Analysis
-
max time kernel
74s -
max time network
70s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24/05/2024, 13:22
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://api.dyh8ken8pc.com
Resource
win10v2004-20240508-en
General
-
Target
http://api.dyh8ken8pc.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610305728124767" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1460 chrome.exe 1460 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1460 wrote to memory of 5016 1460 chrome.exe 82 PID 1460 wrote to memory of 5016 1460 chrome.exe 82 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 3968 1460 chrome.exe 83 PID 1460 wrote to memory of 788 1460 chrome.exe 84 PID 1460 wrote to memory of 788 1460 chrome.exe 84 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85 PID 1460 wrote to memory of 3248 1460 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://api.dyh8ken8pc.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1460 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc666ab58,0x7fffc666ab68,0x7fffc666ab782⤵PID:5016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1816,i,2493610361568858307,9073062857115043238,131072 /prefetch:22⤵PID:3968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,2493610361568858307,9073062857115043238,131072 /prefetch:82⤵PID:788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1816,i,2493610361568858307,9073062857115043238,131072 /prefetch:82⤵PID:3248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1816,i,2493610361568858307,9073062857115043238,131072 /prefetch:12⤵PID:2156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1816,i,2493610361568858307,9073062857115043238,131072 /prefetch:12⤵PID:4960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3848 --field-trial-handle=1816,i,2493610361568858307,9073062857115043238,131072 /prefetch:12⤵PID:960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3040 --field-trial-handle=1816,i,2493610361568858307,9073062857115043238,131072 /prefetch:12⤵PID:2676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4568 --field-trial-handle=1816,i,2493610361568858307,9073062857115043238,131072 /prefetch:12⤵PID:3648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1816,i,2493610361568858307,9073062857115043238,131072 /prefetch:82⤵PID:3276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1816,i,2493610361568858307,9073062857115043238,131072 /prefetch:82⤵PID:4384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4012 --field-trial-handle=1816,i,2493610361568858307,9073062857115043238,131072 /prefetch:12⤵PID:3272
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2152
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ccc4945c1a5755e2fa7f67400c43b7b1
SHA16ced9a889e977fd37da1489e10126bef32cced92
SHA25604dc85367cfa6abe6718b3466d7cecc1b0ceee697b84e38ffe202e2e1a5ee6e3
SHA512197e8b1047497dd0c12f9367d6d98474f675a438be0a836ad982ce7bd97608ef0e941c6612594982d0c17ebb4d6feca57c0c64b173f495398872195ae7574fcf
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
523B
MD565adf4b52dbf6ba12d2086f2af9dda56
SHA1dd2956ef5b651c5b429af18b5f7c94d735d87e8d
SHA256a46dc50c66fc8688456a89f99e2405bb9a84be8b8df60e716eb993ab64d1d6b2
SHA51285f4ff46bc58685194b48e5ac7b5e9b364274e29528ecd5ccc68a6db723efc1e81f775daa0a2963a7549c76481e82b7cfa6e3b8c123e99d54fa6927ce17fe677
-
Filesize
523B
MD5a110eebcf0d4e54fc1da34170c43c51a
SHA1348a2d06e38286478726d0f853624efb27dd5766
SHA25615ef5df991f232632f5f75c825557efd4a3cada87b725cf83dd1ae2387d7b243
SHA51205d9a39ee09f843d3bc53eb4ed3c87f2f380ea79dcbd43619e57e35b11ea37662fe20417b465a665c67ca41b259f3826ec3b7ddedea117aa3a73be9bfcc72e98
-
Filesize
523B
MD59909adb453af0fcadcb723366f381af7
SHA1618753b2015b14d5c553df1deddea5f2e6d97340
SHA25601d6d8dedfb7e96af9fdff4d7b59b3cfe24e4860faa1d1ad503f46b23b352c3a
SHA5126f7d6d8dee277ee04ad49ac9810313256ba6dfdca86cb0a4c99f32f8a2f9d32bf27ffb456532290632f50d5ab1d7f897731066bc8ef1681495dde2ce7d4a8708
-
Filesize
7KB
MD5bbc7f3242dcb8a2ab014ce72538c9856
SHA159cf62343c6944a7325377fa7cb743f045eea060
SHA256188b1870f779d50e039aa40c008386aebad71f90b7c79cf9be9ceb25b7e6e744
SHA512ca6009322087b45044cb63a2679a2529c28b69099675b680e9e133f5d27ff32f0e8667732b1520254e93e33c82df38c4eb67ea37247f5d9bea890c6af8020eb9
-
Filesize
7KB
MD5965ccf4a304db5326914a80f38043eb1
SHA148457737dff25934630d256326f82b4f994e2744
SHA25648c381dd7e499a7e4eaaa91198ca6b36d66469ff8d54c7fc19e7033f3363598c
SHA5122770641f3cc041e3c838386f3cacd1ca7af75c172fd0c68f484ec0d7268c5599eeae8b47c5587c9b99442ea7287e37b67d7450609fcbb6b48a5d8cec58c12471
-
Filesize
7KB
MD539c567dfc25087a1e00ecfef7c7075aa
SHA1618c74abd05db24f1bee82fcc6463975120f82ca
SHA25627b4b1c385bd2b3b9fc482d61a6ce0f2e8bde474a47f13601616b3eae5110e70
SHA512f6d5996ca04c0dcd1d2d20c2d667eb19f1ab5b76e9c2418108ac6db4203599f6d2c0efb5b1fa5e8f9f8674e12f261b3b731499c713aa20d6209d95bd09b09a9c
-
Filesize
129KB
MD5a9a2ad4b61615a3d063c2c96045dfe96
SHA18244d9aa82b0569d84b0d461fc58ad034d23f2ea
SHA256aae13531772662145a36d572e4de3f70ba5a05ec0580cbdc0542c2c4b1ae789b
SHA512878fa134cc763a6155f1a8a8284253ff8bd42d0463a28c0c33ff7a7ee83764ed507ae2a7c117ca723806e3cd892f7f9bc1b9a35f40f37896b0abc806daca8b70