hxxp://deskhomes[.]com

Analysis

max time kernel
119s
max time network
114s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
23-04-2024 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://deskhomes.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583499337674974"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 3328	4236	chrome.exe	78
PID 4236 wrote to memory of 3328	4236	chrome.exe	78
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 2008	4236	chrome.exe	79
PID 4236 wrote to memory of 396	4236	chrome.exe	80
PID 4236 wrote to memory of 396	4236	chrome.exe	80
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81
PID 4236 wrote to memory of 2600	4236	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://deskhomes.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb9a1cab58,0x7ffb9a1cab68,0x7ffb9a1cab78
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1728,i,15029385868775086214,13397410934586940003,131072 /prefetch:2
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1728,i,15029385868775086214,13397410934586940003,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2132 --field-trial-handle=1728,i,15029385868775086214,13397410934586940003,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1728,i,15029385868775086214,13397410934586940003,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1728,i,15029385868775086214,13397410934586940003,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 --field-trial-handle=1728,i,15029385868775086214,13397410934586940003,131072 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 --field-trial-handle=1728,i,15029385868775086214,13397410934586940003,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4488 --field-trial-handle=1728,i,15029385868775086214,13397410934586940003,131072 /prefetch:1
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4592 --field-trial-handle=1728,i,15029385868775086214,13397410934586940003,131072 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4432 --field-trial-handle=1728,i,15029385868775086214,13397410934586940003,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4724 --field-trial-handle=1728,i,15029385868775086214,13397410934586940003,131072 /prefetch:1
  2⤵
  PID:3552

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5c586b9dfee72f1a6e75e3acc50bcf72

SHA1
6840644188f3723d56ef0266e666f5858fd83651

SHA256
8bab36a079a74fd1ee41bcad61a6db23b4263958063d9d17d05918c6ebc38192

SHA512
30745f418a212235e8fc17b7bae26a06b83784becb69a1195af0552d4b52ca532ef208edf1225203136c8b4ef65c900bd870dc31c4e32714f70fd623180efa8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
45e344953bec78001d8636fd6cb6e355

SHA1
a60ab91eed4f8882a95a39ba3319a16a1b7d4a8c

SHA256
df5add086cdcac761b81fc36ff359e4ca147ac1b913a6d12638f0d77e4317140

SHA512
4ce8f5e9594b9dc571797c07b4c030aa682264e655ed202074ccffe3cf28caf805713e01bb683fc93e9b5cf7f7b0353507c7fb23e8e4fffdc1fa7b753ecca961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bc510293-57df-4585-94d8-8e27649ee86f.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6301f8a9ffa34c0e5a203cacdc693ee4

SHA1
2c7bd45c01aeb2d0418be7166d32126c0843ba90

SHA256
c3b043fdc111c14fb19142f313bf0728c8c4b74a0cf56cc72346d201dd776ba5

SHA512
703fe81de16d093b42708e87bd4c99ced4d736b9812ed86f392b15db0a1b9c2b9d5e5ec23a9b642b2dba5b9ed277fa96e2b8bc586c0239cd9d685f33dbc1ef23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5312f4624a6de69d01eec36fcd77fe45

SHA1
be7f4e4066ad2eda63fff0dbe007f8b90b589b7c

SHA256
b572c47d5ace9c508cb669985a1abf437b01951b92d61eb37e1ba7b71584a706

SHA512
671a2f89c7c5cf859451cd6977efb551e381d4127712ad5c50ab77f4c4e10010f9e44ba6075fd9a62aa1f7d933209570abaf9c8c99ec95f1785787940e24b93b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
d44676253240571168991cdd13a7ed21

SHA1
5300565f7535b52f6f09be51297b76310d038e3a

SHA256
735b237f7df142cf88ab00ddb48fe17d6f1c3e5eddbf79010a17cc1f4ad1775f

SHA512
f6733b1075fe553f988254bccf25c83cc72d7929b760b26ed6975d73b210f6627cd96152873157b7c6ab57c38bd01fdd8ea56d0a8b2e7c15c724f761952263ce

Download Submit