hxxps://perp[.]us/ff

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://perp.us/ff

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608278910385752"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
912	chrome.exe
912	chrome.exe
1120	chrome.exe
1120	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
912	chrome.exe
912	chrome.exe
912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: 33	1336	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1336	AUDIODG.EXE
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 3076	912	chrome.exe	82
PID 912 wrote to memory of 3076	912	chrome.exe	82
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 3124	912	chrome.exe	83
PID 912 wrote to memory of 4040	912	chrome.exe	84
PID 912 wrote to memory of 4040	912	chrome.exe	84
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85
PID 912 wrote to memory of 1104	912	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://perp.us/ff
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85d26ab58,0x7ff85d26ab68,0x7ff85d26ab78
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1808,i,4528864842786831033,17718844706246117237,131072 /prefetch:2
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1808,i,4528864842786831033,17718844706246117237,131072 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1808,i,4528864842786831033,17718844706246117237,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1808,i,4528864842786831033,17718844706246117237,131072 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1808,i,4528864842786831033,17718844706246117237,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1808,i,4528864842786831033,17718844706246117237,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4648 --field-trial-handle=1808,i,4528864842786831033,17718844706246117237,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1808,i,4528864842786831033,17718844706246117237,131072 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1808,i,4528864842786831033,17718844706246117237,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2532 --field-trial-handle=1808,i,4528864842786831033,17718844706246117237,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1120

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1676

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x37c 0x3f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
7a484a89ad40132a8f34a4282ce8fcaa

SHA1
e72a6ed4b6731caacb2bf989631afe00282793b4

SHA256
1ad351c6b8b8c84bf3f96bc92d4af332c372f92f8e938818c83beea7728abe95

SHA512
843742769f070058838e83e51b608eff2200a072a8bc054dbda111b10214cebd6561269a06bb082ba11b2795d9a099b5a3fd4f5d39e3dafe05fe90cc7f1924ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
620e0751d2f8b75d1bf965d220e4ff2d

SHA1
fc46065b3c9e391316a451989004e55f6debba5d

SHA256
0ca3b39dfa9304b2fd29360b48d69d77477ca9a3f2412529c45a276dce6e176f

SHA512
97851835c89bd34e0735b3d6ce88feec2e88743e628a15ae8d7eef937ae2345088b356826645094d33341fe653ce8a881caf35eb3fdfb132e96e08451de8296f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
10d06474a7e099cf57a7f0233ad2dc80

SHA1
2a54b145d1d0a29d8d80966112fda47019777f62

SHA256
b67f3831e6f59066c2a783e60c3b195f595fb70e31824eb81d2ec8a916d9fc2f

SHA512
6892da222b39f8cfe1b8e83bd51318fc8f459a4989ef26145370d81b8d808302032bff4ede07839070517d3897699d2374d88cec24560bda73cf769968e4bb4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
17ac34c83e72568833eb3a7ef0e39b2b

SHA1
d6a9b508550dd47d66ee19c0987d96cc8e285659

SHA256
aa360c4a91002e1084940b2ce13b6a9abf881c60d0002832ad8f66158fc58573

SHA512
29fe5f6e8ba6ff2ff42ab9a81f0391ee9d951eecb3efa7e21ce8658993a876e133a0594413f956259e0bfb4062b6fda7e658401190d2f6d407fdde6ad4cd04b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
234bd946a798b32e0c0dde0a6c7bc161

SHA1
e48373b4fc575bf42e5625047df3e6efab2957d6

SHA256
d2eeccadfeccb41b583da095d68cde01abdb95864cbc40c567bef27519fd900e

SHA512
c9b94d130ba411155239e1599cada8a50de5540854e22bf8b737fd5fb151f91c5ba33cdffb0ed752e1e471f6aab18976a108aed1e25bfcb496b46fe8e9e50690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d8e4ba1e88cb02ef25d6d0500ef033d0

SHA1
fb5aa0a2be8134dab652da7faf1cecb9fec6cd63

SHA256
4f0206e011a8baf76d0d03a6f1a0f8d6083f84e545445b4ffa2ce6783fd632f1

SHA512
a6566d1d9804dbeb5a4f35c33a51aadfdb2e36efef1f42c3ab5cbaca84c7b07365d1ffe5789cf9ab85dc0132e1742510cde65b9454b4666c8a8be74ab23cc8e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
5f12d50f6e638f6005cf3a6b920d53d1

SHA1
6cacb9e0964996d11dda3e112917ebc434e42832

SHA256
41fe7915b3ceefda55494b485dcf6383f125d4ce97f41453dd0e380000f68baa

SHA512
eeece1828e626747a045a6cf1d512ca652014c4817477ebdc19c0170ed5d5b88fe08309c8f8eb0d1b5624a82d43cc45e1d34c2070b4924764d151b2d08618eb5

Download Submit