hxxps://aspireelevatingthestandardofcareinspa[.]ca/event[.]php

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aspireelevatingthestandardofcareinspa.ca/event.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133570810153631102"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3100	chrome.exe
3100	chrome.exe
1048	chrome.exe
1048	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3100	chrome.exe
3100	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe
Token: SeShutdownPrivilege	3100	chrome.exe
Token: SeCreatePagefilePrivilege	3100	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe
3100	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 1848	3100	chrome.exe	84
PID 3100 wrote to memory of 1848	3100	chrome.exe	84
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3400	3100	chrome.exe	88
PID 3100 wrote to memory of 3220	3100	chrome.exe	89
PID 3100 wrote to memory of 3220	3100	chrome.exe	89
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90
PID 3100 wrote to memory of 1140	3100	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aspireelevatingthestandardofcareinspa.ca/event.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd6d69758,0x7fffd6d69768,0x7fffd6d69778
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1900,i,12923622642583354707,422963260887481762,131072 /prefetch:2
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1900,i,12923622642583354707,422963260887481762,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1900,i,12923622642583354707,422963260887481762,131072 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1900,i,12923622642583354707,422963260887481762,131072 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1900,i,12923622642583354707,422963260887481762,131072 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1900,i,12923622642583354707,422963260887481762,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1900,i,12923622642583354707,422963260887481762,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1900,i,12923622642583354707,422963260887481762,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d041865d280d80a50200c2af139166d5

SHA1
542dd11c2d5799dffde4eabf91e4036bbb5ec08f

SHA256
7fc06454b83b4fd121c209f70b4f81ef2defa8db74079b0bfa8e1945527d7f81

SHA512
80def0672ad0b5f1e299f3bfe10874c002d3540536e9aa8c63c465de2a8d628575490e120ecdf88bf834f1a3a16fa34781f17de715005461a1917ddd5d57b597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\65e1e225-b339-4558-b553-f47f2329bc10.tmp

Filesize
704B

MD5
3dfb163dfc4acfba539a91825d339f17

SHA1
35f547b089839230640b178fa9c858694dac9606

SHA256
bab12a94c00f5e512ab32e2e49a0cb1c750d34a76e410e76849af7e9332b2cbb

SHA512
2912e381637a63f6a7312e6850c2de421b3376946cd4bc690aa624af4618e936e011c0e1e99f11106632ad6652ab3706ba971126fe0b32e816b514eacf0c342a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
22ebc2b5faf6007a35595e6bc3460b55

SHA1
eb6d3e880c276c4b55d7b655374a40a3567aef7a

SHA256
60475982765a1d5ecb485cfa4fdb59cab3843ce0a5688a35569478db859b5f11

SHA512
3b9d48d60fad3512fdc5b4769b869e06fbc2ae308e03e0eebd120e2195e44dff93e57d0974e2982938f05818a059d5b02589b5723c25e2dbc7f3b8438ac54957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ee508eabd24ba949d3da4d383203eb71

SHA1
118d9e56e833fc1c47bb56347b878160e62c72b8

SHA256
480245055b09c52e68ab755be656fca3f8d23ad588b03a34494f369faf477617

SHA512
993a746323900ce2a1a52d62b83b4b5b7e59a63c3c9fda3b0b00c3292f84f6dc118a35f69d6d9972a07ab61f9c25e8e2fcdb6bb601523f6742ae3fae7c8f3183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
537dfa390f65d588cb8f49421f3670c9

SHA1
2930be9051c4a210e3e564451ca8b49b2050a252

SHA256
9d6d6a6672ddbf3b45968b62960aabe0949b8ba79120b651bfcb55d105b4e2d8

SHA512
39116968cde8c2a50bc2c3724d9ae008ff60cbb14ed8f261a46a454b8fde7220c36e91d15c40cd38dd406d564090be8ead756526627cd1da59243c947e4d038c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
84cbfb8f4f7fb93027b78edc6370fbee

SHA1
0dec91396e98095111f3f964064ce58f7b3c26c7

SHA256
5398cca66bd3fd6679eb66de2464c22a52021e8958bc0ee2d63b1cd6370c85b2

SHA512
ddbd7d32dbe8b17edc84dc81fee6e0f207e797cb1a79fd59ff22245006007f49ce6af22ed2cce84e8f2543492b6c6cfd9def43bf16b2f30c2af83d213376146e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
1da04e8a2a64083e3f9f941778b993bb

SHA1
8ed2759c5c0361a9b5e081b98b0c6e2d930e61e4

SHA256
4e7608e4430b1aa36f0a0af33dd09d7fc8c3609e18cd3b16b13cb11f9f6e04e3

SHA512
9d8931bd416cd24a631c360d8598bd497ff434858667367826fad4bcf67dfe878760c5e0b2d12d7a88f924f832a3e7411c5f4b7c1b37824895ccd26439835ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit