Analysis
-
max time kernel
149s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29-05-2024 06:49
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://krmp.com.au/help/3f6cf4c2466f1694f5fc5eafcc03a8b8777ea4a6/1e2f1b2c229031e657f8c9655bbdf084/[email protected]
Resource
win10v2004-20240508-en
General
-
Target
https://krmp.com.au/help/3f6cf4c2466f1694f5fc5eafcc03a8b8777ea4a6/1e2f1b2c229031e657f8c9655bbdf084/[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614389648262631" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2120 chrome.exe 2120 chrome.exe 1192 chrome.exe 1192 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2120 wrote to memory of 1612 2120 chrome.exe 85 PID 2120 wrote to memory of 1612 2120 chrome.exe 85 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 892 2120 chrome.exe 86 PID 2120 wrote to memory of 1704 2120 chrome.exe 87 PID 2120 wrote to memory of 1704 2120 chrome.exe 87 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88 PID 2120 wrote to memory of 2140 2120 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://krmp.com.au/help/3f6cf4c2466f1694f5fc5eafcc03a8b8777ea4a6/1e2f1b2c229031e657f8c9655bbdf084/[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff9aa29ab58,0x7ff9aa29ab68,0x7ff9aa29ab782⤵PID:1612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1576,i,5504566752505460954,10002571810414003468,131072 /prefetch:22⤵PID:892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1576,i,5504566752505460954,10002571810414003468,131072 /prefetch:82⤵PID:1704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1576,i,5504566752505460954,10002571810414003468,131072 /prefetch:82⤵PID:2140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1576,i,5504566752505460954,10002571810414003468,131072 /prefetch:12⤵PID:944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1576,i,5504566752505460954,10002571810414003468,131072 /prefetch:12⤵PID:2536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1576,i,5504566752505460954,10002571810414003468,131072 /prefetch:82⤵PID:4604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1576,i,5504566752505460954,10002571810414003468,131072 /prefetch:82⤵PID:4416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4380 --field-trial-handle=1576,i,5504566752505460954,10002571810414003468,131072 /prefetch:12⤵PID:4324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1576,i,5504566752505460954,10002571810414003468,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1192
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1668
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD5cc0004bebadb1ae86970c88710b5203f
SHA1b2a7aa663816090bcd27ca10a9012e377c1b1cba
SHA256eb91a99c8788d614b3be0828ccba918a78ea935781dac685c083517f7efac490
SHA51236d8bfbe0913ea19ad6cca65eddeab49debd4aeb5005c1eb2eae80760763a3d3c4f2c36f88e109592ff989197839c9dcf25255b4bf25bb0854c0f431a511e98d
-
Filesize
2KB
MD594ab93e9b09ab054d057fd898142f753
SHA18a4d9bcafc1941020f624425e0cdb2fa3b2b7cf1
SHA25674320f7cb0e048481058b9dffbce0797c481d9a1ef8d64bb372320d3ead561f9
SHA51254fd17d7843802307a81de705b63c92909ade558c1f5f7cb26c6a24d9a327e1c6c90e67408abf5f1735472ec4daf67042fb21ddb9a9abaf3f0bae5a29e200480
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
692B
MD5d621c1eee4ecf9c792dadf7aea4148ce
SHA1651e7283f6b8033411a679456f90aef489a8d798
SHA256a82c0e423e80286cf84243f9d6c19be4a39ced198decda967f0ad85df699ecee
SHA512c6eeb93656dc0da513537475885b60bc698a8b9067bc4362754b93311db08dfb7e39bb9491be57b0ea69b009d3d12b230cc61c12d2a425c2020186632f16b116
-
Filesize
7KB
MD5e56154245c970a1c1cfa994314e1589e
SHA13ce9749806c23b87cc2b3fda74dcbd461c02f905
SHA256a6b380b0dabe8f4b3664f72557a91078153feaa00a7532fbb24e2bc009beb4bb
SHA512027d250999f485e8874d2b173f733e9b984e866873c395b24e0c78942add337f04eebbf62deff88c1d5c9dbaa2c52cafb42b7fcbd8a04550ef1873fcff89b6d3
-
Filesize
129KB
MD5b32860a6a3848c365cae900068ed5aa2
SHA1187ba701c603ccfb27f70225f9cb52801e3bea5c
SHA25653be0f2c790b261755d83af5cac072b0a94078a25b4c014ba903b4a7a609daa8
SHA512aed60a25d996ecd4073b00b7df8defb98a48bce8efb12133498f67c30636cc6541a5df8b32848c4c0e6b40e87faba00c5e1b5a2ba3e7a08b1357e40a39507475