hxxps://shorturl[.]at/gGgip

Analysis

max time kernel
149s
max time network
138s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
25/05/2024, 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shorturl.at/gGgip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611501900021141"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
1352	chrome.exe
1352	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 1376	2092	chrome.exe	79
PID 2092 wrote to memory of 1376	2092	chrome.exe	79
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 4460	2092	chrome.exe	80
PID 2092 wrote to memory of 2908	2092	chrome.exe	81
PID 2092 wrote to memory of 2908	2092	chrome.exe	81
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82
PID 2092 wrote to memory of 868	2092	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shorturl.at/gGgip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc7540ab58,0x7ffc7540ab68,0x7ffc7540ab78
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1804,i,14280152630119087812,1664527793292377573,131072 /prefetch:2
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1804,i,14280152630119087812,1664527793292377573,131072 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1804,i,14280152630119087812,1664527793292377573,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1804,i,14280152630119087812,1664527793292377573,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1804,i,14280152630119087812,1664527793292377573,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4228 --field-trial-handle=1804,i,14280152630119087812,1664527793292377573,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1804,i,14280152630119087812,1664527793292377573,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3940 --field-trial-handle=1804,i,14280152630119087812,1664527793292377573,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 --field-trial-handle=1804,i,14280152630119087812,1664527793292377573,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1352

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2486e0da7cd55d38d6b23bc8998f0934

SHA1
62674817084aee8cb8cf8569dac03da594a934b3

SHA256
b9209bd17e038aff8686d6327c8b964399bf3ce803576de5e7c9c956d6f3e654

SHA512
964b16d86ee5699bb09d478f50407026427ce1ef1920b4356e5a89c317f13871568ea0ba1bca9403c91632ca4071c082a8909784a8ca9ff981c477ce3923458e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
f6229f606551ee0b778a732ad200ddd9

SHA1
45ef7a215cd8d02de1eaf8a983939b059a630535

SHA256
ee273bae0064a71a1ab22aebaf6eb1d764688bcbc396ae000681cef728240e84

SHA512
bd0ec9e7601604a96557f8406f42624c6b2d71d8b1838146964f2e471acb61f77f92729490e3072f18933b4f3dfc5439bf06901f26c965a0f0de3ba8aeb910b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
395d77967e7ee395a06bc924f24cb5e0

SHA1
fa823a7931805cc05ca90c883ecc254ba3eab418

SHA256
88777ba3c087dece79d64670e583efe22ebb47651825340eca83b78fee80a8d9

SHA512
09e23cb55de95222abe4b8e2d4d3bce4043e69c3fbfe816612a53352942b2839679cb120e4a2ce50fbc86831d0ef1a2fe4286d31e33a7315718a02b19d15faef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
59ab724b8dbb4ebe823c718d08a04b3a

SHA1
05f3cbf464a6bed455ac592c3251215741aacda6

SHA256
2e1c03f893305d4f9af8c10ed418ad91f5da3fb33635728cd0da84a43d3b2edd

SHA512
f8a7ee39def3ca6237c1f0bd3e3dac26a8bddf375505f256d28aa1b6b004deb0b0377490c50a3f1275591793d30b4f8880bd285c567dcdfc96097f06b4598b64

Download Submit