Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/04/2024, 15:58
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://clt1448211.bmetrack.com/c/l?c=161913&e=146AEE2&email=1HeP0rtvHxb6anjcAzMX1UE51udxNNRc&l=8074C22E&seq=1&t=1&u=DE19FAE#b2ZnQG5yYi5vcmcubnA
Resource
win10v2004-20240226-en
General
-
Target
https://clt1448211.bmetrack.com/c/l?c=161913&e=146AEE2&email=1HeP0rtvHxb6anjcAzMX1UE51udxNNRc&l=8074C22E&seq=1&t=1&u=DE19FAE#b2ZnQG5yYi5vcmcubnA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133568063386990645" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 816 chrome.exe 816 chrome.exe 2572 chrome.exe 2572 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe Token: SeShutdownPrivilege 816 chrome.exe Token: SeCreatePagefilePrivilege 816 chrome.exe -
Suspicious use of FindShellTrayWindow 28 IoCs
pid Process 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe 816 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 816 wrote to memory of 208 816 chrome.exe 85 PID 816 wrote to memory of 208 816 chrome.exe 85 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1408 816 chrome.exe 89 PID 816 wrote to memory of 1100 816 chrome.exe 90 PID 816 wrote to memory of 1100 816 chrome.exe 90 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91 PID 816 wrote to memory of 3760 816 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://clt1448211.bmetrack.com/c/l?c=161913&e=146AEE2&email=1HeP0rtvHxb6anjcAzMX1UE51udxNNRc&l=8074C22E&seq=1&t=1&u=DE19FAE#b2ZnQG5yYi5vcmcubnA1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:816 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7fffd40c9758,0x7fffd40c9768,0x7fffd40c97782⤵PID:208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1876,i,3357472690990119063,3921051007423366432,131072 /prefetch:22⤵PID:1408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1876,i,3357472690990119063,3921051007423366432,131072 /prefetch:82⤵PID:1100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1876,i,3357472690990119063,3921051007423366432,131072 /prefetch:82⤵PID:3760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1876,i,3357472690990119063,3921051007423366432,131072 /prefetch:12⤵PID:1628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1876,i,3357472690990119063,3921051007423366432,131072 /prefetch:12⤵PID:436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4592 --field-trial-handle=1876,i,3357472690990119063,3921051007423366432,131072 /prefetch:12⤵PID:4776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4612 --field-trial-handle=1876,i,3357472690990119063,3921051007423366432,131072 /prefetch:12⤵PID:3740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1876,i,3357472690990119063,3921051007423366432,131072 /prefetch:82⤵PID:4712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1876,i,3357472690990119063,3921051007423366432,131072 /prefetch:82⤵PID:4732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 --field-trial-handle=1876,i,3357472690990119063,3921051007423366432,131072 /prefetch:82⤵PID:2312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4792 --field-trial-handle=1876,i,3357472690990119063,3921051007423366432,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2572
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1548
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
922B
MD5ae5fcb80b26d5ef2df56c074c4f93782
SHA13552b48c2bf44dfff6a962fc128064b9e9bef675
SHA2565e260a44798263c5ea3cffa33dd7b1cc17715ad60cb7de1cf05fa1c82cdc6855
SHA5129fb8ceb4061ac7fbfaa5d09e12ca922f9cd642802cdbfa563f680293df16b07e852e42b6db2aa03bf9df603584fe204d3911d88adc94cdd6b2b48459f0539878
-
Filesize
6KB
MD5337e96b2be94f3b5412f61e074529156
SHA1ebda0c006c6484a9fcd8c0441d4d6379a689b72f
SHA2563845e727919f79c374924f9ff65b836c56c6723269b41e46e6ad376e2bd7d2ec
SHA51288f41463fecad8f1c2aca00fbcd858ef2670bcfc2c72304e04925042cbe1c7c7293902f0ff6740d2421fd41b29673bd580f61ad99ebb3a9b51fc70446e461048
-
Filesize
6KB
MD5951c66d1c263cde8ea10d568e6aeabf6
SHA1ad8d1a2f8d99d88dd9ccf3b80cbc55356f32b849
SHA25623fe0338b383db8e3892385145d9d00b3c6a5038bd398e2cd3eefbdcf182f68a
SHA512cb6f8343dcefd7f876abd15c81959abe1e20030210247470bdb64dc62c7a04bc620587e27b9d98722e4c150add4cfd636bb15479a026ab4e3582422d21615b0d
-
Filesize
128KB
MD5bc2d7b5e090d4949c33f5418817b2fff
SHA1b41c28c740b793cd165d2ddc67a8e7f78c7139f1
SHA256e78b252b1e6e8f5099e015666ba073fef191c01996d1af04bcbad50f79acba7a
SHA5127ce2f7afb4d335c017c3afdf4cd7099b51e08755a6406918a3592658b5f942cd7d79659ea17c4a7fc0573130b37cce6fb63a9864a6ba6d2234162345421b3ffa
-
Filesize
103KB
MD55fc54ca842d4ef4fb7f2381845923234
SHA156d79d9e8040cf29eea0760d79d7249b686d61fb
SHA256a8fbd371ffa68af5a05c999f01e10f6c37d6c161b9d09307998fd2e11e47c53c
SHA5128908fc4cb9dae7c162b7e3d2343e44f0363e2ecf8b2abd798c23688e0d60259e651d4981bb663302aaa39565776a373c13a05a2c34b0bcc5381871994c94e6c0
-
Filesize
101KB
MD5f9d0c52c8ef653e60af622e03f8328ef
SHA1868bc83e20b8fcbc8b1c83ec1ef0cfd50fe3cdcf
SHA256965cbae9ea32d4a036ed784d5950cdb1ebd8d6fa68b339bb1c0f7344f7bf5597
SHA51240e5a7fe3770a2c1c4eec13559b13a946d4e167b86a1b4b3a20506c47c98eac24308268f5c2183a69b477ed5dc6b5a3ccf61547466b10fd2cc41757d9a55436d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd