hxxps://mulantitaliane[.]com/MZ2lhbnBhb2xvLmdhcm9mYWxvQGRlbnRvbnMuY29t

Analysis

max time kernel
62s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mulantitaliane.com/MZ2lhbnBhb2xvLmdhcm9mYWxvQGRlbnRvbnMuY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608578502863666"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 4872	2244	chrome.exe	90
PID 2244 wrote to memory of 4872	2244	chrome.exe	90
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3672	2244	chrome.exe	91
PID 2244 wrote to memory of 3140	2244	chrome.exe	92
PID 2244 wrote to memory of 3140	2244	chrome.exe	92
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93
PID 2244 wrote to memory of 424	2244	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mulantitaliane.com/MZ2lhbnBhb2xvLmdhcm9mYWxvQGRlbnRvbnMuY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff852f1ab58,0x7ff852f1ab68,0x7ff852f1ab78
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1840,i,8128565263208949670,15699562881243156826,131072 /prefetch:2
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1840,i,8128565263208949670,15699562881243156826,131072 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1840,i,8128565263208949670,15699562881243156826,131072 /prefetch:8
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1840,i,8128565263208949670,15699562881243156826,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1840,i,8128565263208949670,15699562881243156826,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3908 --field-trial-handle=1840,i,8128565263208949670,15699562881243156826,131072 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4368 --field-trial-handle=1840,i,8128565263208949670,15699562881243156826,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4540 --field-trial-handle=1840,i,8128565263208949670,15699562881243156826,131072 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 --field-trial-handle=1840,i,8128565263208949670,15699562881243156826,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1840,i,8128565263208949670,15699562881243156826,131072 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4936 --field-trial-handle=1840,i,8128565263208949670,15699562881243156826,131072 /prefetch:1
  2⤵
  PID:5372

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3756,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=1328 /prefetch:8
1⤵
PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e7bdd23ad3767903d86320cfe34801ec

SHA1
0ac307eeddd1725ae4c90eed95d7c110aa51c4dc

SHA256
c08dc958e5c311fb380d2e3a814a0aa20718957945f5d418fc957e213f890cee

SHA512
fb80104ccc1bc2d293fcaa0b99cd41d22fc46b383a82e38470ab1931e4633602f38d1ed7df85f5dc7d2ab6d8622ff6a1899ec02a6a35e44f750cfd4711eeebbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
aac93255b8e95b758d820e2a289b8d9d

SHA1
d6443c123639a0a2f82b76cf13138996c7bbb016

SHA256
ec6b759a921cd2a39f553d195df704b2d1808407e309bbbf373e0ceb9b0e7984

SHA512
25856f7f53952b5c7e2a8f2d6884bae73376a21ec8794aad25dbad2742f60cd5ec14c5f7f3e65e980837644e93b47c31887e2b950232b3da0326d82cf52e24f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
28812214d714bf9e311ab5b487a1698e

SHA1
6c2ad20d72dc1015f8c1636538b59daf6f8b2896

SHA256
b29a6e2d72133fc2ff6b502813f18f9428522957d58b7de956b713f8a806190a

SHA512
1493072970c1b9d251c9d3b2887274befc86ef6001a99475181a4d751db6c9fa3a5a3fb07412ec7b8958769fe90bed35deabc6f85c90d2aecaa0660964b018ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
7da3e61a7923a641ea7f45355d0c01ff

SHA1
a58d39e5818ae0a56a65b94d8966b15c8829dcab

SHA256
fbbdc1b5727ffc782957a0eda1bd90651c6afb7090909c964afdf0d0a9fc87e1

SHA512
6eaf602ce027de755d1e2069ff9d5afc9659b78a17c5e0481dde724b3fb72ea8442eb40141cdf008d0e6ef7fec4ff8e3636b3810d15c9937b3565209d470b76a

Download Submit