hxxps://nachogames[.]itch[.]io/thats-not-my-neighbor

Analysis

max time kernel
1799s
max time network
1686s
platform
windows10-2004_x64
resource
win10v2004-20240412-es
resource tags

arch:x64arch:x86image:win10v2004-20240412-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
16/04/2024, 03:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://nachogames.itch.io/thats-not-my-neighbor

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577118180773519"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1236	chrome.exe
1236	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1236	chrome.exe
1236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 2896	1236	chrome.exe	83
PID 1236 wrote to memory of 2896	1236	chrome.exe	83
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 5004	1236	chrome.exe	84
PID 1236 wrote to memory of 2540	1236	chrome.exe	85
PID 1236 wrote to memory of 2540	1236	chrome.exe	85
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86
PID 1236 wrote to memory of 2944	1236	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nachogames.itch.io/thats-not-my-neighbor
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0e36ab58,0x7ffd0e36ab68,0x7ffd0e36ab78
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1912,i,6097171990567509398,7994466098314979842,131072 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1912,i,6097171990567509398,7994466098314979842,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1912,i,6097171990567509398,7994466098314979842,131072 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1912,i,6097171990567509398,7994466098314979842,131072 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1912,i,6097171990567509398,7994466098314979842,131072 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 --field-trial-handle=1912,i,6097171990567509398,7994466098314979842,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 --field-trial-handle=1912,i,6097171990567509398,7994466098314979842,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 --field-trial-handle=1912,i,6097171990567509398,7994466098314979842,131072 /prefetch:2
  2⤵
  PID:452

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
168B

MD5
034f901db85558e2aff564ab55a546e7

SHA1
d571a82278b71ff03766313906e5687a0e0211c3

SHA256
34b1f0411a4ccaab4684fa7b06e0000198a85991786139f7b4b36a917b3df447

SHA512
5f3b6a1920e2efeb83edcba31245bfb88384dde78e1839b135ab811a18799902fcec3085595a0f8da72693598f92f616cf57c4475fd60322fa241ae437a712b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b9df62212e9f2573eef947fc68020e9a

SHA1
6946e15cede4f128d52124d00ae7e67266c22619

SHA256
e947aa3a158eee41b71a69bdf70cf8939c9087fc5ab8b96361d2c325493037a2

SHA512
53486e35695714224ed6951505a4d196517f53c3528146f44746b1d4ae0a6a3d46c465bd0b9002bb36674250d1bdde0ba548686713da4556cabdada993c7714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e920cf56ebf5e2dcef77fef4be521c70

SHA1
375ebd8655542e46db2447ad8f8df4f7cd3e08a8

SHA256
62563a1c52f111f2d184f9e8f03a4e6994823145baa1b297949f0908f3068e36

SHA512
543485b60d999c39c8eff82078eb0d61f3671abb18cafe2893f53e856d8308e5b6bf0e1e5789d189aeeb49c9ded15b21ff08b04475c62c08e4f17e3526197376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
de8e37ca712f1e15af2425430b5702e1

SHA1
35e17a9507bb9e450c797aad76610cf8a05d94bc

SHA256
e3d13815df335bf22732f345a26f782c95750d4371e993d0416401ccb5e5e5a7

SHA512
3bab615693f0ec8e8bc727ab43ff1bc418760eae0baa2be77591cc37e9b756eb665d1d240019534f26893767eeb40a88831bb59bb2ecda67f91c4a746f600b07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a7b53d18-4200-4e6d-8504-03b76f5dfc97.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b8bd9930df405ce5faf0cfa7726d9d43

SHA1
f4ffc2dd7d434bcb17836b55653bf29709c6cc1f

SHA256
8dd3097b4042a6429c82aee4eed82154bbec1b1e31db4007dc24c63812604084

SHA512
fb7c0d86d91bf363101221e74fc1f23c01713ed5980cec3c3cea7af9d4bd4fe640e0f8f1d492b5682d3661b490ddd10e593eb68c43ad925d4eed7dfe49ca90c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
15c87b99fa790aecf921134b85af85df

SHA1
d1d0e820309b3d6f44e937a43b6dee52f0f44fd4

SHA256
4dee3b9a4793a8857685e5ead814f43294a7661ac8554e485ad0651c273190e5

SHA512
fcf12afa72073903a8c73f346bf994c70af5e005c9d163b2ed1c5d61869b86b37e9575c42be60371768a6c4e8530fabe20bf333eedb7e698ec0ef7ed2a28518c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
68177c668b31cff9e9952eeb8eb0781b

SHA1
9a9003498ab5a80b99435e51eec6c875756e9594

SHA256
ab352388ef2d963a8ec40f26e46c09880cce6e875733033781ff5da9f2d076ce

SHA512
5ee551d7a05e2d62a3f2a5293a68b461eec2aaeabd9e0000f39098ea7630cddc6e3129b999cea69e1f3f3de17790e8fd84aa9d6bb4a1282a24b3a33945de3417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
268993b8c8080f8549992b47f48f2702

SHA1
a7289a5be463820b217c64572aa8ff76252372ff

SHA256
890af6dadf609e988e2d4baecbb8dd94ed84f1ed36a05dc14b5a64ce1f08699d

SHA512
cae8924047097ea1b81e7586412f78482e704f673f60f9fe3fcbd428f14b9fd74aa5a09292b01772ced6d93e767f30b2b9b1e0e64499e0f724e90955fc8168d6

Download Submit