hxxp://armorplatre[.]com/wp-includes/[.]cgbin/r/bjzpkpx

Analysis

max time kernel
149s
max time network
141s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05-04-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://armorplatre.com/wp-includes/.cgbin/r/bjzpkpx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133567948815675577"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
2016	chrome.exe
2016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 2304	1448	chrome.exe	73
PID 1448 wrote to memory of 2304	1448	chrome.exe	73
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 4256	1448	chrome.exe	75
PID 1448 wrote to memory of 652	1448	chrome.exe	76
PID 1448 wrote to memory of 652	1448	chrome.exe	76
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77
PID 1448 wrote to memory of 4672	1448	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://armorplatre.com/wp-includes/.cgbin/r/bjzpkpx
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffeab689758,0x7ffeab689768,0x7ffeab689778
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1580,i,17639495020339241709,4612254951829517456,131072 /prefetch:2
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1580,i,17639495020339241709,4612254951829517456,131072 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1988 --field-trial-handle=1580,i,17639495020339241709,4612254951829517456,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2604 --field-trial-handle=1580,i,17639495020339241709,4612254951829517456,131072 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2612 --field-trial-handle=1580,i,17639495020339241709,4612254951829517456,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1580,i,17639495020339241709,4612254951829517456,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1580,i,17639495020339241709,4612254951829517456,131072 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1580,i,17639495020339241709,4612254951829517456,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1580,i,17639495020339241709,4612254951829517456,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
45c756388936789b15b951fa9eb7f81d

SHA1
6e7ab61c664e864db472757e1f73c2f2deb06dbe

SHA256
36f67272305a0cf27a726a0d3b297714908050d18660ba49a14db2224d590a2f

SHA512
c1000c9b9d42361e3e78be51be154d800d661313c21e0b9c17af47fb8be122f1c466d6f5e10d8369280c943541ef5e77d95c4cdadd95a9f3ca368340ecb69296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
060370c4d32f431f68f1628935511f3b

SHA1
05d56f3a872ffc24dc8da64fdcfca35f0d759263

SHA256
666a4b9d2ca7f4e0fb18168ffaa220021d319725dc43111b8b0ca4e578698239

SHA512
159fc2aa07e1c24528d6ff3540b642f53962488d3117aafc470fb602a99650bef6531355199679d8bdc8ed4e86972921ca7f32109f82eb00864c5a31160e5192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
22e058564e6309d038e88d1737c260cf

SHA1
157add69015ba73019bf74c31cbb9dd83da3405f

SHA256
e9a22f082176c91a762e9f516db90b79e5a60937c6f84a06e57999531851de11

SHA512
b07b9a05d7f12f0d19298d43833685773053ebfe8b60a2e1cbfe38d9dcbb3ab495f688948d73f383599e7f0b1cff5cc02f953538ad682f97bb927f88a72c83d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a635e6e339fb9f85b9abfb1a8d59bb71

SHA1
2a9bf2b323a2839939a1ede89f76a179e6ec4be6

SHA256
94b255e0d2e8055eedd25dacc2f86746c528fdf09bcf56ae974872d5442b541c

SHA512
a142aebbbd0176f798e7ca9bc1ca10fa0dd17c4b6754cc0a6b34dbb12948d8a761a53363d3bab38efc16f1ebb5eae165a55d9759c0b15f4dfe1e607153ee2954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5268568b5291e0ec5b975b26803a4e35

SHA1
600cbd24e4873f2af203e0dc649541f9d9bc3333

SHA256
9a4c594306e694ec004549813570538604769e4d49334c175e4dd39be87eeea2

SHA512
a04e9f4dd8864e131dce36b5a65e4131dbadf25b1f1dedda99e517f1f567a13df8c13144535b53b2822aa533a2a5933a6abcd1c937cf878395d91577a1651959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df63bfab49474bed7034aac2e6c3f876

SHA1
6051e7828d5df0cd6a04c90f2e99fdb49f27a3b3

SHA256
0048dbdb934cdc5aa0e1b1e24340f33cab6f1e8ee311c311578cc6ad0cdc7dcc

SHA512
2524207dba7b742975bd98c85639b38c9f65e708b0f7a7522e2ceb2d29bc238b2587fb50b9e750e099a83959640463b40096f4fa76abfd0e27a3d6447a60bea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fb993923a8ac51161336c78191076ed6

SHA1
205b23fb2ac6f6b5657eeaaa282ab0d0fb1803bb

SHA256
84095a60ef953c523b2128cd26bfa1cc9661631ca2ff9dcd89dd9e9adfb8bf7b

SHA512
a25481334ddb8f91d8f0b3517f18a5728500964ce16c6ff60951abb1dabe604c3f1b7392341816d475c45bebf2d2afe082908b08a8cdb979763c7be3362a196b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
295c42ddaae64e08a112dc7681a13c7e

SHA1
ec7fbcb62b04654e2067cae490fcc8c507d0784c

SHA256
071c4f9a6e82b0eff0ce318926ece1f0bf5613ef3cc72363e6a97d5d1891c39c

SHA512
364ff91a2b0a0e40484fd1e245a2ea70cf53c8eb6ef4a029757c844e5df03a55fc6ac4db8a428812d74fb32a9533206ab467417bf5cfaab993148fb9c5c321f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit