hxxps://www[.]multivista[.]com/schedule-a-demo

Analysis

max time kernel
78s
max time network
86s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.multivista.com/schedule-a-demo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597497196763190"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
412	chrome.exe
412	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
412	chrome.exe
412	chrome.exe
412	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe
Token: SeShutdownPrivilege	412	chrome.exe
Token: SeCreatePagefilePrivilege	412	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe
412	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 412 wrote to memory of 1392	412	chrome.exe	92
PID 412 wrote to memory of 1392	412	chrome.exe	92
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 3852	412	chrome.exe	94
PID 412 wrote to memory of 5032	412	chrome.exe	95
PID 412 wrote to memory of 5032	412	chrome.exe	95
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96
PID 412 wrote to memory of 2380	412	chrome.exe	96

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.multivista.com/schedule-a-demo
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5f149758,0x7ffc5f149768,0x7ffc5f149778
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1928,i,13215350556665414758,14458063836323477276,131072 /prefetch:2
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1928,i,13215350556665414758,14458063836323477276,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1928,i,13215350556665414758,14458063836323477276,131072 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2148 --field-trial-handle=1928,i,13215350556665414758,14458063836323477276,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1928,i,13215350556665414758,14458063836323477276,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5204 --field-trial-handle=1928,i,13215350556665414758,14458063836323477276,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5296 --field-trial-handle=1928,i,13215350556665414758,14458063836323477276,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 --field-trial-handle=1928,i,13215350556665414758,14458063836323477276,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 --field-trial-handle=1928,i,13215350556665414758,14458063836323477276,131072 /prefetch:8
  2⤵
  PID:1564

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1212

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x2f8
1⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3768 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:4656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b07a25960609b7dafa99f58cc0d9d490

SHA1
af1a5b07d198f9c82c3eeb5212a87c2084487170

SHA256
bee80d06e9b57699a7070252f030a13b56d4bbf9bc483032f90e485770481244

SHA512
d626e64f54bd9d1d557aed311670da2ee917a9bf2d98d2af064616c4d61b82795d430c9b2490b9424968ff0791250fb51c828b2fc0c04a10492948c5a7f2704e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
f7f52b8a006d055481bb1f5c98349a82

SHA1
b217d6d72cdc9732acaa4d0db048784759f7d4df

SHA256
d625af8b72691645c844b93d1f5b0b583afb77960a5f36b4325fe1cc572fd2c5

SHA512
beb9f11f828ba182c58d998da73dc2d9b355d275ffc55dbec618a756221677ace9a326a46e525991a5ea2e35558a800d84575ce0994a2d9cd2a037d2fb3caec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fa40959acdc7bc4f711d4eb02b41658e

SHA1
abf40844435900e19b0036be8b73753b78366d03

SHA256
d3b770e01d8f3184ad71c6316497e5cc17623a9df877aee093ee497e0274c05b

SHA512
3daea782a0a9f7a3b1586c10003772fcf67aaf960653fa3a559f5ce4af41d25ee73c1e0e770d3281721b11758da4996b7793d0fb28cf3eb562f75249c0f54493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
169de6026fcc98e8869f2d11cc2c04a8

SHA1
fdb59bdc84d1cf1d12798bf890c70ccf1077c9c1

SHA256
d63025b57a65fb7cec8328f1ff945d4cbab7eb1b4c02ba3a1f62e772eb0b217c

SHA512
3a6fd45f8e3df76a967cbe04a33da09bd5a6133fb96d2e41474e6f30330e7be47cfaae06a9bf48fab42a6d18157b239d1bb5dfc9bbbaf7d553661762e9b0998b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b69114252c70909dfa7aa91d7442b245

SHA1
1542b7e75d9c4be2aafcdd7d94d04a12f61758ee

SHA256
afb2e27d9c80ae89ab0dd6844c480eac1149367861677ab6c8ebb38c33de3b39

SHA512
fe6c5e42e9605a9d71a8e5c7d4731004da98552fff333876e0f77128d8db1d333b95ffd5a8e905d98f9efa30c99b742aa7d0f3352f9d22502643a1c0f7fa723e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a62fafcfa68b9f9c3c39b6b05c64874c

SHA1
4e2e5a412edb099714fbe538ebc37c3a0c3759ad

SHA256
f3d05110b5492a008bb561f70cddf8c41f8dd8fe0208186150a387790271152d

SHA512
fe1bd529a5cc22afa24c7b1b43852bc34bae2efd6e03cab0182a552543f40e92760b9cd9a1d436ff69eb600ac16c38b56df67428b05a72aa771571d09eb8a624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5e5ea9357f893e9f4dbb05751e9e594f

SHA1
8a8bf0b4481c45d875b0d97c64e82bb18849152e

SHA256
8806d852c79baf285065434b7b27d2c2ee9896c8ee84c59d7c113331592dab8a

SHA512
6f59c0efa417b21df98bd9a23de8d9892b8ab1f8a51b018de898a758228f0eaff73c17b83dceb36cd864778cacbdcb2f9a1e46dc14f6fd8baf527e471fa97a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
ed4f0be0c5d3dfcffbdc42ed43e47f36

SHA1
cffe4a8dd8254fdc73bec95142998ea13396a32f

SHA256
88846e5431a8f10d11f9773cd58e68632e54c7229be8c3ecb64cba7b0c10c739

SHA512
252c7711132afd298e46d7cdd6ff8f332e08c0be72ed8e4331085ed852e7cd62f8894fc7075059aae53008b448cdc9ae27d0c5d0a786e83697fb85c952bd3497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit