Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12-05-2024 17:57
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://southcentralusr-notifyp.svc.ms:443/api/v2/tracking/method/View?mi=l841SKn0D02gHJX6ngXkjg
Resource
win10v2004-20240508-en
General
-
Target
https://southcentralusr-notifyp.svc.ms:443/api/v2/tracking/method/View?mi=l841SKn0D02gHJX6ngXkjg
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600102422729865" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 924 chrome.exe 924 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4060 chrome.exe 4060 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe Token: SeShutdownPrivilege 4060 chrome.exe Token: SeCreatePagefilePrivilege 4060 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe 4060 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4060 wrote to memory of 2284 4060 chrome.exe 81 PID 4060 wrote to memory of 2284 4060 chrome.exe 81 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 3180 4060 chrome.exe 83 PID 4060 wrote to memory of 4520 4060 chrome.exe 84 PID 4060 wrote to memory of 4520 4060 chrome.exe 84 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85 PID 4060 wrote to memory of 1592 4060 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://southcentralusr-notifyp.svc.ms:443/api/v2/tracking/method/View?mi=l841SKn0D02gHJX6ngXkjg1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4060 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe86fbab58,0x7ffe86fbab68,0x7ffe86fbab782⤵PID:2284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1948,i,9290262937181223997,4401042550558034788,131072 /prefetch:22⤵PID:3180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1948,i,9290262937181223997,4401042550558034788,131072 /prefetch:82⤵PID:4520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1948,i,9290262937181223997,4401042550558034788,131072 /prefetch:82⤵PID:1592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1948,i,9290262937181223997,4401042550558034788,131072 /prefetch:12⤵PID:3456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1948,i,9290262937181223997,4401042550558034788,131072 /prefetch:12⤵PID:3256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1948,i,9290262937181223997,4401042550558034788,131072 /prefetch:82⤵PID:1304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1948,i,9290262937181223997,4401042550558034788,131072 /prefetch:82⤵PID:3168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1948,i,9290262937181223997,4401042550558034788,131072 /prefetch:82⤵PID:3400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1948,i,9290262937181223997,4401042550558034788,131072 /prefetch:82⤵PID:3996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1948,i,9290262937181223997,4401042550558034788,131072 /prefetch:82⤵PID:3800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4556 --field-trial-handle=1948,i,9290262937181223997,4401042550558034788,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:924
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5fea19428a7c12da827107ce288e0a158
SHA12916c85759e7e4f97b34ad8ccbf537a453f7df78
SHA25610cda2af90d6e4a78fa9fdb193d9d1815bb38a4bef4e9a1228a43baf02db2829
SHA512b7251020c5d2e0573cb3748b4e9401a656d9436bd915e95bc92e3752870d0c5b4b653b707d3a995a04be6a1f6f112899a3ff9fa6b77a57bf974279eb78e5f158
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD572b676a264fc627e08476e0dcb1b284c
SHA131aadd8a10f501b7c7cdc224618fe86dc8af100d
SHA256eec8d9036087b535805c60bc089a460d1f2091bd8277ccd4222fd2f1e2a63eaf
SHA512019c798af196fade52fe55d68e269c79350eb92b8e0e716434368aaf993e123db58d6856c90fc0ed1269b7679e566ee69d43d8208d1e350e431be1eb80a3eb3a
-
Filesize
257KB
MD57fc8fc4118b71ca3428afd750631323a
SHA1b67aa9c1882f56ec543388f370a1357600b354fb
SHA25650b195b5dc8db57077022481b303e59f8eb3a88b024d903bc52639c6258c7c45
SHA512cecc1051d1a247ed078c278ed1b618f38154b6cb70a2ab48ff62ed59696a9cbdedb91b8d89562b5767a7e8337358c6d2a5fa74950e212745a8dc96ab491d8a79
-
Filesize
277KB
MD5f84c0efbe98bd89edaf69bb379df6ff3
SHA1121502a2a3f72de3847c1ab355705a73373f47fb
SHA256c52dcad79347e29da411737c2727e69e1d542c9c535667b3629fe6e94406c944
SHA51207933a3f03176545e47eb5569b215f2a457b97a116bcb7bb0f02521b6b929a43f896c8a87687407114643083b106e4779ecc3b74ced107434b270b47c82b579e
-
Filesize
257KB
MD54184a7992c94cef94cb1218d3e7d9ec4
SHA152b6ef55743bf25d9fee2153073496fc94e9aa98
SHA25654aad339588bdb521d73417ef1ead61ea20e6c116dc03b73a516ab06e39457e5
SHA512ab6c05b5e17236512c76b22db4419bbdfa0f567383cfdeef554fe2cf37cc6fe052ef6fc87d284e3c822081d5d12cf096c8df261a9e3d1025b4f23ddb431f7121
-
Filesize
257KB
MD5d8b470c771fd85f15715362f03482583
SHA1ef2577e71e57fa49d4f58d438f18a3aaa9f474ed
SHA25623c9d9f0f9a601a4a7cdddd922898afd926ce72357484f01522616ce0412585d
SHA5124f71a17e2712f577f26c0b9366162cc4390ceaa4cefec662e221d27dbc4ff33edb65b1642760c9d5696f36ee7cd2b6e9366dc5f7057b7cbfdb2cbcbd34ab032c
-
Filesize
91KB
MD57040c0482b9aaee36011cae5d034de26
SHA1f5f0121f1d2509b02d1c24116130c4e6b108f905
SHA2567264b644b4dfd2a63d2c415dcae6d6539e238b477e5f7183650885b055b5865f
SHA5127964d51be1d5b047ea90f4652217401e9e480e377e7182b00c6ffba11d1179bb1ad522f49375eda205792ac07353740c72a1bd81aded01f189017250902f6d06
-
Filesize
88KB
MD5cb39ff7d9f59851c5a3594ac8b06e1c2
SHA12fcaa87dfb2c3233f72d0f6f19409f64ab8d2e2a
SHA256c6dd9da1e3839a02ef25a105e13fc6ec951d1dcf4d4e0fc0574cffb1865bfe7c
SHA5121a6cc57d7175a478402c416cf5bb735bb6d35cd81dcbbe40931a1209861eb9c8cac539590ccb6a684d542de07183239ac7d9a1d0e5e1042b987c97b1e5f15e65