hxxp://gg[.]gg/codegen2022

Analysis

max time kernel
25s
max time network
27s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gg.gg/codegen2022

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608929531645920"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

396 chrome.exe
396 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

396 chrome.exe
396 chrome.exe
396 chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 396 wrote to memory of 3824	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3824	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3396	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4816	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4816	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 884	396	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://gg.gg/codegen2022
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f93cab58,0x7ff8f93cab68,0x7ff8f93cab78
2⤵
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1908,i,12829130439141839734,14674591252732145516,131072 /prefetch:2
2⤵
PID:3396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1908,i,12829130439141839734,14674591252732145516,131072 /prefetch:8
2⤵
PID:4816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1908,i,12829130439141839734,14674591252732145516,131072 /prefetch:8
2⤵
PID:884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1908,i,12829130439141839734,14674591252732145516,131072 /prefetch:1
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1908,i,12829130439141839734,14674591252732145516,131072 /prefetch:1
2⤵
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4280 --field-trial-handle=1908,i,12829130439141839734,14674591252732145516,131072 /prefetch:1
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1908,i,12829130439141839734,14674591252732145516,131072 /prefetch:8
2⤵
PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1908,i,12829130439141839734,14674591252732145516,131072 /prefetch:8
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4980

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\020da3f6-6e4a-4caf-bf06-35bf3517111e.tmp
Filesize
132KB

MD5
c58e5395bba26b4e0313ab5aea456e24

SHA1
d9f85b615ce16febeaa4cbb70118c085c85efc94

SHA256
57e394f268191ecd81b8025b82e3909508834d90010b3d8ebf290e4b1caeed92

SHA512
ee3380279c3ffbdb56ecedfcee96d1565180a344b2eb83846f0f81edd7e563b2ad59794b41c66db4e8e01818a301b2240dff3f1174f8f8f316e293698c4ce92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
624B

MD5
b369f05ace1065ad93fd959801838f00

SHA1
02576e4291ed4f686c69c7289a49243a55ee2848

SHA256
d22794ed5a96d02c8777fd517c5426e3aa1cc59d24e143f7573a7fa892f28663

SHA512
5b816329740ae4dc73f3d9c2b1742cdf309daa3b0a770c95fe8b2a9b88bc2dffcd2b537b7af8868b797c656d31ad46be88c8d07973f4d11ecbe5f00872b345b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
5288e788050e79a7f214ba51f417d368

SHA1
11d73bdab7f21512111e79a3cf88b6c4a969f3ab

SHA256
42b9095b8fdb81a4ca0cf3ab7ac260119cedff82764dcc3e7922a2b65a0e9696

SHA512
8ce51ec9b39f4fbc114987cc32880befb667a86a5143e03890a6a44aa4b777b1c2fdec05553084d90548dd0bf3edefdbcaa1e06d97877101c346d4a8ec17a98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
521B

MD5
901f436ede5e88ac41f7783f8b45be24

SHA1
06aa8c453f0ebc2ba1c843fa6fee8db4c01ffef4

SHA256
b4ed631af87569341c4bf371091ac1c4ac5db71542c691dbd5bfd2bb4e2e4e98

SHA512
6d17633e3a0d07b527f51330f000c38c4ee45e8bf7dafeef709e520b85638b1adb25f827b8525d9967431bcd5d5a78082b9fe769d902c133a0a3124f167b2f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
521B

MD5
56063d3e340261b9773ab78656c768f5

SHA1
553f84ef604083eb75e5e2f1cbda60c8bb990aeb

SHA256
6a79d62d8b7feee51d1c32aa147cd28f537c4ac19aef1078d616163d253b8e48

SHA512
6313704bbb2a4c97cae3c69556133549294760d86b115c7e056623b85b6974445cdc09f6276190b93943127ad0c881b31a1abb146c3b5e8fdddd6f8e94820911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8f5bdf2cec0a2fd5f5f7cce2b9b83080

SHA1
e7a429e8a27064dcf973877f75debd1e94943d3a

SHA256
7bc805e45debabb8c5615eb03b2d30fe2122436947d570dd2b95a49339da4554

SHA512
9642a1fb42a132f595871ffcfe0cc0ae01aaeeaf26d6b42b999d61ee0d7f8b9e2af851adbd303cb83020c422a3c01bef7b565db8ee29f81915228689f554119f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
ae6273684543805657a7031f63a3bb74

SHA1
f2325cf78559d5a43b3b5873da281bed4549273b

SHA256
484991121532f1b321dacbe367cb4994d69b97c997023ae81086f7abc4b9335e

SHA512
38bf05cfd7da64442790d40614a7768581250fa99667b9879d35431e2c417b420f2e63f03030c3a0bed928af7d8a9374e611f364c3922db6ebb8ef027b046dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
131KB

MD5
0b1f09a6a803f22ed9b024a4c6e6c65b

SHA1
e07ada9fbc5b12d8b2dd3da2a6e8eed011adfd68

SHA256
01901b24666958d6d4f4722b8965046dffaeed76d292341fdf924788f4b91e9b

SHA512
2763846d5b82d720cc0e284f061a11f1e2dfae18b1e42bd04fb6c9aab09e8c34484920fc86d45ba3d4261317b922c52451df00efe82a178116c50b1d3f8f16f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cae6cfc9-095b-4004-a335-1e4d8f347319.tmp
Filesize
132KB

MD5
ce610bc1d9fc10f3ab71a65d206a6327

SHA1
3cd6a121df899ee0dd700c812bc8d76d376ffcad

SHA256
dfa05e44db0a58c524d52f2a4946898beae1bec4a1d49fd66c5983ad38cb1bb1

SHA512
7228d0411e7e087de8acd02b3fde723f65f4090e2dd7ce86808c70fc9a1e70995503f43669ede38b7d614b20adeccd1f0d92ca82fcf565c27829c0a55b6e0166

Download Submit