hxxps://noglxcka[.]github[.]io/ProjectByGlxcj/

Analysis

max time kernel
150s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
08-05-2024 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://noglxcka.github.io/ProjectByGlxcj/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	discord.com
10	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	ipapi.co
7	ipapi.co

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe
4260	chrome.exe
4260	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe
Token: SeShutdownPrivilege	1000	chrome.exe
Token: SeCreatePagefilePrivilege	1000	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1000 wrote to memory of 4756	1000	chrome.exe	77
PID 1000 wrote to memory of 4756	1000	chrome.exe	77
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 4532	1000	chrome.exe	78
PID 1000 wrote to memory of 3376	1000	chrome.exe	79
PID 1000 wrote to memory of 3376	1000	chrome.exe	79
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80
PID 1000 wrote to memory of 836	1000	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://noglxcka.github.io/ProjectByGlxcj/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd1a5eab58,0x7ffd1a5eab68,0x7ffd1a5eab78
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1764,i,13661086608388603396,14926918919868875376,131072 /prefetch:2
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1764,i,13661086608388603396,14926918919868875376,131072 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2124 --field-trial-handle=1764,i,13661086608388603396,14926918919868875376,131072 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1764,i,13661086608388603396,14926918919868875376,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1764,i,13661086608388603396,14926918919868875376,131072 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4268 --field-trial-handle=1764,i,13661086608388603396,14926918919868875376,131072 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1764,i,13661086608388603396,14926918919868875376,131072 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2572 --field-trial-handle=1764,i,13661086608388603396,14926918919868875376,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
5b16a1388864e8f07cd3bbf70eecbc4c

SHA1
dc592a3b27ec4a1f9686d90604664e18f7c82852

SHA256
a292ea2fab97f4de995ff877ab5e8d8bfafa94064ea0c6509ca8537a62f8f0ee

SHA512
17e28f4eb2e319d13d50812df88abb0722f8f709ba834b4eca5d96abb9aba4af9d38c687024f00b5fb06f287a4e54eff1742f7a83060a810da5ba19d5e4370fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
516de9d02f16db0d29c8c46cf4acfd10

SHA1
41d4257e5e32bda8e9900ca4279b534119a6db0a

SHA256
8c038314da9bb554a4b68fcf28b97cc5a3b6aea5c71b4d1d992cb1b1816bc8a5

SHA512
f41d1c54ee057f37126a475fd795a36d6c20ecb2140c81b6d12cbfc16a6b048a931b39aed03b545c958328bb00e0cc3d9837c4f5316b8d290be4663e51f59732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
108ceb0c5db89c2579b34a01efd9e241

SHA1
ead1acbc9b80535cf9ca04c462e3eaec43020b8e

SHA256
b11412342a4285c4b4bc2c518367c68a85dbbb3328c7872fb5ba534505cfc910

SHA512
8c6ab0467a39c5f551db290621e51150f6d28465fc34da013a5b214e3dda6b577e1adb546a08e99906007e4ed759afdab27735ba65ec69608e5b53647024dbc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
391789247ab0d2aadd21dfac12265cc4

SHA1
5ba104613b2070b45ddf7e9601a7f13606d162c3

SHA256
bf9dcee00cf68773bb354feae1b2b1bb50205a6f8763fa9b7133aa93cfdf34b5

SHA512
d5bd3d8965bd2c0f945f08d89ca35a89035278fcdcb6973cb0cecd138ea586ff2b99414de5b0b4182919356b51dfd28d952cf0340fa258aef7dabdd5b06d3160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c881c9d063eb3a5dd811bcfd7b9dc2e4

SHA1
4562f791e2977905c8257f889eadc679004f2cb1

SHA256
4185b0cec5cdb215cfc488a225404c0f5041da09e68770536045416d4ca451aa

SHA512
827b9d88895cb5bd842a9bf791f6af7e8176aa8d0473574cde7eb86ece4d08dfdc8d40a35380cea33f31369ca45c61958052f3890abc1d7d357519211c7c16bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
eb697822ed359a8717a289eefeaa3e0a

SHA1
723bc95192502d19375dcf058a8c700cc3ec03ff

SHA256
74db6e31a636ef188748e24c599b5de921e1ebd099c70b7864453ef16f2e16d4

SHA512
debc8490059744a2a1b9a83f4eb74e79fc75a8afb1032ae99ff1838a5e033fe45ac7310d701dda55bf715f0324cf215bea7ecfab7f29cf7b2931f038a1623eae

Download Submit