Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
03-05-2024 19:27
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://pub-883d90efa66242589b7b9354054a8b3b.r2.dev/5REDFDFTRFDGFYFSCXGVCHVUTTUY7FGHBFER34EGFCGBCFGBHVHNBHTYTHFGVEDF3ESDFDGVCBFVHGFJSFSDFXCVVBFGHFDGVDGGHDG.html
Resource
win10v2004-20240226-en
General
-
Target
https://pub-883d90efa66242589b7b9354054a8b3b.r2.dev/5REDFDFTRFDGFYFSCXGVCHVUTTUY7FGHBFER34EGFCGBCFGBHVHNBHTYTHFGVEDF3ESDFDGVCBFVHGFJSFSDFXCVVBFGHFDGVDGGHDG.html
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592381701482303" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1432 chrome.exe 1432 chrome.exe 1436 chrome.exe 1436 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1432 chrome.exe 1432 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe Token: SeShutdownPrivilege 1432 chrome.exe Token: SeCreatePagefilePrivilege 1432 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe 1432 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1432 wrote to memory of 2604 1432 chrome.exe 90 PID 1432 wrote to memory of 2604 1432 chrome.exe 90 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 3712 1432 chrome.exe 92 PID 1432 wrote to memory of 1152 1432 chrome.exe 93 PID 1432 wrote to memory of 1152 1432 chrome.exe 93 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94 PID 1432 wrote to memory of 224 1432 chrome.exe 94
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub-883d90efa66242589b7b9354054a8b3b.r2.dev/5REDFDFTRFDGFYFSCXGVCHVUTTUY7FGHBFER34EGFCGBCFGBHVHNBHTYTHFGVEDF3ESDFDGVCBFVHGFJSFSDFXCVVBFGHFDGVDGGHDG.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1432 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd77c29758,0x7ffd77c29768,0x7ffd77c297782⤵PID:2604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1288,i,4394356298565387524,17741692829451388387,131072 /prefetch:22⤵PID:3712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1288,i,4394356298565387524,17741692829451388387,131072 /prefetch:82⤵PID:1152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1288,i,4394356298565387524,17741692829451388387,131072 /prefetch:82⤵PID:224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1288,i,4394356298565387524,17741692829451388387,131072 /prefetch:12⤵PID:3620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1288,i,4394356298565387524,17741692829451388387,131072 /prefetch:12⤵PID:4656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1288,i,4394356298565387524,17741692829451388387,131072 /prefetch:82⤵PID:1120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1288,i,4394356298565387524,17741692829451388387,131072 /prefetch:82⤵PID:3536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1288,i,4394356298565387524,17741692829451388387,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1436
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1040 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:81⤵PID:4488
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168B
MD5eb180238ef0e0b3df5ef2cfa1c6b47e6
SHA1d05aa0ae029f86d3e9d7103f4d20f0ecef32ea60
SHA256261c309a375d48f6546e6f195ad3470bbc88847df8a471526f9291f615c71827
SHA512570a7cea9dbef8b56d0b52400e9100d1c9ad8eb53b1d0e317e14958cecfc0ccba12e0f455956bd3d15bb7ee3004d2c9464bb9927859ad904d1b53b34bb84b5f9
-
Filesize
1KB
MD586389f50d9623cab11e49ed52b34d9ad
SHA1fa93d8b7d76022991b20ab91145be30377553659
SHA2565b4e6e29236663fb20c2e9e52236b6878001a6af58b1859916cd343bd93d0c2f
SHA512197c54af92ec5e3b82e0f4e50895be3502ac3bb8ed0c927d0ba091f3df2d9f9221b28f2ae4ad1ff54de725559c370f627142eaa5d3490e9b93522669aff6cce1
-
Filesize
705B
MD5d99aacbe42a7f8026593a57861c91395
SHA1898e03100426e1925daaf95810620b6618b8ab1f
SHA256d91ff09084b66332143869a6edd536653448574d28a7d228fde6d344595cb413
SHA512989de0234ce1629ca8b61a95ddb043f06b2084011463a59eed4c1f48e13667a2745d3453a81e587cb36c903caab4f2497261dafe1bfda349e00121e207bd573e
-
Filesize
6KB
MD5452d55aada4da5673d17b38bae271ce1
SHA128ea65581429e04d3961df3d5791e8ab24d2019b
SHA2568860e1edef53c5cbf7d004106de6c1a19100962e61d16975869d2c88e1d43951
SHA5125cb8acd70f9cb6b82ded511d8ff8429865c2a7de75d26d6d0858e90f0b6793cbe1078b542fecddfafcca2e5e11d0bb01a24f2d0dcc5c333243e209ce8e7195e9
-
Filesize
6KB
MD597bf2d6d714f93206fcc7a66c29dfbf2
SHA155c388823aa8213dfd80766c66ccce477dbf2c57
SHA256e902dea1429f3d13599045e4ce145e85005712065bc86e9e8cb7a49571c971ac
SHA512840bc5a69f792fcbeed366b82a9dbbe70219e752113d173f25ed9dd1bf27a50e3319ef3355bb039ab0578681789d27166241372f17d90397fd68abf8cfe42c59
-
Filesize
6KB
MD5cf540d4cd79c8b38ac229065b2ce646b
SHA19462cf220a837bf9a7f9706edd519077d8c90441
SHA256f27b29cce76e344ecef3106ad2ba0ff3c156ac772f970c70da140e9faa835d07
SHA512a0bf00f0f71024167b57d187e2075d4af21dcc8dbae1144445f4048d5442997e2c6de723db3e3f40a1340a8c4d507a2312f6afd6971b78427e19ccbb40d76cd2
-
Filesize
128KB
MD5b7b48064673a79bed9c6a3ea71e74e38
SHA189c837997a871724b5bd715fe676346e2a9b0260
SHA256fd12467fb2252be83df60ac2b31ff9a86c624e3ec69e61038da6c6691cd4427b
SHA512c7c854695d6956b56eafeaf6970d7ea16481736a8c90453be4935c547801544ee225fa79a77ae71811300e361584992fc667744be2539a3683d243e470cfd686
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd