hxxp://alienswap[.]xyz

Resubmissions

07/05/2024, 06:53

240507-hn2kpagf38 7

07/05/2024, 06:51

240507-hmq3kadf2s 1

Analysis

max time kernel
106s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 06:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://alienswap.xyz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595383028717850"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3780	chrome.exe
3780	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3780 wrote to memory of 3660	3780	chrome.exe	84
PID 3780 wrote to memory of 3660	3780	chrome.exe	84
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 5068	3780	chrome.exe	85
PID 3780 wrote to memory of 4484	3780	chrome.exe	86
PID 3780 wrote to memory of 4484	3780	chrome.exe	86
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87
PID 3780 wrote to memory of 4840	3780	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://alienswap.xyz
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff54f8ab58,0x7fff54f8ab68,0x7fff54f8ab78
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1912,i,614299446845887450,16932051460069834966,131072 /prefetch:2
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1912,i,614299446845887450,16932051460069834966,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1912,i,614299446845887450,16932051460069834966,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1912,i,614299446845887450,16932051460069834966,131072 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1912,i,614299446845887450,16932051460069834966,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4356 --field-trial-handle=1912,i,614299446845887450,16932051460069834966,131072 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4496 --field-trial-handle=1912,i,614299446845887450,16932051460069834966,131072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1912,i,614299446845887450,16932051460069834966,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1912,i,614299446845887450,16932051460069834966,131072 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4344 --field-trial-handle=1912,i,614299446845887450,16932051460069834966,131072 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4652 --field-trial-handle=1912,i,614299446845887450,16932051460069834966,131072 /prefetch:1
  2⤵
  PID:2008

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8597d2fc79cafcd466549d291b07ce3c

SHA1
061840e2812c3bffd84608aad9f4c28e7294256e

SHA256
97efc605d1f1862b13abcba6124e7cf3c599ca5e0e217eb7a16dc1fdbee4aa7b

SHA512
1577f874f08c9e39ab28ff424a74bd3735f094a33a2728e4cbf1667639ee2aa86382216e09b0dc59f24f4ba4f12ada97ba70adcd3646c8231083a58146e8ee8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0dbcdcbd2cd30efaec9f6856443e3d87

SHA1
a2bf931ef0b07b99da49f2406ec28e0ae30cf2ed

SHA256
ea8f00c31891eca6855a6d804672302c119a9dd180707af119f3c0470c9d2268

SHA512
3481269d08f47e8d2a75312c2289813e4b3629095c1747423e6e3cb7bb0e84e51d56d8790576f2e738810614fbf79b729a9ecbc8bbbb6b99dc331be21b7edbab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
651aa40bb9f0d9f3efd28b0497a09a64

SHA1
2a505648c9e2be0c0757b7dbc40f9c4204afb6c8

SHA256
90489bb9a6f5f6a523a840da84e78fe920023e24de825ee3cb8f7f84787d0779

SHA512
92b8d5ae5bc62e5c46e3e8a279ef959a67bb2c516e443c3a839d5e2fe70cb7d626723d696a57d04c848b161395e68d37e5076a12ae31ef9c360dd1ba263da067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
dcaccde18025d82e0a81ecd2fe35754e

SHA1
2205d165c6a6e68ba33b33664af7509e7c138a8f

SHA256
07b1d880a355510307c7a75360b814bc1f11c98de3a0ba49a4e5341770ea3890

SHA512
f5f92bffad696787d6fa895c77a533beb7135627654dcfaa2407832d66b894f901e448a901c0b26e134bd2f7d21c024fcc60584030f2c03cca47ff87bcab92ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5315c3c1619fd890d46a1660d59843e2

SHA1
4bf52b50daacd960daf53633800c85de02004154

SHA256
41cf58cba8e6fef772a9289b057d2de52fc3ebf78596410304d9f2f180064899

SHA512
014e1486768af9b96620839a978bc3c7dc8f683e10f03e49803c59cf3719a168dabce300d47a5b9fd70dafaddc23587a761c524aa04df2521e611d0bab123b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
8cb287b6616d1c42409a984f9b0e329b

SHA1
b3ab2f545575c4c5adb556b95f0f2b122bc99f9a

SHA256
94e58071d1b3122d142e75258df2104dab452d3d8cc925c71741bfab4751fbb3

SHA512
2bcb75ab59da421c90695f00d8b59fc1c0bede1f1d9daf33aab6ed2d63c36f7db07a5acd9d74dbcee01289db4a05c9c6a5ed110fcc4bea54c8ba69a4c91df241

Download Submit