hxxps://a-name[.]top

Analysis

max time kernel
298s
max time network
273s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
07/05/2024, 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://a-name.top

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595906634217929"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2164	chrome.exe
2164	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 2660	2572	chrome.exe	72
PID 2572 wrote to memory of 2660	2572	chrome.exe	72
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4508	2572	chrome.exe	74
PID 2572 wrote to memory of 4944	2572	chrome.exe	75
PID 2572 wrote to memory of 4944	2572	chrome.exe	75
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76
PID 2572 wrote to memory of 5072	2572	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://a-name.top
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcac9d9758,0x7ffcac9d9768,0x7ffcac9d9778
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1844,i,8189709095122335292,723259021560052899,131072 /prefetch:2
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1844,i,8189709095122335292,723259021560052899,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1844,i,8189709095122335292,723259021560052899,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2812 --field-trial-handle=1844,i,8189709095122335292,723259021560052899,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2820 --field-trial-handle=1844,i,8189709095122335292,723259021560052899,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1844,i,8189709095122335292,723259021560052899,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1844,i,8189709095122335292,723259021560052899,131072 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 --field-trial-handle=1844,i,8189709095122335292,723259021560052899,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c8d4386b7fc20ad90cb827aded5ee103

SHA1
39ba7b7c3f75fe045e54eceba05700df02f570d7

SHA256
7af57e454b48b7ec4fe7cfa9855f68325490b620577f617aa1b9361fa5aecca4

SHA512
85b4a90a4fd4fbea4270236bdbfc2ac525f777909bb691796e9b2a6b763b6ba9619a7c7b6c64b7a05d967f2e70b382284a3f1ba7fd0a9e9b126a05b25e7a187b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e6d0f1885a870677fdc40d368373fcb6

SHA1
c74aea4da65df3f46fd83af53db34e5512f357da

SHA256
4ad1f4dedbd6e24426027ebc398914cbe8b029241a3c2407c0481083c41ba6e2

SHA512
a41489734669eb2ecc9a5b27537f051c5a3ae2d0a754fb0ca9165d5f88ca0a479db4b183961738337a1c7c38624c26982c171fa098d761403cf54a6df7cbd7c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e650a04e0ee42fffadfd2ecb4a2f360e

SHA1
7e548cca5ebfea3616e072b3b28a952680a5faf2

SHA256
92cc7dc0f42ae049c19deff3f8761c8efa69e7298e951723e1472715f6b8a63f

SHA512
dad911344cd162e957758be11b5fac7c3a0cd618d2581cfe481c1c59e9f79bae0cf8f8cf1b3691451f44c06284c859be6bf386eba53c2205c3ecf762633fccc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
1ba0c51718f150ca1e3454144b3cdfe4

SHA1
094328f43d56049a6a6652d49ecbbd7329f4cbb6

SHA256
30eb03535647c836444b619d9cfe8700b5c537699e0a69a6b6469602182a4df7

SHA512
82824ac3f2b58984f9020f5e171e8078a3b03da973c3ac7cc167128db1fe6856b907db67d8184e9f20a6bed46842c753a192adf5c5c6fa4a3f3037a310de2bcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2753d95b047eeddec25a8fc3529c53a0

SHA1
806af700b34b44846de0fb4165cff9ac02a5202e

SHA256
5b53f0321660b35b40f7ec462c4f28baf81ad54c6512faa15713092b3404c4c8

SHA512
6c6421fa6d1d796f4d4b6397d8db3893245bc7dd7446e7d0a0fd76187c25d20b86d4216e26d83492f20efffdcf1a9d0dc2ab6dea465b0db1f0920be849743556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9ea6ddb0283d2243e8bd2cc5b261798c

SHA1
cd8fec85f5dada940c22e1fab40af17addad183c

SHA256
6d8ab0e1117dc998b3af94226ad64316dfd7b490c9df95c1b31d316da59fb246

SHA512
f9f55528f10bf3b18b943f3b27965d0667b74c49a6a7f237c66da5f801a2b221dfc7a5710ab0b665ac66c92ec0bfdd6d51f23bbd7e8798ffdc4bbdb429a08335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c5d5ee0d3a387d132cd0a32231ff3cca

SHA1
b3d88a2e54773236ce856cb369b56e40f8717a72

SHA256
c6c956ab9463840429275114ac13cc49ee8e5181c58f954db608f17123ff0a7b

SHA512
7399bc1bf6c0471d217b483c224ec0dd533f338b9159259ef375466286f722c858f4082446793162d013501acab3015947f02edad2527aad9074266ea70c1f35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
268KB

MD5
8f66c680ea813f87d3b8ead01194795c

SHA1
a0cdbf8ac37339f40cc28603ff7c4f335f1e269d

SHA256
fccfe090365c142a0672e63a6b2eeea97c3971de2a966c207bbdd0efe7126cc1

SHA512
a8181feebcbcbb6170e34b33464bb34f90b2565f7f4cbac9819fd50f8f86924052a961158fe2729e42dd490cc724f74a3af5fb0e0aa1623529b65681de89b36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit