hxxps://shorter[.]me/Fffck8

Analysis

max time kernel
35s
max time network
37s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
20/05/2024, 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shorter.me/Fffck8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607145041083453"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
280	chrome.exe
280	chrome.exe
280	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
280	chrome.exe
280	chrome.exe
280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe
Token: SeShutdownPrivilege	280	chrome.exe
Token: SeCreatePagefilePrivilege	280	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe
280	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 280 wrote to memory of 1208	280	chrome.exe	80
PID 280 wrote to memory of 1208	280	chrome.exe	80
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 2360	280	chrome.exe	82
PID 280 wrote to memory of 3444	280	chrome.exe	83
PID 280 wrote to memory of 3444	280	chrome.exe	83
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84
PID 280 wrote to memory of 3380	280	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shorter.me/Fffck8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdaa08ab58,0x7ffdaa08ab68,0x7ffdaa08ab78
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1500 --field-trial-handle=1808,i,2854538162864817663,12189099592060681045,131072 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1808,i,2854538162864817663,12189099592060681045,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2128 --field-trial-handle=1808,i,2854538162864817663,12189099592060681045,131072 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1808,i,2854538162864817663,12189099592060681045,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1808,i,2854538162864817663,12189099592060681045,131072 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4064 --field-trial-handle=1808,i,2854538162864817663,12189099592060681045,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 --field-trial-handle=1808,i,2854538162864817663,12189099592060681045,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 --field-trial-handle=1808,i,2854538162864817663,12189099592060681045,131072 /prefetch:8
  2⤵
  PID:2752

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
b76a4ec120e43b744311809b9f31aa61

SHA1
8c85927af4b6323961c98826e01fef4311edb3d6

SHA256
0ffc0f81485640c44dcdddf62427744818f5466cf4a4b3cbba8bd5faeae03927

SHA512
9979e50f7dec333799eff79ad231342374ae61298ff62b2a4570adc2272989110cf52a0ec002fdb45e52a014be6dbfa4e6873fc8670470dddf3066e0ec976e44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
203e67a612fe2af2247275984c25da1a

SHA1
4cfd00a9d08b07d4e11fddc7eb24799a392c18c6

SHA256
77127a738ab252a3b2ebf5d64d79a5088d68e6c5a91c8a32647aee6250043b60

SHA512
b4b955ee6e9b821c26abcb0909b635d2855ea59252e52b8c9107268f877e4ff3e8c5b08435956a9dcc424db69b5186cd0afa9e8b53bb09be6dc6aab54e696b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
c2097fb220ca912214075e516c8b13eb

SHA1
c8cf4c8a449a776aa0d83bb4ae948af6f89c8750

SHA256
cefcc1e8b239c34da3e44274ea74c31f097da4f2ff4d5a1c0be55c63974ad999

SHA512
c31f11de3a92800d98cb06a9ec29b664f090b0343825e6a19556cef987c077cd9fba97a4ce8eb84cacf8c0d3136189344daa8e31c2fb1b530326a58b31d7cb32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d9d315f0b8bd53aa6975da535a5d44f8

SHA1
6fc5b6bf76edd2e5bcf2e7f030085a3950e2ef19

SHA256
022be662e6a631b5c16a08cf2a3dc2d6cbfa662414529dc40b554647211e0fb0

SHA512
bd06cbd42c7d613b282ccef244bc52ef10c49c9f3cd114d6f2c41ce6bbf37a47ffb3b9649e72b603bfbacf12a4a30c7b00d500c4642bd345bccbe4ac5e8218a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c7df31644f425255da01ed50a5ce9fc2

SHA1
83866d6997be96c19c8be37bb8d89bc2db41e095

SHA256
539b32ea3213e294f92eab09176222ee40339ab61b785785ec52a71523a364d4

SHA512
8340b84ae49f4d437302fbca180d67ff2bdd883943940f38c8d82db56a176e449dcb9499e4484eef06697f789c55d8f22fca956c6a7d33d09a6d499745bcfa00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
19dc82811ff63f3a30a5f4e1b590811f

SHA1
30bd4f5b7a9b85ea9406e408df0656b0a5ac358d

SHA256
dd39f4979093521adcc0244ccab0aa16761c2ea8bf645edfb8a2971599ffd679

SHA512
c39b2057a92ef72dba5b93f8b3a9eef7d151e41392abc12bd2a60a6e7b6558934fad0cff66be52f5b4aa79b02677745a1764f6a4f55e1c5b5a4c7680e1bd2e01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
415e29a5e86f5d654337df40e733b56b

SHA1
16e45b7d3ee9caf711b5f1c0a315e37cecd2e5cb

SHA256
f50b8e6f2e31bbd1d574aea233f1df749590644149f26be691576f275e5f67bc

SHA512
a900e524f0c79062325976807c5e3faecdb847b0f400f6b31a9a6bae18a38754e2899ed2578a948c777c3ea5ce4b3b775e694dd8d26f527aff6579648920ccf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f681502a68f480d0197188a66e3e2d86

SHA1
900a9beb4498feaceff85bf7325a4f5c3804ead7

SHA256
322ebaa60f0d465448d1109670a106b50875b49ff4cc553c7ae96c2c4409fca9

SHA512
b87b886ad0386cdd4337314dfbb6925cb6781da1d56d924868f154052b34e0dd348bb108bb934fc8bcadd2e12a86daa4743978549335873dd76ec5fdbc2b61d5

Download Submit