hxxps://www[.]tracksideschedule[.]com/

Analysis

max time kernel
150s
max time network
157s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
09/04/2024, 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.tracksideschedule.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571479506479085"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1032	chrome.exe
1032	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 2144	1032	chrome.exe	79
PID 1032 wrote to memory of 2144	1032	chrome.exe	79
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3988	1032	chrome.exe	81
PID 1032 wrote to memory of 3724	1032	chrome.exe	82
PID 1032 wrote to memory of 3724	1032	chrome.exe	82
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83
PID 1032 wrote to memory of 4424	1032	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.tracksideschedule.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb5ef89758,0x7ffb5ef89768,0x7ffb5ef89778
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1848,i,2600704518380501812,14023239484343899459,131072 /prefetch:2
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1848,i,2600704518380501812,14023239484343899459,131072 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1848,i,2600704518380501812,14023239484343899459,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1848,i,2600704518380501812,14023239484343899459,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1848,i,2600704518380501812,14023239484343899459,131072 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1848,i,2600704518380501812,14023239484343899459,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1848,i,2600704518380501812,14023239484343899459,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4984 --field-trial-handle=1848,i,2600704518380501812,14023239484343899459,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3848 --field-trial-handle=1848,i,2600704518380501812,14023239484343899459,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3224 --field-trial-handle=1848,i,2600704518380501812,14023239484343899459,131072 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3120 --field-trial-handle=1848,i,2600704518380501812,14023239484343899459,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3180 --field-trial-handle=1848,i,2600704518380501812,14023239484343899459,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
677B

MD5
e017d218818506e135255e52675c3d58

SHA1
dc08a754414fd9971d52e8a948dbe04fdd8e9b2f

SHA256
41dca6a02075e5d40c7510acf94548fb028db58536df2869269195905bef41e5

SHA512
7ce721340d9dba06b40ddd07624dee8f4c5cbbb39e67960ced2df29ea4fab8337b4173d5a0ce999a4a143c5ada1fed60d5226e82124cd9c8452d852ac73500d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7c2983dc7626554ea023def86f3efab4

SHA1
c4af935dbaf78e2e48e5c72700f936ae0bedb2e4

SHA256
e05b7485ca8c5623a95cec26f80304190f46285832e74fe8f4c850f82ecab573

SHA512
c6036dde0348784470a559da95ab2e9faafc0a9d57b6d1d379f38f3142f3d6adb2d95220852c4e30679fb25e0297498e90faf78ce74aef4d43cfbb405d24442d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e3eabbb0c9b48a79603cb6075227567b

SHA1
de8f3e6d0a9d1444510b65ad8931c3ea1d209bf1

SHA256
41ee05a0eb5781a4482d3ed94781c354805971e3a8a0c500eedd061658632f77

SHA512
518c1d4414c5363b5e6db2a8f973788ed492323674a7c327f82148837cf447f77a19bbae9b6e0ef237c915feb902c60a70f938b3e430e983d38417fd8fb5319e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
99a6c00a86a77cc7b65a01bdb226f6c8

SHA1
ea151aa9f7c93385152190a1cfd8e296ad35ecf8

SHA256
b0b66131145da55b2263864246a062d888cb5cfafe145d910ed94ad3254291af

SHA512
56130d4d8afb5c5e79530e72762ad0dccfe74559a9acfe5b97e6dc31c314f828a21f7c987877c1e2b1085477127f44fb9bf0cc7834188ad82fe1f63a8af90725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit