hxxp://ytmp3[.]plus/p[.]php?callback=jquery34104806914983995769_1714353896230&c=1&_=1714353896231

Analysis

max time kernel
58s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ytmp3.plus/p.php?callback=jquery34104806914983995769_1714353896230&c=1&_=1714353896231

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588315508529688"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
740	chrome.exe
740	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe
Token: SeShutdownPrivilege	740	chrome.exe
Token: SeCreatePagefilePrivilege	740	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 2300	740	chrome.exe	83
PID 740 wrote to memory of 2300	740	chrome.exe	83
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 4040	740	chrome.exe	84
PID 740 wrote to memory of 2652	740	chrome.exe	85
PID 740 wrote to memory of 2652	740	chrome.exe	85
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86
PID 740 wrote to memory of 2844	740	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://ytmp3.plus/p.php?callback=jquery34104806914983995769_1714353896230&c=1&_=1714353896231
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff7d0acc40,0x7fff7d0acc4c,0x7fff7d0acc58
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,16958258770597420133,16857785267879452561,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,16958258770597420133,16857785267879452561,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,16958258770597420133,16857785267879452561,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,16958258770597420133,16857785267879452561,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,16958258770597420133,16857785267879452561,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4368,i,16958258770597420133,16857785267879452561,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4644,i,16958258770597420133,16857785267879452561,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3264,i,16958258770597420133,16857785267879452561,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3860,i,16958258770597420133,16857785267879452561,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:672

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4252

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
646596cbb8e5cc58318b498de9f258bc

SHA1
82872e458f0d644cf335003ec171ce6abcafdd26

SHA256
d7c7580f6f84979413500ba1f014f2d6e046eccd05709a8c2938f67f53c9065d

SHA512
ff0c127bd35f94712cfcc60966b3bbe698829db965a2a63803ca61d245d3e8b6577e0bc08041172817ce16bd9185c4f7d3ec431fa30179c3b50e492da65bf573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef47eb97aa5bbb9fce5a0c0a1d9b1345

SHA1
879d5adc0c2c2d85f6a4abda3ac17c368a64f41f

SHA256
1b3e417e219cf2f33547f53617e269786674e02f0044e3331b2b77b36a7c4014

SHA512
cc927119c6e8a3618ba564d5ecfc0adade273bc3fa14936947cfe63e4f0fc61f5ec09032d239a821ee0f2dbe62dbd5f7b98307254afd0999814be64f9e62eb72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba458e8afddd9c1663462eaaefeb4fb7

SHA1
32fa73b9980a5524272d49c8454ef61d32deb873

SHA256
58fc34f3f114dec024ee4ff4115a5cd9f0ae626adf0dfe722e86bc58770add05

SHA512
31e70f109cfdd6adb0f7f7349a2ba188fb6bc94f7d58685216bf6a40575500f15b67131ee790ed6318eaa02461c25117ed4b638cb8329609e37f138df1667311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
876783b93d0427ddfb52f72c2379b78c

SHA1
087e2ceb6ff6351347df59b06f9de67f2edc783e

SHA256
2d949545bde9578347a2534b41ec2b5fda1af2b268f19808705acef50872bf05

SHA512
3cb4e55e8693f63630f2ccff408b56f817022d7b71cc7215a412ecf841a7925a5af8c30b20f888de91ef214ccfafc353e8ccf16a937ab5ca84d499bdb88ed73f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2cb44735e0d55972d7bf4613620a5de5

SHA1
a024041914e37141d349225fc80791cce32d4f41

SHA256
01453305b4e440b6aaf86f75ac94cc4abab4d3e00df10a19a71fe9a60324b2cf

SHA512
57a27898bd0a967ae41179b34f62a2d925cf086c00deaf77eb66f55c9391b7814fea661e3483537c06460903f44920d995c57116386d46ab4e6df232481e37f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
eec38bedfc9b3257cb8e9fa490d2726b

SHA1
3a67f2264da9b2407fb24ccb2d4b6a2f791bde56

SHA256
57c2f83daa9def4fa9c38c6eb542b58aea6afe78b3256b63f79562ee278fb331

SHA512
e7dadb525f4f6bc8831067c26386cab35cdfe825f3c04d326fb1533a0b56fdf0fb9c28fbab654ef7dea16a69b1f1c7ac570dd4d2ac40b25d62f4686a47cfa634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
dee7413a37c0e04bcc99da06f4cde26e

SHA1
ae02d548d7f942426a35fb7291a95d448306c2d8

SHA256
aa70f0ba3750492a38f405792ee5e367a975c0a6cffae7b5b10ad34d90b1fb05

SHA512
c3170e0001c4ed882bef685c8ae8818e350c4936a98e86ed8b091260063a710217377bc123f9582e46610b146dbd630530a8e63361e4ad05b4629f03fd8930ca

Download Submit