d0a803

SHA1
d91fe79cba00b83b03d65bcfeab86d618b1276d4

SHA256
2a806b7764c6c5827331bc20966782abb45047b38f3611e5ffc5a3f7f3026ec7

SHA512
69015b36898ef5471327ba031b6332b88fbb57f4a65a3f3bb8e8225dd3f6153dd07cb8fecc1b54e4f696e1ec9621aefd1b560b2cce52cbf025b808a96a415415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f16ef43b78e8d196781b83ea610ba45f

SHA1
a08b363e76ad53ea00441442b0a22ad99f894706

SHA256
39226b21d3c206c632b1df7d2d05e51e491adaad9c42e9eb01ac51f2bc491649

SHA512
814e3bdd76ec4f9bfcce754b5356ae0dd78bdf1e5642cdf2aec248cf69dbd458bfd14fad9b1c78484e287cada1abbb1f7924f6e8cac4a3f7c3ef6cb9d20e6bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a25d8ff8a309bd8724bdfbc6821530b9

SHA1
13a7fe82c6a2dc94c95b53a4497dfc59b8fc6e06

SHA256
d46111e5b9fb8dfd0a58d6c651624fe04939be3c007f823aaeadeccf57a29dcd

SHA512
0d570b9cef20bd82ee1d55c742e4301ea43b8da4300dfcd3a8519c076d14fb6d1ffc7c98ebede0bc01944f8301cc93cd97e898b71f3821d1e976aa601121893a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
da2d48d362d6c020f708420478bdddcf

SHA1
fe036c678910ab32889789b6d1f0ba77b8845c3f

SHA256
6c467ee72f77a11ef0d6f9ce127fafb781532edbaedd7d5fa7251ed38acc937c

SHA512
25ec8c16dc1a3c47e445bf22186e1175fa878820df6751793a119628651f25f71f086fde75fb2173f00677079af266fba52814f9d30b5855db3a041482206ede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
53ac4bc7bf5cd9fdea1552116e283651

SHA1
05a6c0b84f19313e9eb11b97d50c5a70b314a807

SHA256
52c7fd890d50b7e85aa3049444c69e8126e4f212ff6beb40ea1aeea1f1d3cfc6

SHA512
0a83b59f81d2dd90bbe44aa5d793a68be6c6a2f697c9a42b3f19a25d66498775e75eac70c8d3abcb8d7c575f9918130b5413d196322267ffef6ad5bffb2f38fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
1761c07cdfee84c8402f6fb3923780d1

SHA1
7cb38bfa11e02b77ad26a9760df8a7bbfb531c95

SHA256
bf94eafff1a59b1b240f28ada23d129cebf6abd11b1da90a5a06bb2ae61802e2

SHA512
c34ba2244ab14e98f1dc801c51266faafd24744a92106e132991b98403735db6a6be4e1677b1fe407a5d0795c20a430e7bd0e22e7b83379658c877170d52f8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit