hxxps://cellscreations[.]replisdescoursmessageries[.]eu/system/resources/previews/

Analysis

max time kernel
300s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 07:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cellscreations.replisdescoursmessageries.eu/system/resources/previews/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133576390870456108"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3904	chrome.exe
3904	chrome.exe
696	chrome.exe
696	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 3016	3904	chrome.exe	87
PID 3904 wrote to memory of 3016	3904	chrome.exe	87
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 4808	3904	chrome.exe	88
PID 3904 wrote to memory of 1392	3904	chrome.exe	89
PID 3904 wrote to memory of 1392	3904	chrome.exe	89
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90
PID 3904 wrote to memory of 2196	3904	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cellscreations.replisdescoursmessageries.eu/system/resources/previews/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffac554ab58,0x7ffac554ab68,0x7ffac554ab78
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1836,i,12526982639553833669,11766502164534577525,131072 /prefetch:2
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1836,i,12526982639553833669,11766502164534577525,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1836,i,12526982639553833669,11766502164534577525,131072 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1836,i,12526982639553833669,11766502164534577525,131072 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1836,i,12526982639553833669,11766502164534577525,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1836,i,12526982639553833669,11766502164534577525,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1836,i,12526982639553833669,11766502164534577525,131072 /prefetch:8
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1836,i,12526982639553833669,11766502164534577525,131072 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1836,i,12526982639553833669,11766502164534577525,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:696

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
76f88b72674511005613ed8ef46d2193

SHA1
2b77d9156505ff4d2c2c114280925c2078c7cf11

SHA256
61d6b67f73e3307bb8a62575d52572da781a3ce4c2f0e9b66d95e1e2e043005a

SHA512
b0faff2bb43e790ed8a07e17ef540f4dd6b4dd41060e5a119c3943e615aa3e9d490894cf64bf5b2575a1b40232191ff7fede8abb5bb3a0f389b1257952bcfe20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
fcc3b6dff1800137ac864dbece928dc5

SHA1
993f8f7d0d0939a18aaf54533ee5fc54f7ca8527

SHA256
7366254396c24e3f0d3a2b86b610cdec7414ca01fc5f18d80d511f32e54cc16a

SHA512
b5b7b54f2519d6f93e1e7693d06d083fc3d7ce34ee7d4fca648a4c00adb7ac365d71ba9db084fbf7329b07c22d89522c7f2caec0a846100ba4f687cc122a3828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c1dfb287c03bb8330eb8335d26201925

SHA1
0d20f5043997829e5a291f3c2ba8df218c7f882c

SHA256
34b0205fdd8350337dd6d9bfb75ecd7d5dab137588533a469bd6780bbf6e45e4

SHA512
840d81e54c0aba3406a55dc6ffd7780746b95c0a1409e85974289d150a94c15ddb75e2efa338a38917e0ed8ab837448d18b2a9fe3e9cd24f16c5f63009ceef53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
167be18b4a44d74c66d9c0d0a0e7dbcc

SHA1
aaa3d487730b86f87b60f920fb104379bbf790ce

SHA256
7844b40d43692b115fdcd650764c256e321754de3322a8afb7936486f404c1da

SHA512
bb202073ada9b6fcafa4995fd8762b5a664050cfee495babe001501b09f85a978910ac088597953872f6a68d7a3622976fd18dfdda29ec15afb7357e0ea4fa49

Download Submit