hxxps://equipmentholding[.]com[.]au/

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://equipmentholding.com.au/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577077930132661"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
3860	chrome.exe
3860	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 864	4860	chrome.exe	80
PID 4860 wrote to memory of 864	4860	chrome.exe	80
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 2728	4860	chrome.exe	83
PID 4860 wrote to memory of 316	4860	chrome.exe	85
PID 4860 wrote to memory of 316	4860	chrome.exe	85
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86
PID 4860 wrote to memory of 224	4860	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://equipmentholding.com.au/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3050ab58,0x7ffa3050ab68,0x7ffa3050ab78
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=308,i,6519619535798655165,12272543006474022039,131072 /prefetch:2
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=308,i,6519619535798655165,12272543006474022039,131072 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=308,i,6519619535798655165,12272543006474022039,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=308,i,6519619535798655165,12272543006474022039,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=308,i,6519619535798655165,12272543006474022039,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 --field-trial-handle=308,i,6519619535798655165,12272543006474022039,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 --field-trial-handle=308,i,6519619535798655165,12272543006474022039,131072 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 --field-trial-handle=308,i,6519619535798655165,12272543006474022039,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3860

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
e2a5827b79a53bd073d6156afe71b65c

SHA1
ae4d8795c17f115607f5bda92342922c3d0640e1

SHA256
5b86482ca9f373801d235cf03fdbed18ff56065ab2a72f57e02debc6ab5407f5

SHA512
b2bc86de43777fd53176d446379798c4e4869df7258211a9406ff749b411f24a1860c64b7e30192f0b07454aec9c06f57b408a68db688020630423764a912d9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
de6ceab49580cb54732f8bec7ab09b4b

SHA1
0131b1bff3653d8759e612d6a6e36422253512dd

SHA256
45de9eb0bab1f9afa61e1917fda576dabde805012f07c75b156b7b30cddf34bc

SHA512
c137b6338d72080d4006cb14ff88e5064cdfcc3f27c624dec14fd7335253698c0e5d51bb1f97fdf367361a65464697f4de1011f8cec06b83a0f7af8fea574945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
00f622fc55785a30b0c4238199c1a7dd

SHA1
a7de0d05285e510339a3295d8387533cf63da134

SHA256
df3d726617a097c60cb51c11ffa88a8c39da2551c0b6d36708f3e063bf4c6001

SHA512
53f3ebbc58220ea72f0f4c24b220b204f89131badaea5f6fec501775794bf7711f0f42838325244eba7c741034f0f4c513f883d9060b4c56be2a68ab91661483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
e0e99f6011b28640613a51f6e9bc5a6f

SHA1
0d6c3419e989e4a9e14ae6e054336578d0ca1953

SHA256
939ac5ac9502da996a0a39e0b87833ae9a9531a0c901ca17184a3c2c200c37d4

SHA512
0a3a4e4f76e90871b4b0e8071807d2b72a877a1640a7ae3a42d574c6da48bad8f829c29ae7ccf17d70794422e63330abf0fd492a7f33b334e0da14e21fc97973

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
4a52a3c55afab209ceb685154a1057a1

SHA1
caad96b1ee47b528a42955ae9914ec997006c805

SHA256
ef3d4597edaf08f36f438d74b34a0da6869ad0523cf4d30f0bf9d538cb455993

SHA512
d1fe72b34428ab9d31813b0b219d65a0acf8e7f57c4aaaa99d42423e076110a73ebdc54cd6608e61b1a59eb2088dd37791f2acc5bf2fb6d5900a04f97fdb6d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c29d2138fb9c3b61b41012335cfacfd9

SHA1
f59c46651a6477d20654851870bbf02098c6038f

SHA256
48505a6db85efd3912cb9521535ce437b55d4ed1056704c87b8068d944792af7

SHA512
8868aa903269b4b46e5d8a017db834322bf29168d13fddb22895813c7d1e86f3c671474db1bff48594be6682561ca8f1ca0dcc5bc32c39571345af91b28219c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
09385076d54245e3394413252c4f1919

SHA1
135b96e768eef71c54f02c0d62ac441c2ee19da4

SHA256
1512e1d6c91ed99605d074da000d9700a027ce12b5065ff2868061e280d3bd02

SHA512
2c4cd48e434d19f340f5ddfa711e05b493c971eb6ec696cd4c2fd955de17c1cb53311a68b582a98c3426aee99aca4f4ccfa31d4790fa52f60b19330600dbd2ad

Download Submit