Analysis
-
max time kernel
91s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-es -
resource tags
arch:x64arch:x86image:win10v2004-20240426-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
29/05/2024, 09:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://54.155.228.241
Resource
win10v2004-20240426-es
General
-
Target
https://54.155.228.241
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614486863317496" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3372 chrome.exe 3372 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe -
Suspicious use of AdjustPrivilegeToken 58 IoCs
description pid Process Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe Token: SeShutdownPrivilege 3372 chrome.exe Token: SeCreatePagefilePrivilege 3372 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe 3372 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3372 wrote to memory of 3188 3372 chrome.exe 81 PID 3372 wrote to memory of 3188 3372 chrome.exe 81 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 4272 3372 chrome.exe 82 PID 3372 wrote to memory of 2980 3372 chrome.exe 83 PID 3372 wrote to memory of 2980 3372 chrome.exe 83 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84 PID 3372 wrote to memory of 4840 3372 chrome.exe 84
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://54.155.228.2411⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3372 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2dcfab58,0x7ffd2dcfab68,0x7ffd2dcfab782⤵PID:3188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1980,i,12284277940728279395,2451868122897307385,131072 /prefetch:22⤵PID:4272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1980,i,12284277940728279395,2451868122897307385,131072 /prefetch:82⤵PID:2980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1980,i,12284277940728279395,2451868122897307385,131072 /prefetch:82⤵PID:4840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1980,i,12284277940728279395,2451868122897307385,131072 /prefetch:12⤵PID:4568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1980,i,12284277940728279395,2451868122897307385,131072 /prefetch:12⤵PID:3264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1980,i,12284277940728279395,2451868122897307385,131072 /prefetch:12⤵PID:1860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1980,i,12284277940728279395,2451868122897307385,131072 /prefetch:82⤵PID:1812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1980,i,12284277940728279395,2451868122897307385,131072 /prefetch:82⤵PID:1620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2228 --field-trial-handle=1980,i,12284277940728279395,2451868122897307385,131072 /prefetch:12⤵PID:532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4748 --field-trial-handle=1980,i,12284277940728279395,2451868122897307385,131072 /prefetch:12⤵PID:3632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4880 --field-trial-handle=1980,i,12284277940728279395,2451868122897307385,131072 /prefetch:12⤵PID:2632
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3664
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
927B
MD51d7b5689dbc460d041223864f2d2fdc6
SHA1cfc40f1eb95bdf8e520a9b107da6fa79bfcb59ae
SHA256254dff2bf897142d50a6dd4117445f7296fc65fc74ddcd29817a7a3f1268236b
SHA51200bc9609fd41cb2bb13c36f76b60b4ebc1ba8486da00b06a13dc8db5cc161e7a2bb143da0939b1ef28f12ab3e5341417d0b1df01b8dca171c6d4545abc19d0a4
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD5dde97936439c8970373c18545a83c34b
SHA17208fac3b69cec9df5af0ef1b18e39438ddbe1ad
SHA2565a8e7e8cfdfcbf8162555b8838ae5a22b66bb59816cfbb2f297bd64aeb84878a
SHA512a165c1f348990fe370dbfe32b96353b73fdeb8357ab165269ed724de15ef4d9979811bc7022b4c455982f84cb1b608bd6f800183be4d61aab6278128eea3a5ba
-
Filesize
10KB
MD5359176edf3949a6876d4fbf917aa1cc8
SHA11b4a7d6dbda7262741eb23be997f464a3c236e03
SHA2567c8264c389830bf7813d5858329c7f273c44b9fc2d81c925817456fd19aad09f
SHA512b33ecd443bbe585dc8cbaa62fbe4e0f87a384f24f57c430445c4b27d466246b71a7ea5d230b3b03923171cf5bc4505c6a55454284b3a519bd733d56fdd187577
-
Filesize
11KB
MD58e3f76f176dd3333af4216739a0cd38e
SHA11d923d36b9d8a4acfb935ab5c2673862c55f2307
SHA25696e1a6ca5ac9a84d905d2442a557fa7c3cc576f91b06e86cfc755a1ffdabfef4
SHA5124221d84b6006458937f889b48ae8587c1a44f54edc1dbc324de66e11b144d6b870d8d87818351ed812015a3e67b6cbf101947b0cf1bb4138eab43404a2769637
-
Filesize
130KB
MD5267367612065334a24f0745107e1c821
SHA13f2570ad4c57d381584d371d6bb18fa1ced85642
SHA256db7d6bb1336bc37a009b2053dec5d0aa05619a3013564e731f560b9ae540d731
SHA512275256eb183ee3b6d04365a32a541a601c0dfcebaab882322d5721a94de3c8e0ddceb1a486d854aca370e5c944d29941c43b06c5aa5397181efd86fdcc2b94c8
-
Filesize
130KB
MD5b1921560860b74240a383cab153441a5
SHA15b576b19faff7a09324c5c7f51754eb8bbd3d979
SHA256eb41f2cb32f2b79922f106f4cec7a828d85ef95e74580c79c3f794bdba32b567
SHA512d0d8fc65b5c26a281bea667b54c549e4134c30c349da02b1ab2ed63e07d3679cfb52787476294ef84a1f651e19c3ed5948f06e64f5aabb2f51d5b6949b95e614
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58