hxxp://subcom[.]online

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://subcom.online

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1588	chrome.exe
1588	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1588	chrome.exe
1588	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe
Token: SeShutdownPrivilege	1588	chrome.exe
Token: SeCreatePagefilePrivilege	1588	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe
1588	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 1976	1588	chrome.exe	82
PID 1588 wrote to memory of 1976	1588	chrome.exe	82
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 4404	1588	chrome.exe	83
PID 1588 wrote to memory of 1820	1588	chrome.exe	84
PID 1588 wrote to memory of 1820	1588	chrome.exe	84
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85
PID 1588 wrote to memory of 1616	1588	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://subcom.online
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86ae6ab58,0x7ff86ae6ab68,0x7ff86ae6ab78
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1932,i,185606715959317404,1625973041253696352,131072 /prefetch:2
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1932,i,185606715959317404,1625973041253696352,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1932,i,185606715959317404,1625973041253696352,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1932,i,185606715959317404,1625973041253696352,131072 /prefetch:1
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1932,i,185606715959317404,1625973041253696352,131072 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1932,i,185606715959317404,1625973041253696352,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1932,i,185606715959317404,1625973041253696352,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1932,i,185606715959317404,1625973041253696352,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
411526d77d0a1c5ae380cfa1565eead3

SHA1
a506791a2e14dfa35d8804c61f9801ef9521a3e4

SHA256
2d6af350000638f6ee51a48c89c5b12c015c02dd23a2cd500f0c998f6ada9e56

SHA512
d4ebdc7d6f2a0abc1b07bc05c7c71e3d14da21f140506aacdc1cd28e065e28176c64945f9b4beaec57c4b79eea982f50df59b64fda00105fe194551ede6dc337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
dc8a72150d7ce459e030a81e5f359ed1

SHA1
ca263cb46d02e129c4df08d06d792ec4abf5c0ec

SHA256
36a40c0b3f03b76f7bb5c6e490953b3169440e6a85ead5302b923db77520ab31

SHA512
a90916d08962505009c034a8fbb2335bb6f78f6bdb011f4202bcf5e01b10be4e896fd4c6ca7706d3d956b2cc167f2d89c7c037f305e7a61c39e8622d1e868884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
c9a41bd1226a54046baa310002825049

SHA1
f62c7d2693f7bda9e8bc26e9a88aa21aac31d906

SHA256
c23f7132bc9edf7799788edd342e117f19eaeb7f0e9aeda8b08d73d40dce84c2

SHA512
57230395806d63ba768a1c0621336dfdf02f20b4711c3b8dcb5b66ac753d6c5486f5b80df9de46a1d9d65fa0a76758c36b1151dd432224f5a4fe1837546967d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ad03bb26b87a2467e06db589ac1cacb2

SHA1
23544f83fde005b1e064084d96ee3bf7cc450717

SHA256
8d7053c075b9d106db57569a50b25c73cad55f9ee4f7a8174c7b6559fe6757d3

SHA512
b460888cbbdb38ad7ccb4808899890df52654770722bac0540e94fced17040a0ce445ebea3f63bb51d4347713a1a51f96dba4b5d8221e73a07d3dd4275092c70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
ff3b806fa15d1951fb25332bc30d6a55

SHA1
af24178ea57afb3d8c0f59e1f5f39453d0fa65f3

SHA256
577e16729ee22574359d222f01a3e85ccd3c98034aa8589d405f611798ab1879

SHA512
6b466847942b7c473749c2d89561179cff700e09c544c5bd4628dbfe959b6c5b18732256383023267f7c6cfb80ee103d74b14c0c2f92973e4cb1eb9e975f79d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
03a60fc0835e3811abf7f8b07e422bc5

SHA1
0eda328b6252d266c7bfd123d60d32d25b2a6433

SHA256
6b2f7a13a5ab684a21344d993cffbbd8a9bd935da0204b59ca9cecea8d9e6c08

SHA512
f08a8c3974c96c5c12a37153d48fcc1858171d618dab8a28438545f7062a6a580cb4a9318a46091f8cc05fefb4916fa2628f995f8f74531c0c4debeb6a330712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
7e69452c9c876d9b3c941f20111349c3

SHA1
6b5302042b6ffb9726c5b3f2f14ea30e2a2cda08

SHA256
0047da430df0b535eb185cf0ec57649103457ff295fd857625f8d75ee955cc52

SHA512
08daf0ac6c5a71b031e075a763c65e5295ddf450f85bbcbde82ff13e6dd203989397b0da83acfcff0d716a100c6ffa63fb8d33e8ac4554fd898650b0b6ecc3c3

Download Submit