hxxps://tripcurves[.]econfigure[.]abb[.]com[//]tox[.]ini

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tripcurves.econfigure.abb.com//tox.ini

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133604218066387722"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2168	chrome.exe
2168	chrome.exe
1028	chrome.exe
1028	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 1012	2168	chrome.exe	82
PID 2168 wrote to memory of 1012	2168	chrome.exe	82
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3568	2168	chrome.exe	84
PID 2168 wrote to memory of 3716	2168	chrome.exe	85
PID 2168 wrote to memory of 3716	2168	chrome.exe	85
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86
PID 2168 wrote to memory of 4740	2168	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tripcurves.econfigure.abb.com//tox.ini
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5767ab58,0x7ffb5767ab68,0x7ffb5767ab78
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1876,i,7220245811043523836,14058738635851349343,131072 /prefetch:2
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1876,i,7220245811043523836,14058738635851349343,131072 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1876,i,7220245811043523836,14058738635851349343,131072 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1876,i,7220245811043523836,14058738635851349343,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1876,i,7220245811043523836,14058738635851349343,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4104 --field-trial-handle=1876,i,7220245811043523836,14058738635851349343,131072 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4596 --field-trial-handle=1876,i,7220245811043523836,14058738635851349343,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1876,i,7220245811043523836,14058738635851349343,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 --field-trial-handle=1876,i,7220245811043523836,14058738635851349343,131072 /prefetch:8
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1876,i,7220245811043523836,14058738635851349343,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
e1f0df8784a4aa2f7fddd6d5368deb0d

SHA1
7b4f0d0db4fadc33f3c17e3361953bc017462114

SHA256
afb5e2a832d728a2685fc14ba88ec6c474b321c5a1f262b5a4bc4af81aa004c5

SHA512
1a2bf21b4f7f26af2cb73bc48231f61aeccde9d90f3e623c38402c2c5febc6b455a7f35237366688ac3c3da0763f091783f5f471e8811c233041a039b3ee3c0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
42ec04e078e0b2b31b39d8b874121f96

SHA1
145a6e56cc75dc4c56836db412070520e839b1f1

SHA256
bfe4b7008de065641341a9018b84e87fe20f6a5c7117b7d86567e50c1290a374

SHA512
1d8bb51494590f4ced05eb4ae295951507698b5404c54d2da0a603d07089836e5ccfa4a9655c16108501cc18c774aaeb10bec3d08ebcbadc96d0283004e329d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f714c693-6311-4577-af41-e528066bbaad.tmp

Filesize
1KB

MD5
7340ce492df58444d9ab359f62c49bf1

SHA1
72df65c6f82ef590f5e311045214393d42af3810

SHA256
47556697ccc0f9ecd503dfbbec250b82dc25ca0165de2c67e17b02e14b63ffdc

SHA512
22a886f41dc6dbb5705250c8155f45f68d18aabcc20f50b451e1b025142af6f58cb8ce2e1a03fb9bbdb2af3fe429240a297826ae3a856e5dd9de6ff2a71d0815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
de509c750821fa1c705c787919704ca5

SHA1
6c5b5036998e43ab040dfcd2f3f8e388f4d60680

SHA256
ab3c9290d58867c66ec4e4ff43f23cbef2c31d057cf41e8fae7ad68a9a9752f4

SHA512
e72dc164a6a0eb5ecf4a9d7b76a90d1894d9988a97a5cd112497a5f49fffcf2da9a3d000a8d6d813e1536675eb08959ed840de35940972b295b363aa9f1535bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
975df73be8929ba9c7b72547705997dc

SHA1
7cfd3ba1ec6a3dce58c504496649a35f7449e928

SHA256
5ed894403f750070c2fe9c99a8c51654b19dd407343ef4835677393c456ee233

SHA512
9c6b708eadf2db5b6efdb9e1e6a7e4169f3e0ec10482871a21d9c36ff7939d216552d598431d6ee4e2c86e4907219125e4aa004ca08e2ec5e70475ff3e2ec059

Download Submit