hxxps://t[.]adv[.]offertadelweb[.]it/c/?t=b53be7c-82a-qa2-4lc-a340k

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.adv.offertadelweb.it/c/?t=b53be7c-82a-qa2-4lc-a340k

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133576425970895496"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 3716	2224	chrome.exe	84
PID 2224 wrote to memory of 3716	2224	chrome.exe	84
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 748	2224	chrome.exe	85
PID 2224 wrote to memory of 1628	2224	chrome.exe	86
PID 2224 wrote to memory of 1628	2224	chrome.exe	86
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87
PID 2224 wrote to memory of 5060	2224	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://t.adv.offertadelweb.it/c/?t=b53be7c-82a-qa2-4lc-a340k
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ff91425ab58,0x7ff91425ab68,0x7ff91425ab78
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1836,i,6268086537386002104,88788676862660472,131072 /prefetch:2
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1836,i,6268086537386002104,88788676862660472,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1836,i,6268086537386002104,88788676862660472,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1836,i,6268086537386002104,88788676862660472,131072 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1836,i,6268086537386002104,88788676862660472,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4028 --field-trial-handle=1836,i,6268086537386002104,88788676862660472,131072 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3344 --field-trial-handle=1836,i,6268086537386002104,88788676862660472,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4376 --field-trial-handle=1836,i,6268086537386002104,88788676862660472,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1836,i,6268086537386002104,88788676862660472,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1836,i,6268086537386002104,88788676862660472,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=736 --field-trial-handle=1836,i,6268086537386002104,88788676862660472,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1736

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
757c01c25a9fa36d745b11523d933b22

SHA1
cd18f60a2d81a77326e141e22f830ed4da405d46

SHA256
bf9b27c99148ab1c128b0b864f6584473dfc1bdc17df6a627957b025f0c27711

SHA512
32c64fc71e6246dcf682407c2156050131af14a04cf0dc8dd759133ea2f126b8157e8e51311d1d3bacb2b0cf49966d4838541cf430af2525dbeb8d9dc9b28443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
67fd88268589005e849a474098e3b28e

SHA1
e33aae8da2de18d187c387d2159748f8a6a247ac

SHA256
4e635216aeb136af1b93d14fa2966b32e2eef673351c150012a017537883186e

SHA512
f217a27687cdffc6377a07dcdc3e5ae4a413d74e56c54bd9f23b047f0cc78074dbba6c7e488fd5ea62eccddc70ebc666c5d59728db5446072165ac8dd3fa1a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5e8af87bc2337126a67858ddb0219fa

SHA1
4285d566c853b409756cd1954a73bdf377d0bb49

SHA256
43aa94391bbffae77491f099bd6a5d524dded5b622390805d6bafd7e2ef0ec10

SHA512
c5e9eb8784099840b9f869fbe2b2b1cf0f1d13a9bc7accd7450818a1c7fab00e5ab08d7ccf3089280f36a09abfcd1785b37fc4670be47b836619e034071a9a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1611ba9fa51b22bbf2ed8a3bd7c8ce00

SHA1
f5858e4e84256e8c9610917c19a3cf094d897f4e

SHA256
969db53c39f392b0a175f73d2358a72362d6d9bafe3c8e404576467119a89b5a

SHA512
45c0f03ec8126b364e3acb90f3203549ed922356ee88d98dfac62999214d9e91453ff84fbcac175af53184dfe672ad2a88b63159f2c61c31cc59d69ec2666a6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
7241ac8557fa81315e5b3593d8cb1305

SHA1
223d02f34f51e065f8d20d9c1d7a2149883e6df0

SHA256
897a74d220f75d22672948b2c035161da5c53d722551c35758424ea7075a77da

SHA512
692164b5b4e14da0a1c37ba6143933a3f58060436c8162fad00bf201b75b64d649012a39fc33338126ccc6ea29e199fb2f6179cd68621cbb3ad32b7f3f70325c

Download Submit