hxxp://250k[.]cloud

Analysis

max time kernel
46s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 15:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://250k.cloud

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587926448490617"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 2832	5020	chrome.exe	84
PID 5020 wrote to memory of 2832	5020	chrome.exe	84
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 4160	5020	chrome.exe	85
PID 5020 wrote to memory of 3240	5020	chrome.exe	86
PID 5020 wrote to memory of 3240	5020	chrome.exe	86
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87
PID 5020 wrote to memory of 2836	5020	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://250k.cloud
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ffec93acc40,0x7ffec93acc4c,0x7ffec93acc58
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1752,i,17474059534193153338,13604369767030947046,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1724 /prefetch:2
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,17474059534193153338,13604369767030947046,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2584 /prefetch:3
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2124,i,17474059534193153338,13604369767030947046,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,17474059534193153338,13604369767030947046,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,17474059534193153338,13604369767030947046,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4476,i,17474059534193153338,13604369767030947046,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4656,i,17474059534193153338,13604369767030947046,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3408,i,17474059534193153338,13604369767030947046,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4792,i,17474059534193153338,13604369767030947046,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3492,i,17474059534193153338,13604369767030947046,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5076,i,17474059534193153338,13604369767030947046,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1868

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4c9caa9186bbbab92cc4efd4edc102b1

SHA1
4abc84772bf6c39441ddac868cd8398053e047d0

SHA256
cdbd395849ae85c29e8c8930de348e822b4d3cc95d6ac2e3a10157c00144ea7a

SHA512
e1617b34b6a19b0a071b873c5d00651123552574510452b32b7fff5f8b4a204cd76c85445445e9a633c13879bb8f94ec9101667e27256205b77f91a1adcbeef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8eb738037dd5ae31622d6a022b2f352

SHA1
33c0f9311f0c4a3f780070cf398f9a09ffae4706

SHA256
abada65b26d2ae65e9ecfe7d0c36488ed466fea9750861feb0ce14733502316a

SHA512
27b13eb4e7aa59175f360ddb093e3880e54e48d75dfa1a046332d7d95994a967a2132d087f4ce41585b1f985d81752fffc967f489ff8630bfcb8b9c5db1ba8bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0aff738c2dbe562012eb6213cb39d933

SHA1
0f54c17644f86623e962a611a1302333becc0d99

SHA256
ceef48c01905fcc112588e92ef2db31fe407fb60231b40d3576e319688da3924

SHA512
9a7e899e4b2a48fd879fdc2c997dda5049d7312eb9a83e47b63707e3b4ec815e5dcd49d08d07d69b6086627efda63faa3741abf3b3bfe3524f9e051cd2855d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b570e1d29d8d74c82e2c98094d3b0e1

SHA1
8ca3ace416738bc9fd1980286ecf7a4c0e111043

SHA256
1a2b2e6593ff889890b6367fb0669b6478ff77247e4eefbcf3cbd9256134af64

SHA512
31c93cd779f3a2928c9bc5e61fb1aae85cc6a3183f7c374509a8c4647ba789b3d39b14a282fafaf78069f5a93baf95fa7a5cfeddd9679d58096e07aaf1787928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
ab3e50a7baee89e46125b72d64a3a567

SHA1
7b92169e4b9af26503c11d6b254aff2111e308b3

SHA256
c874fc2a7bf2e856a38788d62407af2ee560b4c843f64ef8018441e88d4a587b

SHA512
5b08dda3ab217a3e07b2d8dbd360241970d803ad9106c735f6ef6b807e01a3dd7dba764410fddd7d37c17831dacf2e005cd821a78a81c998f8957bde522d19db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
e0a04fb86acbde30990295f24f6b69d0

SHA1
66ea7c55b20895e217b10e242732dec5585a3a45

SHA256
82864c9786b0532e40c31f6b31e171297f727a0c31631c90279a223b6a4d5f76

SHA512
847b11cc8ee0df218ad77f3fc3d95ca57e9b18660119136ea55fa0df1d72d3efbbcd05cc902ee471e136762b8abade3895597ac4d4d892a10540c82f2cb59bf8

Download Submit