hxxps://d4vz5004[.]na1[.]hubspotlinks[.]com/Ctc/RL+113/d4Vz5004/VWDnTy4l_sR9W7tPlF44D36YQV9TLwZ5c-1d2N3tskFT3qn9gW8wLKSR6lZ3kKV4GMR481F6JBW5TQwFh7XFjMgW6Vm7Kl83R92DW1_V7Lj8vCNCHW29hm4C3HTK3HW2sjtVl6Z0mXPN6LrJDkqWnpNW1Wg7kq1kwS3wW1xp6vw3NvTMnN4kbn5GPtjDlW8BwMRy4Yyx6fW8cgzQ78rps6fW1KG6sm8sb0CzV1hdd06v9RqSW8HNBPX3JLpK8W52yVLm2SyHKbW7wkkck4rLR9RVnyxYp1QPx3nW2Xp6bV8mvJ6FW4LTmdD8LsmgvN4cg8G9cS2hHN3D-K4wCsgW6W4QNmJh70Yzm8W37vB4M7tvPNzN8fy5NQLb64xW806Nf94LbXj3W2q1YQ_8xv8qwW1tQYFK26Zfh9d11Xw204

Analysis

max time kernel
22s
max time network
28s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
16/04/2024, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://d4vz5004.na1.hubspotlinks.com/Ctc/RL+113/d4Vz5004/VWDnTy4l_sR9W7tPlF44D36YQV9TLwZ5c-1d2N3tskFT3qn9gW8wLKSR6lZ3kKV4GMR481F6JBW5TQwFh7XFjMgW6Vm7Kl83R92DW1_V7Lj8vCNCHW29hm4C3HTK3HW2sjtVl6Z0mXPN6LrJDkqWnpNW1Wg7kq1kwS3wW1xp6vw3NvTMnN4kbn5GPtjDlW8BwMRy4Yyx6fW8cgzQ78rps6fW1KG6sm8sb0CzV1hdd06v9RqSW8HNBPX3JLpK8W52yVLm2SyHKbW7wkkck4rLR9RVnyxYp1QPx3nW2Xp6bV8mvJ6FW4LTmdD8LsmgvN4cg8G9cS2hHN3D-K4wCsgW6W4QNmJh70Yzm8W37vB4M7tvPNzN8fy5NQLb64xW806Nf94LbXj3W2q1YQ_8xv8qwW1tQYFK26Zfh9d11Xw204

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577678241535683"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 2096	3476	chrome.exe	80
PID 3476 wrote to memory of 2096	3476	chrome.exe	80
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 1916	3476	chrome.exe	81
PID 3476 wrote to memory of 4700	3476	chrome.exe	82
PID 3476 wrote to memory of 4700	3476	chrome.exe	82
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83
PID 3476 wrote to memory of 2796	3476	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://d4vz5004.na1.hubspotlinks.com/Ctc/RL+113/d4Vz5004/VWDnTy4l_sR9W7tPlF44D36YQV9TLwZ5c-1d2N3tskFT3qn9gW8wLKSR6lZ3kKV4GMR481F6JBW5TQwFh7XFjMgW6Vm7Kl83R92DW1_V7Lj8vCNCHW29hm4C3HTK3HW2sjtVl6Z0mXPN6LrJDkqWnpNW1Wg7kq1kwS3wW1xp6vw3NvTMnN4kbn5GPtjDlW8BwMRy4Yyx6fW8cgzQ78rps6fW1KG6sm8sb0CzV1hdd06v9RqSW8HNBPX3JLpK8W52yVLm2SyHKbW7wkkck4rLR9RVnyxYp1QPx3nW2Xp6bV8mvJ6FW4LTmdD8LsmgvN4cg8G9cS2hHN3D-K4wCsgW6W4QNmJh70Yzm8W37vB4M7tvPNzN8fy5NQLb64xW806Nf94LbXj3W2q1YQ_8xv8qwW1tQYFK26Zfh9d11Xw204
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0xa0,0x7ffcd1e9ab58,0x7ffcd1e9ab68,0x7ffcd1e9ab78
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1832,i,4747455871670703440,10027569093524141350,131072 /prefetch:2
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1832,i,4747455871670703440,10027569093524141350,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1832,i,4747455871670703440,10027569093524141350,131072 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1832,i,4747455871670703440,10027569093524141350,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1832,i,4747455871670703440,10027569093524141350,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1832,i,4747455871670703440,10027569093524141350,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1832,i,4747455871670703440,10027569093524141350,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4540 --field-trial-handle=1832,i,4747455871670703440,10027569093524141350,131072 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4724 --field-trial-handle=1832,i,4747455871670703440,10027569093524141350,131072 /prefetch:1
  2⤵
  PID:4780

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
201KB

MD5
f5bc40498b73af1cc23f51ea60130601

SHA1
44de2c184cf4e0a2b9106756fc860df9ed584666

SHA256
c11b6273f0c5f039dfef3bf5d8efe45a2ecf65966e89eeb1a6c2277d712ae9fb

SHA512
9c993ef3ec746cbe937bbe32735410257f94ceb6f734d75e401fb78dc2e3ab3b7d83c086086f0e1230dc8dafd5328f9af664341eb781c72e67c4d84d1f6c1112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
61b28afbefb25fa459629180dcbd021c

SHA1
6729b3303cae812c75f655a5374f38a1922d490f

SHA256
305f5efdf79c48fdd43a7b362cc6f4e8c00f49529e210ece76a8a7787433cdaf

SHA512
42908e85358069c368a1c622ef2ef4cdb71a582e1a5e99c0779d222ef2db4472f3beb1b34e085207d1556a48b37670aade6538709e2ec893fe404d6b93e9e0c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
8bee9292542d1e2be922785455e74150

SHA1
b2dc3f93e93e59b1820e753882bbefb1e75aa9f2

SHA256
ac01fcb5b556ef99127439beace7e2788416b240d5bfbeee0bbd0e4e0fead124

SHA512
978b5eab595ece5f9dee477bb6916f722a394794353799c7c12762c5bc5e78d0aba15c41d91aad7a9da643a6a08600cd3c46f0ba2e9291fda7567ad73ee947f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
f8a2a59e0171d6ece300d230857c4f66

SHA1
9956ac529ef5d296bb6ea32bb3f42c44d5134992

SHA256
4f86874fa441aa2f8cd87a62ea655c007f23bd4f1429ab559d109e9fc658f31c

SHA512
68f63a4221015d7f3d87994b497ccefeda1befa3defe9bb11ee18eb996d39e4628028bddb42535c42117c3fbab20ab5a2390572ab8ee1f915a5df8185781099e

Download Submit