hxxps://feetapart-dot-yamm-track[.]appspot[.]com/2_AluxgJvxrz-zxWqhiGGNX09MLxea-fIhRA43LbEpvfHILRhjwFk-pDrYi9Av6udLe6QK6HlPYxs1wGJ6wl87Mi-4lWNE3MPrr4W8ezReZeCR8_NCkP6326goo6byowAydpd9RWrs7nvB9pWDbRFCMtIPzL1VAu5ofI19yEuGtK1hXjOeA

Resubmissions

21-05-2024 11:33

240521-npc7dacb25 1

21-05-2024 11:26

240521-nj36lsbh5s 1

21-05-2024 11:23

240521-nhc8ssbg8w 1

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://feetapart-dot-yamm-track.appspot.com/2_AluxgJvxrz-zxWqhiGGNX09MLxea-fIhRA43LbEpvfHILRhjwFk-pDrYi9Av6udLe6QK6HlPYxs1wGJ6wl87Mi-4lWNE3MPrr4W8ezReZeCR8_NCkP6326goo6byowAydpd9RWrs7nvB9pWDbRFCMtIPzL1VAu5ofI19yEuGtK1hXjOeA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607644041485038"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
3860	chrome.exe
3860	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 3776	4084	chrome.exe	84
PID 4084 wrote to memory of 3776	4084	chrome.exe	84
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 4952	4084	chrome.exe	85
PID 4084 wrote to memory of 716	4084	chrome.exe	86
PID 4084 wrote to memory of 716	4084	chrome.exe	86
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87
PID 4084 wrote to memory of 992	4084	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://feetapart-dot-yamm-track.appspot.com/2_AluxgJvxrz-zxWqhiGGNX09MLxea-fIhRA43LbEpvfHILRhjwFk-pDrYi9Av6udLe6QK6HlPYxs1wGJ6wl87Mi-4lWNE3MPrr4W8ezReZeCR8_NCkP6326goo6byowAydpd9RWrs7nvB9pWDbRFCMtIPzL1VAu5ofI19yEuGtK1hXjOeA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94289ab58,0x7ff94289ab68,0x7ff94289ab78
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1776,i,5005179966046944122,13904460219234749812,131072 /prefetch:2
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1776,i,5005179966046944122,13904460219234749812,131072 /prefetch:8
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1776,i,5005179966046944122,13904460219234749812,131072 /prefetch:8
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1776,i,5005179966046944122,13904460219234749812,131072 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1776,i,5005179966046944122,13904460219234749812,131072 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4100 --field-trial-handle=1776,i,5005179966046944122,13904460219234749812,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1776,i,5005179966046944122,13904460219234749812,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1776,i,5005179966046944122,13904460219234749812,131072 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1776,i,5005179966046944122,13904460219234749812,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3860

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
099253611f09b622b007e7e7f8be5b44

SHA1
1e72b59220d69af7989e7b928816bb82021b0ece

SHA256
987fe44986025a5924a140f1d86b4849e8381b566f319d4e2604da31342a5268

SHA512
21b58f0dc13eb2cc3f1c8fb728132830396137c022b26a08e57c87c44bff4b03d2c16762f8ee1e329ae0b3b3ad4f8dcdfcc648d5be6e79ef3c26386bbb839396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
23f8ce92f5759d0f0e2af5eed8566ae0

SHA1
3c8ee1ba0793fa007920b7a253fa7ab7a635584c

SHA256
1e65583ab35506a3f069e842ec2d6db5c3fc0a8219540a3d09461cb869738542

SHA512
5ebbb319d2917af447acf2d0b0f449d6482409e4cf90058d140304ece3650ba721c2f8e7c22934457eb81ad710ea13a98d90ac26a3c5486978a5292a1668146b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d8960e2851c2f88821df38cd9f060ad7

SHA1
b3d2470e2b4f891f877bdde83f7cd0d0729478f6

SHA256
7984dabe5cc27e826186a365e082b2453a8995318dcde9e141c4a4dd6067b25c

SHA512
c3fc4297c4950abf6c360bb0acc9c3541bbb02b4408de96b593a14e26acbf7e40a3bc7d99b7690b88a94662dbc35f6c39fad983bca139d3967b5dc11c24ff68b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d794cda19707ba7cc3b91727772b68f0

SHA1
534079ed94117d4597fe3fb2a4b2d3ed5a30c9d0

SHA256
5f3c7df97e52f971fe854469c9b58d34793f62233e185540b708ee6d66c2dd76

SHA512
05196664afa9b7a12685f609f7ad0977f389b399ec849d4e53155a524354de2bcaf02c84aedff463b16fe5fb2d4d765fd34fcff1ca10a8c12d4b9141c8aca0b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ea0a7b38478b23a503fd1cbafa37b9b2

SHA1
33f23d9d32598082c4a656c58894c0a41e1d9741

SHA256
bf79d723f0821cd963aa44a7127e13522c3f0f9352d9309c4f2deed78bf52ba4

SHA512
7a6f936c5e1c0b8fd0b91a2d7ed91218798f3dc128c2b63762efa119adde915ba6f68e7fa746c71e78cd887a2982d5ebe7fedda11baad2b4bd5d6121721b86c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
3ecd648dbea80d10b83c69f22e2353de

SHA1
11000669dde71b6e98be75a75d26a589e555b945

SHA256
4fae3a3e60d03c54641e8a6aa3be112e58fc3311c73569d2d5e98e18198506f0

SHA512
49b900648ecb50b8ee3316995e20f0b57efac486fe436ec62f342386bb48cbad57bfc3845b8da7bd0edea24103da8900130637c87601614777490e3b9633e8a2

Download Submit