hxxps://netigate[.]se/ra/s[.]aspx?s=1217000X431815374X18195

Analysis

max time kernel
35s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 12:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://netigate.se/ra/s.aspx?s=1217000X431815374X18195

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597331282120710"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
228	chrome.exe
228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
228	chrome.exe
228	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 1172	228	chrome.exe	90
PID 228 wrote to memory of 1172	228	chrome.exe	90
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 5036	228	chrome.exe	92
PID 228 wrote to memory of 752	228	chrome.exe	93
PID 228 wrote to memory of 752	228	chrome.exe	93
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94
PID 228 wrote to memory of 5060	228	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://netigate.se/ra/s.aspx?s=1217000X431815374X18195
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc097dab58,0x7ffc097dab68,0x7ffc097dab78
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1912,i,10100607316670441732,11044159980611729087,131072 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1912,i,10100607316670441732,11044159980611729087,131072 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1912,i,10100607316670441732,11044159980611729087,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1912,i,10100607316670441732,11044159980611729087,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1912,i,10100607316670441732,11044159980611729087,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1912,i,10100607316670441732,11044159980611729087,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1912,i,10100607316670441732,11044159980611729087,131072 /prefetch:8
  2⤵
  PID:5092

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3668,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:8
1⤵
PID:432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
3d66469422dbd5bebe9d98d213650d36

SHA1
ef6e0751e4e6ed15a46a59373df934028f225cc3

SHA256
a3ae0242a22cf82f9a6391a220f81257f739326f897c9f2541e2ca497d5b8a52

SHA512
591eedf4133aa208185adec5df5d2a9c76735b632bfe4f6c145ee871de3e4ad07d3011b3e22765a206b5fc4d0caef7529875983d359697eaa1802073107d2f23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
9c453f0a560918eafc69e38ea7a5a472

SHA1
8b38745d86ed1fd807c9e1e653580a18ceff9a46

SHA256
8e555544c72f26c42200bae16a10adfcf4f1107082176371d7af0e62c1d85128

SHA512
2ea978a58aface572f8dc926b0634818c42172acbc9d225c63773d5a41757595c65e0431d0d8e1378daa064a9cce0841a4e116e7a38198d86d9c3def002195bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
15c47d20b41964e868b4c9aaeabf26d5

SHA1
217e6053ab75f81a4a63d631fca4171d69a00dd7

SHA256
e07993894fd487f596d4f3ea0a2c6f27c26863c327c0699523185b2fa93a5f58

SHA512
83762ecff2399ea4d3e5e29d4c4006dfadac2c1369b765512ce64b77d220fee9b55383cbb42136da9abe1fdd71ca6630b5a3dd6c64e1d9e7b0b7d12586969c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0ee34dcce9f74785886e7757d0007d4e

SHA1
c95d4315c0edeb7b1d9516765ce082ae5a6c4b11

SHA256
501155ec977adecb0563ab20691d1ffbcd20db2c931f192b03bdd7da7b053a5d

SHA512
ddf72b7c9b5bc3c824774446f59df1eb189e0b65825c22244c9f31c58bc4635ac0c4a62d408ffe1bccfc8969d6f0ad06e61d7ab8614cb971effe9629c8351890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
659d32bbdd3b74ef5d9dcf8a225c9ade

SHA1
90d0792e75dc33eeda7d10c471ed9f6f1d0b8431

SHA256
ee071c5a5d3dd3a7b3b33f0a73f8dc1e8da14fcbc52e3f87cbff83553dd08256

SHA512
43f21decc636190bfcf899f77bbfe2a04c6bf6229030fc1593f5f715fec5ab9d2a4fc3b833ddf24de753b2ef85d507dbc31bfb7c9574ffc333ff0fdb9017c2de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
9f6b781932d04cb7016a1aeba9c0ed56

SHA1
c716c039f59a24c8ff3e73f9a18fb280c50d021b

SHA256
d8b1a03a0a2a062a4375cc24892c60274a1e7624464ca33dd64da941564a8c9e

SHA512
81acf48f5f89fcae22bd3d9bc02b1ad02adb3d3aa0cfc53bb723917805c31b287ecb6023beffca2ba14dfa9948cfeddd16bf06fa5e1d65203d6d4add78a68f93

Download Submit