Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/04/2024, 21:08

General

  • Target

    https://shrturl.uk/e/78jt7igc8hQm

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shrturl.uk/e/78jt7igc8hQm
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5c1e9758,0x7ffe5c1e9768,0x7ffe5c1e9778
      2⤵
        PID:2932
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1896,i,3299544530539159222,17147505025616446441,131072 /prefetch:2
        2⤵
          PID:4464
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1896,i,3299544530539159222,17147505025616446441,131072 /prefetch:8
          2⤵
            PID:1888
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1896,i,3299544530539159222,17147505025616446441,131072 /prefetch:8
            2⤵
              PID:3764
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1896,i,3299544530539159222,17147505025616446441,131072 /prefetch:1
              2⤵
                PID:1104
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1896,i,3299544530539159222,17147505025616446441,131072 /prefetch:1
                2⤵
                  PID:3212
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1896,i,3299544530539159222,17147505025616446441,131072 /prefetch:1
                  2⤵
                    PID:1424
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 --field-trial-handle=1896,i,3299544530539159222,17147505025616446441,131072 /prefetch:8
                    2⤵
                      PID:5412
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1896,i,3299544530539159222,17147505025616446441,131072 /prefetch:8
                      2⤵
                        PID:5480
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1896,i,3299544530539159222,17147505025616446441,131072 /prefetch:8
                        2⤵
                          PID:3440
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1896,i,3299544530539159222,17147505025616446441,131072 /prefetch:8
                          2⤵
                            PID:3944
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1896,i,3299544530539159222,17147505025616446441,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2472
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:4068
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4044 --field-trial-handle=2844,i,5640589924128028832,7963280732661142908,262144 --variations-seed-version /prefetch:8
                            1⤵
                              PID:3780

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

                                    Filesize

                                    1KB

                                    MD5

                                    55540a230bdab55187a841cfe1aa1545

                                    SHA1

                                    363e4734f757bdeb89868efe94907774a327695e

                                    SHA256

                                    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

                                    SHA512

                                    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

                                    Filesize

                                    48KB

                                    MD5

                                    21af9bc981d404957c6344aaff4b3e28

                                    SHA1

                                    e5569bc0876884ded0d9594432cc261effc66d47

                                    SHA256

                                    e9515acb1b0c8f7c1008358ed424d6563cae681f0e87c53547d0cb7b9f51b051

                                    SHA512

                                    fb42427a114a3cb5739c30f6235c4fe3102876b2063772665c82ecce483955d357dead930e6da185f2b27fb0e72b9837ee272c3271efa5b7e80f98edf4cfaae8

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

                                    Filesize

                                    51KB

                                    MD5

                                    588ee33c26fe83cb97ca65e3c66b2e87

                                    SHA1

                                    842429b803132c3e7827af42fe4dc7a66e736b37

                                    SHA256

                                    bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

                                    SHA512

                                    6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    4KB

                                    MD5

                                    e4cbc657c6f764e1f115caa1f2e7041b

                                    SHA1

                                    dd1e3c07bdfc1499114d28c0df9008e7a7bec9d9

                                    SHA256

                                    f5a80e371b37bc6853790b7e50c8ad271d344387f819cf3656129f772cb739d5

                                    SHA512

                                    1641b8e0babf0e805d4140f15c07a780c5f1786151a846a1e55137b616f037256799469d21e6310607c470c0869b3edb26c627f1ac442ed117016da5212a16ed

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    4KB

                                    MD5

                                    d60982e370c111d1602b282c8c1a71cb

                                    SHA1

                                    445c3e177c81632d5f9c5648f7d0c6cf46def416

                                    SHA256

                                    5bfe24f57f69b9586f3010bf4834da2c2477fa331a6417e8a67d973314d10392

                                    SHA512

                                    78c3dc7bbfc6847b16f6c54d3b5534338675655241df57e710b2c3b0b3d32fb538a6082489e3334bd2ce1546913637d188c5553cf26c9f09530517602981acf0

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    4KB

                                    MD5

                                    673daf3941e52475c09f6fdaffe475fd

                                    SHA1

                                    4e142998fd96d3b70381cb69c46ba02442f25b68

                                    SHA256

                                    7c4afcbc8e1d686ae9d78baa2b9e5ae435d82a84f5f711fd1dfdcdde29a8b38a

                                    SHA512

                                    6c25083c9039fd041e15336bdaa7ceef29a3533d364a07abf7f473144866ac33cbece07e5f7db56b01beb76febb5a8526e42cf3b91789417525fdd66ee91eec8

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    1KB

                                    MD5

                                    747f96394d13a6888a5ba3ab684758b0

                                    SHA1

                                    4ab293667adb0e09badb89e16364ebedaa33f73b

                                    SHA256

                                    9bdc61ceddeb97049da3dade80a876e3ca9c2e5c60841c7043fc702527d8866f

                                    SHA512

                                    577b7a05399802eb6bd19426d975fa2babfe2eb700dd10d4f963fa24bfd639f82778d4d68be9f995208cf486ec12d12d09bc8bbff9c1007c2b564da99f28b4ea

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    2KB

                                    MD5

                                    b4e82593989d510a060b3c2ac5036bec

                                    SHA1

                                    ab2ea75c538c28ae85a18127c4f9d5f440a8fe6a

                                    SHA256

                                    dbe1e9b46d48eadfee5f7267b432f83d2fe0505591c69b4872192bb76ffe780a

                                    SHA512

                                    517a5db28a6ca72edb8c41a6888192a57559177acf5c86e1fc8761b7c1a30beb526624419ec1d1a7699da5c8592fc7ce125925e1faad02f8b879c43d93a09879

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    2KB

                                    MD5

                                    8b28ba2f0409a6ab7d97e925945b4f77

                                    SHA1

                                    957cfab45e43bc19c0ec88e9a0c5382294d93acb

                                    SHA256

                                    009885b1d380f126963751e1dc2ae41110d7144ea35f52a0d276195d3c01ffe4

                                    SHA512

                                    edc9b18251d37d43baa1760ad61af003d541de93a3b93019482417a10831c4a3dd85e3dce68e6ab528b254e73af7b903d83c260b4d3e08a71323526fd32ca2b8

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    2KB

                                    MD5

                                    a3df687a4d3aad7f581dcefb5098e4ff

                                    SHA1

                                    02af392f7c8c78bff0aab263e227e693c1ee62fe

                                    SHA256

                                    9a43766bb6df6ada4cb91d32b3a0c9f58e2e580f334720cccf6236d635037e14

                                    SHA512

                                    afc65375a55e57cb21d043845b1fce3c6af47a2f84b8c611204d6cbaff47a1ee3f4b15bf41d09da61b420d40146dcd853a456cb7b307f8e1c7ce39e100f3f242

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    2KB

                                    MD5

                                    f495ca90356513524d7974df2be381c7

                                    SHA1

                                    c5a5dbd11dd2f2e2aefe0b0ce2b316389f5ab14c

                                    SHA256

                                    e9d4ddb21ec441141a4fe02af78a6ab96e8f94f54c55910afa156553b5a0cd60

                                    SHA512

                                    91b56ddc512e47ee294b572f50593cedf270f9a111066c8931d71b2c28f0ba0d34a4ea0b3c7b9174ef92f1534e9f7b08242ae87758fc0c2be116cd880b798b38

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    2KB

                                    MD5

                                    984ab25ec7a8bcb495685b17a8c84cea

                                    SHA1

                                    988bd7516bc1e1d895e4bc4fd838a8d555d1c458

                                    SHA256

                                    5534afec16dc245d88665c4a9c974b023b82ea4ebe234e0b7e3c146ae70c64a2

                                    SHA512

                                    ba9496b2e6190728294f4b55fb11789a42636cbdf010648bc05f12f5b3418a8c1b9fe7b9113fc93c154ebdfef1b473df128fdc35c2507e815aee8c5952294ad7

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    7bace98421cc5e03b53c20610f53c6f4

                                    SHA1

                                    6a7f96ba691eb273def155f756a634182998afd0

                                    SHA256

                                    c04eeac0cca050320e53e3c6f9479397109716416f2b567cae48a4558a916694

                                    SHA512

                                    f5d511eac7daa659f47bce924b44d3212c70a3c5365eb79a931ff6fc4af9b8355b9944f6e428c4efd17dfdf78a6b39ef5aca950b3185767ff7ec8fa84d8392f5

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    dd2efb1911367e4307a9df85a3eaa252

                                    SHA1

                                    4bae5af9f585718f26f50ed3efe8f1272a05903f

                                    SHA256

                                    88d4354ba7e4969dd17d95a7191fafd8889f36d5c905debcf9d4164e2c8613eb

                                    SHA512

                                    d51b8c5cf877995a8ade6eff66cc9dead7894a06425b8c72a6dd272f59eff9157150ad239f6e515ba1b71b2ac2e91284e532bd4a39d43e7b9a5ff4aec05a33f5

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    003b6bcc5e52e75e600a56388ba7921b

                                    SHA1

                                    b2baf151aa567138d482f6ab98cf64f1ece7c09c

                                    SHA256

                                    a57f253a998d49a8a084ae01bbf9e7386c2bc37fddb7e372035de59a9dc64a1a

                                    SHA512

                                    6eaffc74d8c38c287aa14aedfe49a194e90c88bb9fd8e33c87cd595c93f71744d287d3bf94d312f7002c1943bccc8fd2f0556e03eef7fdb1ff7ce3e81e9f12b9

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    136KB

                                    MD5

                                    e03ba35fefe3af5a996bbc4cf5c9fe2c

                                    SHA1

                                    89abab450469abda3e8c8d4388cffd929ceeffd2

                                    SHA256

                                    664d73416571dcd45eaf82a67d31767d3333a452fc88b2da0ea166b5d68ee529

                                    SHA512

                                    a04ec424c1fcb62edcc1772a78a97eee6dec68d796c5fc7fb1e7b2c4566adc1faa36d92dc07d928dc25e83605859e429f4d6484bf24a5d0578d15960579240fd

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    155KB

                                    MD5

                                    d461d6c472751cf3e55ac51ab9f9db68

                                    SHA1

                                    05c2a226107d42d6b822987cabd0c1d202d2474d

                                    SHA256

                                    5b3fdfbf83e5952a47fa3d672ad04d048f5bc9b28fe6261654c0f041f4ade7a7

                                    SHA512

                                    b2cc897253854d04663596379c0aa1c8980ae83e05b7fb6e3670d744fc1dc94c904cf809d35cf6bba930c22b246f83638085889039e91dcc68480313c01e6830

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    136KB

                                    MD5

                                    44f8f6ca209532e27ea5ce3c6dd093e1

                                    SHA1

                                    680d6ce7eccd08b808c547a4cd018b15ba40923a

                                    SHA256

                                    52f1156c03cee40bade85a9da5e748541152441d1218a0b2684b3acc76726f39

                                    SHA512

                                    4f2b27ae5d640e01558efa8a9963bbf5df0889fcc13a329ff344163aeca3a05ba8d9c0858140b7dcdd26f3c9b8b811cc42263c0c8d5f0711951e7ae1ab2e3d31

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    136KB

                                    MD5

                                    ec9037236f24eb403ba9d624fa832f7c

                                    SHA1

                                    7f14102120df4408a990b90d07b303627b0f8509

                                    SHA256

                                    42b58ebd0df20ac0af16af9fed248fcd0de2142ad0fa57a2c38538deb047e4d5

                                    SHA512

                                    20977fcd47e1582786798a1136c2b6afa1ea8f8f29f7366b7eeb14e8f3dcf9f665b15dc9e397440901c1206391c0165dc4b586181fc61a5606255eb34a7e0c65

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd