hxxps://bookme[.]name/simonmed/us

Analysis

max time kernel
30s
max time network
26s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bookme.name/simonmed/us

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133602037058997949"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2360	chrome.exe
2360	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 3408	2360	chrome.exe	83
PID 2360 wrote to memory of 3408	2360	chrome.exe	83
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 5024	2360	chrome.exe	84
PID 2360 wrote to memory of 2008	2360	chrome.exe	85
PID 2360 wrote to memory of 2008	2360	chrome.exe	85
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86
PID 2360 wrote to memory of 1832	2360	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bookme.name/simonmed/us
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddd80ab58,0x7ffddd80ab68,0x7ffddd80ab78
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1864,i,15674182609295540123,563733029821987866,131072 /prefetch:2
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1864,i,15674182609295540123,563733029821987866,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1864,i,15674182609295540123,563733029821987866,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1864,i,15674182609295540123,563733029821987866,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1864,i,15674182609295540123,563733029821987866,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1864,i,15674182609295540123,563733029821987866,131072 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 --field-trial-handle=1864,i,15674182609295540123,563733029821987866,131072 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4380 --field-trial-handle=1864,i,15674182609295540123,563733029821987866,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4524 --field-trial-handle=1864,i,15674182609295540123,563733029821987866,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4748 --field-trial-handle=1864,i,15674182609295540123,563733029821987866,131072 /prefetch:1
  2⤵
  PID:3860

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
502KB

MD5
add520996e437bff5d081315da187fbf

SHA1
2e489fe16f3712bf36df00b03a8a5af8fa8d4b42

SHA256
922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4

SHA512
2220fa232537d339784d7cd999b1f617100acdea7184073e6a64ea4e55db629f85bfa70ffda1dc2fd32bdc254f5856eeeb87d969476a2e36b5973d2f0eb86497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
4c554ee920455bdb738e9885cdd0f1f5

SHA1
56644e8331b7bc65fbd3660252576567dc563802

SHA256
ae7800b80e025e529a88b7590f190246bc49944eb092744043ba53f4de12e46a

SHA512
ce9263b9327d251f0fb31e9b829dbc8f4eddacf7429635f9ace781bc14f7c7ddb49f547ecf459c36d229967f1a29a78347a527946c69a0eb62a32f71762c7ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
faaa20b02f8a4d7850cc08bb9ee4427f

SHA1
c723bf54421733a4cc15c97da72e97be320f9f09

SHA256
814137f77641728e157c42efa3da7e7156d3b0b89452f59927da98375b5f2edd

SHA512
ff5e7e3112c9754390763b04f3126d9b4cee2b18c4825f417ef6b8134d2ccc0d151d83b06f6237df82fcd73d42d1e11ca42cab64324641f8f5014f40dda7c2b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0fa0c5b5d1ba59513d4b5672c94de459

SHA1
f6dcdbc9946aeebbf664f458cde5ea6f70ce60c7

SHA256
1696f73d93e5ba57c594dfefcf191a9236249c6c856b2ceeba579b2ccdb12e65

SHA512
f2cb95b7ab79406b59f687e4b3d2c13fdd1792131b6eadf9c1ba3a6a87ffb388bf3a8287344bc1be80475a94b8e6f72e3e2126d0e8761e5824168156180ded96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
bcf8d542a50ad98016ad8b98645a4e06

SHA1
3b7ed17509ab4ae092a70595af6093f090ed5008

SHA256
0ec699eeb51a15c27835bd06ff0c4df557bd5d68ca826c9c66edb3f3c1f42580

SHA512
45212979375bd08a0d4ec8f6ec980171ae19e93a8115e2e238a1da27bc7e0a1835437596214f2e6d2764b6495f06e4bf9fb8dd1aa9111320e51ef410ecfaa126

Download Submit