Analysis
-
max time kernel
299s -
max time network
249s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 04:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://MOVIE.ENCLEAN.COM
Resource
win10v2004-20240426-en
General
-
Target
http://MOVIE.ENCLEAN.COM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617770879440803" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2420 chrome.exe 2420 chrome.exe 4324 chrome.exe 4324 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe Token: SeShutdownPrivilege 2420 chrome.exe Token: SeCreatePagefilePrivilege 2420 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe 2420 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2420 wrote to memory of 5084 2420 chrome.exe 81 PID 2420 wrote to memory of 5084 2420 chrome.exe 81 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 2744 2420 chrome.exe 83 PID 2420 wrote to memory of 3228 2420 chrome.exe 84 PID 2420 wrote to memory of 3228 2420 chrome.exe 84 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85 PID 2420 wrote to memory of 3760 2420 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://MOVIE.ENCLEAN.COM1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2420 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0147ab58,0x7ffb0147ab68,0x7ffb0147ab782⤵PID:5084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1820,i,12519858953790232608,3514817737635909810,131072 /prefetch:22⤵PID:2744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1820,i,12519858953790232608,3514817737635909810,131072 /prefetch:82⤵PID:3228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1820,i,12519858953790232608,3514817737635909810,131072 /prefetch:82⤵PID:3760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1820,i,12519858953790232608,3514817737635909810,131072 /prefetch:12⤵PID:388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1820,i,12519858953790232608,3514817737635909810,131072 /prefetch:12⤵PID:3496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1820,i,12519858953790232608,3514817737635909810,131072 /prefetch:82⤵PID:1544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1820,i,12519858953790232608,3514817737635909810,131072 /prefetch:82⤵PID:644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4620 --field-trial-handle=1820,i,12519858953790232608,3514817737635909810,131072 /prefetch:12⤵PID:2348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3348 --field-trial-handle=1820,i,12519858953790232608,3514817737635909810,131072 /prefetch:12⤵PID:228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4064 --field-trial-handle=1820,i,12519858953790232608,3514817737635909810,131072 /prefetch:12⤵PID:1360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2580 --field-trial-handle=1820,i,12519858953790232608,3514817737635909810,131072 /prefetch:12⤵PID:3204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2668 --field-trial-handle=1820,i,12519858953790232608,3514817737635909810,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3056 --field-trial-handle=1820,i,12519858953790232608,3514817737635909810,131072 /prefetch:12⤵PID:372
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:5064
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
852B
MD51788195d74c160b9cf235c507f3cb0db
SHA15b438d0f370974fd911e51b68e3b1de0d1516cf2
SHA25669cb324c8e9702b14ea8b67513f3b6d7d910033eb171ceb78926ed663da5ee56
SHA512d73fa0ac917a666b190390e75aaffa29ece7ffc554fa2bee9139f205b18b9dac307e57b77dd08501532e1e86e3329c64f483feb0b9f9b7230004bb4b89d4313c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD5afcb03f84114bc3d62765fc9ff969c6a
SHA1e6c3313ce8ebb1557c7753d3146089deaaf990a9
SHA256a300138d35766868cf5ef5859967950e501f5b9eddcdc63d8e29bbd22622cc31
SHA512fa49f7af58d4e5be25083cfd9da9cdee7437dad465ee2dc9cb8246e9eb1d39c58dba813419b22fed438233b305551d85b0701944bf32a498d315e4850c31a57e
-
Filesize
7KB
MD51ce9dd761485ad523ed5586b5c418de3
SHA15deb0454e4273989dce865f59f7a05cbe11fa9af
SHA2561c88f4c7a2935a8f9dda5c671a598dbfc242278d46a31c0d391e41b3452a4acb
SHA5124d1f8e85863ca5b67e53101dd6a74ad74e89cd6d4ee8c294dbffb03e0ed5c312e4580e249f1eef3bd634056e1ebb91b42976c5d405965d3e13b4bb0ed77b276b
-
Filesize
130KB
MD5b90fe15b3fd63c12cd031a6ea5811321
SHA14a2acaa0894367753983c45b03167676659a32a0
SHA256aeb52733cb6a84e8690d80ea11991fe23edbbf7c0d7aeb74312bdf47dee860cd
SHA512dac157673e58e208cddf40debbf822f02e246ae961d28081886beba004b7e2a9e8c9c469fcd53ff48e2121e707145c64a5fc19236e433742a4242588efcb17eb