hxxps://http[.]www[.]secure[.]kb4[.]io/XQkhVZDhQR1VST0k1VG5DUlNvRWNCRWF0bnlWSm9LSTVMb1liQ3oxVW9PUE9mQnZwKzVKaXdrbGJVbVZHYzlJZE05Nk1kaWhENnhrVlU5aktvOFFZT0tObXZxdEtLMVhjMDFWNnQvdUh0anBkYysxM0Z4WTZRUT09LS1sNm96cjVnZ3FMWCtsVU9RLS01NUdPcG05V2w3MFJOYVVJdHEySGtnPT0=?cid=1976462051

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://http.www.secure.kb4.io/XQkhVZDhQR1VST0k1VG5DUlNvRWNCRWF0bnlWSm9LSTVMb1liQ3oxVW9PUE9mQnZwKzVKaXdrbGJVbVZHYzlJZE05Nk1kaWhENnhrVlU5aktvOFFZT0tObXZxdEtLMVhjMDFWNnQvdUh0anBkYysxM0Z4WTZRUT09LS1sNm96cjVnZ3FMWCtsVU9RLS01NUdPcG05V2w3MFJOYVVJdHEySGtnPT0=?cid=1976462051

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000279dbe2cb9d5c4499f659dc4fb2861cc000000000200000000001066000000010000200000008a270e7674b4c72d664e1f8b0dde082d4a96136159eed18be5207930b667fe60000000000e8000000002000020000000788db3cc9786412bf4059278ba554259da12764d6b34a581e51cb4064ad5e94820000000fe8cd58d203b11c7ccd3fe1cf4bce1cf3922977ab8011a6ad9e88e337eb9093c4000000063b16414c7feab354824fdaf7b54f8f7be9b917301853b4739113d463aff7ab374e61edbe6159134f756f6400286d0454dbc5d8a9eeaeacf8bda6ce336f23a2d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90687898cf8bda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31099855"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000279dbe2cb9d5c4499f659dc4fb2861cc000000000200000000001066000000010000200000001a9d16f09119602117f75c43512e8987f5f8c66200adf407ec8e66de1e109e50000000000e8000000002000020000000ea85a0261ec2ccb0d1dfaff300af18435a9ca720598adab6124a9bc4b324bf802000000038be6f32b4cd31b827fb933337627e2dc7da8a247c1b1b587b65ac12ee51726d40000000022ff2603491ae61c878fb8a2a69c0a1f63135cbba3ac2f23a383fa07eacea53df992ec8e823f8a07a6aae92fb31a0106950f24d22b7f307d942d6d85c85a6e6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31099855"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31099855"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C2B60B25-F7C2-11EE-96FD-7E3D4A1755AD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2536783835"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2547097595"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ec8d98cf8bda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419577611"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2536783835"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572862303114435"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe
4108	chrome.exe
4108	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
4376	iexplore.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4376	iexplore.exe
4376	iexplore.exe
3648	IEXPLORE.EXE
3648	IEXPLORE.EXE
3648	IEXPLORE.EXE
3648	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 392	2708	chrome.exe	84
PID 2708 wrote to memory of 392	2708	chrome.exe	84
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4828	2708	chrome.exe	86
PID 2708 wrote to memory of 4368	2708	chrome.exe	87
PID 2708 wrote to memory of 4368	2708	chrome.exe	87
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88
PID 2708 wrote to memory of 2888	2708	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://http.www.secure.kb4.io/XQkhVZDhQR1VST0k1VG5DUlNvRWNCRWF0bnlWSm9LSTVMb1liQ3oxVW9PUE9mQnZwKzVKaXdrbGJVbVZHYzlJZE05Nk1kaWhENnhrVlU5aktvOFFZT0tObXZxdEtLMVhjMDFWNnQvdUh0anBkYysxM0Z4WTZRUT09LS1sNm96cjVnZ3FMWCtsVU9RLS01NUdPcG05V2w3MFJOYVVJdHEySGtnPT0=?cid=1976462051
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffefe7e9758,0x7ffefe7e9768,0x7ffefe7e9778
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1768,i,730422302164777015,5414922555739242326,131072 /prefetch:2
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1768,i,730422302164777015,5414922555739242326,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1768,i,730422302164777015,5414922555739242326,131072 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1768,i,730422302164777015,5414922555739242326,131072 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1768,i,730422302164777015,5414922555739242326,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1768,i,730422302164777015,5414922555739242326,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1768,i,730422302164777015,5414922555739242326,131072 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=1768,i,730422302164777015,5414922555739242326,131072 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\XQkhVZDhQR1VST0k1VG5DUlNvRWNCRWF0bnlWSm9LSTVMb1liQ3oxVW9PUE9mQnZwKzVKaXdrbGJVbVZHYzlJZE05Nk1kaWhENnhrVlU5aktvOFFZT0tObXZxdEtLMVhjMDFWNnQvdUh0anBkYysxM0Z4WTZRUT09LS1sNm96cjVnZ3FMWCtsVU9RLS01NUdPcG05V2w3MFJOYVVJdHEyS.gif
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:4376
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4376 CREDAT:17410 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 --field-trial-handle=1768,i,730422302164777015,5414922555739242326,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
2d2887752c9c5a173ffb659c987ac49f

SHA1
eeaf9320a377a2c040e4b84cd53b2ccb8e6e0726

SHA256
b35e4fd0344d352e06b1377781ba325f7c85a461d12a02d0f4b692a22418869c

SHA512
db897836fab72d96bd7cba442d05fea6188e30f6b164f0cd3fc23c9c42b2dad5e187948cfea10a9b03bc5a5e12fe0109d1fb571c8051339d2e1aabbe39ddaa71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
994f6746e0a7c9a9f4f26ba7dd6129a6

SHA1
cf2983bc390178885b2ed6116e861f583074a84a

SHA256
f5d2fbb63a130cb9edec7627d9f2004af83ad5d72daba9a40eef440e8a402f21

SHA512
4cd795c9e7ef87104fd914280f5fcbb23fe0704347f62141d25ec8f43fb9f03993c977cd2abec9f46b66c5daa6df1fad9959611a499c5d264a747e6dc150d9e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
758B

MD5
0af82732711479f162c785243a4cbdd5

SHA1
d2e2d05d04f98f9b093590664b95bd63f52cdc6b

SHA256
f387d0d921da1c27e2eb79c85d5c69de07128c6264348b6783f392f14cd90a85

SHA512
aaf404eeb15f9edefa923884b810c48669dd554735fbb83bdbcea01f458e69de5ea592ab9323cf8d556c677239ee53713103391cd087ceeed32c99470f0ab0c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
be9e09e656f347642ebb2fc63a219939

SHA1
bc785f9cbf03d1ddf35dcae4514b4bb56da7aea6

SHA256
4e4a817cb7e8ade0c4414400eb46fe1f8a49bdba607b876683d10fb28ab23956

SHA512
7fa60d5c22b69ef8aef07490360d3634b45070dfa78d69c8546be987f4873d82546346658162a49cc3b6ce875ccbcb828cde05aa67126b32944cbc20c7aeda5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1d7c6c361b9886dc91a501a9b87f943a

SHA1
b1d2d951fd72a40a8615b1ea6e17b70541f9c586

SHA256
b662398890ddbb43e5577f3b05eb5e69ef801e12dcab39b28d4ade7919885234

SHA512
40b5f3cd356ba3fde975ce25633545e7d6c965342e2585788aff44797222ee7f5450bf17a57ff578b9c71c94bf1a6ac78c51a550cc2c555c8a46305e1ea456af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
6fdc2de97984bbd73353330a34701850

SHA1
a52b4af980ea166fc03bbcdd8699e974e6549afd

SHA256
9577e5ac8ac5021b0232deb71cb285a344409fd76b8fe090725e182a2a605b1b

SHA512
c46cd8edd4d2bd32ee85087c9665243a6e4e436293f9e347c59c5c8f46fec56dd5fc18e6e6c237f65aa4b77806f62509fa1be05e243b198e7bbe028f9bfc5ce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\20RAD7Y0\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\Downloads\XQkhVZDhQR1VST0k1VG5DUlNvRWNCRWF0bnlWSm9LSTVMb1liQ3oxVW9PUE9mQnZwKzVKaXdrbGJVbVZHYzlJZE05Nk1kaWhENnhrVlU5aktvOFFZT0tObXZxdEtLMVhjMDFWNnQvdUh0anBkYysxM0Z4WTZRUT09LS1sNm96cjVnZ3FMWCtsVU9RLS01NUdPcG05V2w3MFJOYVVJdHEyS.gif

Filesize
43B

MD5
07fff40b5dd495aca2ac4e1c3fbc60aa

SHA1
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4

SHA256
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

SHA512
49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a

Download Submit