Analysis
-
max time kernel
299s -
max time network
305s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
21/04/2024, 16:47
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://easymc.io/get?new
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
https://easymc.io/get?new
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
https://easymc.io/get?new
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
https://easymc.io/get?new
Resource
win11-20240412-en
General
-
Target
https://easymc.io/get?new
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133581916705128969" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4948 chrome.exe 4948 chrome.exe 4496 chrome.exe 4496 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe Token: SeShutdownPrivilege 4948 chrome.exe Token: SeCreatePagefilePrivilege 4948 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe 4948 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4948 wrote to memory of 2740 4948 chrome.exe 73 PID 4948 wrote to memory of 2740 4948 chrome.exe 73 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 4680 4948 chrome.exe 75 PID 4948 wrote to memory of 3060 4948 chrome.exe 76 PID 4948 wrote to memory of 3060 4948 chrome.exe 76 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77 PID 4948 wrote to memory of 988 4948 chrome.exe 77
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://easymc.io/get?new1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffeab689758,0x7ffeab689768,0x7ffeab6897782⤵PID:2740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1672,i,6917721094236405785,13113461615756512697,131072 /prefetch:22⤵PID:4680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1672,i,6917721094236405785,13113461615756512697,131072 /prefetch:82⤵PID:3060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1672,i,6917721094236405785,13113461615756512697,131072 /prefetch:82⤵PID:988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1672,i,6917721094236405785,13113461615756512697,131072 /prefetch:12⤵PID:3840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1672,i,6917721094236405785,13113461615756512697,131072 /prefetch:12⤵PID:3828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1672,i,6917721094236405785,13113461615756512697,131072 /prefetch:82⤵PID:4492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1672,i,6917721094236405785,13113461615756512697,131072 /prefetch:82⤵PID:3852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4708 --field-trial-handle=1672,i,6917721094236405785,13113461615756512697,131072 /prefetch:12⤵PID:2172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5232 --field-trial-handle=1672,i,6917721094236405785,13113461615756512697,131072 /prefetch:12⤵PID:3652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5408 --field-trial-handle=1672,i,6917721094236405785,13113461615756512697,131072 /prefetch:12⤵PID:4924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5284 --field-trial-handle=1672,i,6917721094236405785,13113461615756512697,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4496
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4920
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
198KB
MD5319e0c36436ee0bf24476acbcc83565c
SHA1fb2658d5791fe5b37424119557ab8cee30acdc54
SHA256f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1
SHA512ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902
-
Filesize
672B
MD514ef1a3e2cfc205c54b75eb84527d512
SHA1565574a304ae1f1bbd64c955212add319d9aa9c2
SHA256aecc884a8b8a6ba74372765e16720eba3bd8d93b8d0f26164b6cc8cd2342cdf7
SHA512f50194b55d1b9385fc3ada3b7a88235d35d853cfae644de3f3c138a0629114f8a2b652355d0b26ee11805c1ce7653b9a778003e8b9a08316cd0c4b9d1c0b81e5
-
Filesize
5KB
MD5b4edbdadd22adc06154f7d057624efad
SHA144468571713fdd17f70938a09f17e51e6d03fc9e
SHA2561fc38802a1a5b6e732e8569f90c31576c687dbd394f21b1e919378249a5c9f7d
SHA512e0dd05d742781099e18079170493d807f3f3578cefb1c936ebd03fde8eb659d91829821237549f66873b08d6ff7d714b9f62002c0852c3bb53b3a56c64f658ed
-
Filesize
1018B
MD509993179362ee8f7e88bf37aa1198856
SHA18b484ae2516d92a90123ea40f4c882dc2a98d204
SHA2568df6612e284cddfa0535564375f4338fc0f5b48d157e4bd198d36ca17df662d3
SHA51204a49bc771efd51ac13459904bb77c1950c53545dbdac9ddfc20daeae7c86d5ba85c2783d9336efe089ee8c446fb8802923ed6d6af9b8b6b0dceb7149f5b5544
-
Filesize
871B
MD5e020b1e653040470094dd60b177eef6b
SHA1149dcd27c5ef839fd09547b2d588a11d0f74be71
SHA25613fe7c83c1f9a76e824b79e8ed9b14c29198d6585e708b7729eef946c84a315d
SHA5125355a3a6c8fd4a4dc5f0f31c0b5f91748da0757837887443adc91e89e65749c7bda40c0a626f84ae14eb782dd7799a1620de60bd225ca92c00834c280f86bd0f
-
Filesize
5KB
MD56be4c7db7e3523cf39ac7d303ebe45b4
SHA1cf6ceaab13cc675f4073ed054016895339e4b16e
SHA25688cb60e7d4267a5190cbb2dde619c1fe3f6d6942266384b51099d25bb57feb55
SHA512c24113278f9797dff1424171361b9e0d19dd028fccbc6c99a4278c4a6b1a208a1a885a4a3a34a03e55e3e39edaa8f68e5166691d8c88896058d083052e5bb543
-
Filesize
5KB
MD5132d02af3e5ded3806a984ee1c6d7554
SHA1a385cfdfd5ef5b01cd7e9969f3ce4498bf6c9791
SHA25671eb8e913d4c628f346cb38d25825789d634e98551036ae442803d945159ee54
SHA5128de8f0c95e1f16375797bf961318afb7cee1597b75fd5a6eb69663d8c71341876e2c9b7b8b56c8edcc816a0571be597886c1ffc3f5d4806b4999d6607ffa2a18
-
Filesize
6KB
MD53dbab43d9405ee4bc5315836acc4a55c
SHA1a96a16bf9a040ca51d7d1d7c352b73efe133dced
SHA256ea27c27167474ea7613df0c2ab163e69c0bb29046045e61d71b1ca9ed2a15a1d
SHA512a0179de421604ea175c84d04c7be5941ba2297fd17d1e8f8c15a0d6269a3216b45ce3a4dc50f3b7a86b15a2ce9d41ab61cf9c219865703b5865b9d0fa120282b
-
Filesize
136KB
MD5e96ebe2f2ac858a9b4e3aac3a2cf017c
SHA1c7266f443f988b6ee3fc6a2fa9b2f6105555e0be
SHA2562af92c789e1e07a860c9714f23898146da05519183fe6055ccf63964f575a65f
SHA5125d7d7f1b17696900b08ecfb60127712e9edf94abf5bc13bbb3df40a04a33e866b9c3a97a452c917aba9e36ee175b3982fa9178e383f8181df4cd8f9377396306
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd