Analysis
-
max time kernel
599s -
max time network
486s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-es -
resource tags
arch:x64arch:x86image:win10v2004-20240508-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
22-05-2024 21:29
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://cl.gy/tnYLG
Resource
win10v2004-20240508-es
General
-
Target
http://cl.gy/tnYLG
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608870579737634" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 2464 chrome.exe 2464 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe Token: SeShutdownPrivilege 4348 chrome.exe Token: SeCreatePagefilePrivilege 4348 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe 4348 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4348 wrote to memory of 1444 4348 chrome.exe 82 PID 4348 wrote to memory of 1444 4348 chrome.exe 82 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 1708 4348 chrome.exe 83 PID 4348 wrote to memory of 2144 4348 chrome.exe 84 PID 4348 wrote to memory of 2144 4348 chrome.exe 84 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85 PID 4348 wrote to memory of 4964 4348 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://cl.gy/tnYLG1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4348 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff781ab58,0x7ffff781ab68,0x7ffff781ab782⤵PID:1444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:22⤵PID:1708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:82⤵PID:2144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:82⤵PID:4964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:12⤵PID:3400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:12⤵PID:4652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:82⤵PID:2028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:82⤵PID:3836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4636 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:12⤵PID:3032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:82⤵PID:2460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:82⤵PID:364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:82⤵PID:3168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2464
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4052
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5dcd16a5c0211af9e2c549363cbd81ee7
SHA1e64ff9dd089d133cbe5bc3c4cb99dae3caae7169
SHA2560b5fc9c8ee64dcca171bb33a0e171b15ce2b3e9364d9622cd335f774ac9d43aa
SHA5129495726f4e70ab1f34f14be90caa3693bd8c887cef847904fc746bcdd6a8e49de62312d50cf1f941938865ff210a720b66ee5ebebdf4871dc6012242d54268dc
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
6KB
MD51b98d4226aa3a19315b4ff107dbe4695
SHA170110dfc1e1919e8d6ef17ec656a5ffe9d7917c6
SHA2567dfe85f12c3bcc3069f679899e163f736dbce57f3627fabbbfe6a15e775962d9
SHA512ac713eb7faba5b4e38521e41e3c1ec0338c00f8256492d85d6af961473950eeaf24f5917a8262dd94d19b4a57e1fcfaa475330d77eff5fde0fe2b6282a85fcf1
-
Filesize
7KB
MD52acf0fab06df745fc1a47a07d66e9c23
SHA183125246ca717e0d66069c081c9daef56fb98e12
SHA256a3e3a42f143dec25b51c3e39760a4cf5bd23900ba5585fa54a70fa93f1ef1759
SHA5125d3c0f29d8a5e9e17d1c405032bf6f572a72be35ed485f40ccd6052d7d3fa32c139e4262775ebb035271cb8b5dfbe70af01ca5f6d9ea792ec854b68f62d3a262
-
Filesize
277KB
MD5bbb225902c17acc1ec9a01ffcd239d4f
SHA12b5bb1a38c3d9cf0fc839f3a3794cc66f7592c57
SHA256c85e810f5be93a1b6174689b6ca069778a5042a2baf4daa6b08e9e59a1bea49d
SHA512f08cd2bd786a0d9ad757cbec7228cd4e0346d1b7f75b60ee26b39e96bee2dc5abee4861adca75c46e5f9bfd08562eff94346978851c7ea1f8b08f1a0721b9629
-
Filesize
257KB
MD52607bb3aa4cae7b442a6966bec78c033
SHA1e10f893705e96be5a1c174c63df4ec9b928f321b
SHA25615d489d48aae706dcf4b2ccb93c5428fe75d6509a035be49d26b0a7b8ee14b14
SHA5120fe7a946030633f979b7e988f3909bd61ae68ee2d1ed8b09fe471593254a8ee65877498bab2c9d57d2bf05d222aae2b93d0561af109d7225c0150d2b6a2557a3
-
Filesize
257KB
MD502ec6f52de6106f153683acdaf629bd8
SHA193a6423973ed9ed1ef0811b1c4843bfb5d0bab15
SHA256cc1bc2aa52bbbcdbfad05183c2cc297a536cc719a7894183b96905994b6f20fd
SHA512b10a2b630a2300ba814bc4dc5a3d2711d241cff55e94174ae490cf80c340e2fe82859ca08b34a9d601ab13a9675dff89aa93ff7835627f09517cea37e792d40f
-
Filesize
257KB
MD5e77fd2707f5d982b83a4f44ff8c3057a
SHA1b6cc7c188267c06800b2554d83a9ff0f1238447d
SHA25655d0e058ef9784e25704d8c4ace098a706fe626ebaaa4465cd0f505394ae42e8
SHA51264ab0d01588c9855e17039469372d1e75181e153c35a31ffdefd157fcc10d1799f5a49cd9b6e6854b08024b6490046799711607d94e7816f1578926028419a55
-
Filesize
93KB
MD5594283e11cf461ee50beb3f7bc1181ed
SHA19dc7bf487fe0d159292358a50889d7f92c4bd4d9
SHA2566c100c3f20d9ddb5d5e554ac1730d86bc3e2bde070195b62a83606ce151fefdb
SHA512648bb80f6392f7a2f9558fa0a8535ecc3b13fd852632c582f9b4c3b27a10d7d973236973acf2daccf7651324b270719de5269843461c974bf8868068842c4c32
-
Filesize
89KB
MD5bb504d74813538b053b26dd601008103
SHA130bd0f3b7d2a1b1182644d8475fee15dc686c9ba
SHA2567298ca7228e15c3577009107dbdd2c65c2ee9b8085a8abe4dcc17e539668ad7e
SHA51297bd307df966aac8dc678c85c3fe482ef95b3be83c20ac0a8b07c2123089192e683c9e5fd51dea065f2047a5198f3783dba86727eb5e6591ae7d96cbf30632e1