Analysis
-
max time kernel
150s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-es -
resource tags
arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
03/06/2024, 07:57
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://95.110.157.172:2020
Resource
win10v2004-20240226-es
General
-
Target
http://95.110.157.172:2020
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618750784583531" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3916 chrome.exe 3916 chrome.exe 4392 msedge.exe 4392 msedge.exe 956 chrome.exe 956 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe Token: SeShutdownPrivilege 3916 chrome.exe Token: SeCreatePagefilePrivilege 3916 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe 3916 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3916 wrote to memory of 1828 3916 chrome.exe 93 PID 3916 wrote to memory of 1828 3916 chrome.exe 93 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4348 3916 chrome.exe 95 PID 3916 wrote to memory of 4628 3916 chrome.exe 96 PID 3916 wrote to memory of 4628 3916 chrome.exe 96 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97 PID 3916 wrote to memory of 2908 3916 chrome.exe 97
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://95.110.157.172:20201⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3916 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa299a9758,0x7ffa299a9768,0x7ffa299a97782⤵PID:1828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1868,i,15385702686586029603,3582306140758517735,131072 /prefetch:22⤵PID:4348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1868,i,15385702686586029603,3582306140758517735,131072 /prefetch:82⤵PID:4628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1868,i,15385702686586029603,3582306140758517735,131072 /prefetch:82⤵PID:2908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1868,i,15385702686586029603,3582306140758517735,131072 /prefetch:12⤵PID:4856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1868,i,15385702686586029603,3582306140758517735,131072 /prefetch:12⤵PID:3552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1868,i,15385702686586029603,3582306140758517735,131072 /prefetch:82⤵PID:4512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1868,i,15385702686586029603,3582306140758517735,131072 /prefetch:82⤵PID:1280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=212 --field-trial-handle=1868,i,15385702686586029603,3582306140758517735,131072 /prefetch:12⤵PID:4112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3168 --field-trial-handle=1868,i,15385702686586029603,3582306140758517735,131072 /prefetch:12⤵PID:4560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3484 --field-trial-handle=1868,i,15385702686586029603,3582306140758517735,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4024 --field-trial-handle=1868,i,15385702686586029603,3582306140758517735,131072 /prefetch:12⤵PID:1772
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3540 --field-trial-handle=2004,i,3518780201612530827,12523116488201166376,262144 --variations-seed-version /prefetch:81⤵
- Suspicious behavior: EnumeratesProcesses
PID:4392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1056 --field-trial-handle=2004,i,3518780201612530827,12523116488201166376,262144 --variations-seed-version /prefetch:81⤵PID:3332
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD55f1e0aa675d201e9be3f40407dad6a20
SHA125fea93cddbfa479ab58633ca7be88fc15c19954
SHA256c442b7314ad2e330102bbd5e855513322ae97c78c6e33fa1bfcb4d19b1f9de6c
SHA51223e92c84d5e0b6f1e8861b9106256f0d88c8b6e35f7565748e823336d49b5f9370d3049b2878cda56ec0213b333579bb82416691bcb7eb05191a7bd9996b5d6f
-
Filesize
5KB
MD505f1765b4a3fd5787336a16f42fdfb16
SHA1ce3a8fd864654284e2105783515727c9af092b9a
SHA256db05986f48d4383db9fd7e827020983ba16bf901ece8932bd353138fc79d4ab0
SHA512bb4e04eae860413fac93215db4ed2d6481ecf2c29e7bfda3670e2d435bacd984d1c017848fc36eb725d267adb901317801b18b821b5780694628afa45d960eaa
-
Filesize
5KB
MD57ed49a205fe46b7eaf182c29fa65876c
SHA14335206c1d901635622e3223fe1af309207c694b
SHA2569b19e48336d99970cabd3786121ad7855d285e495f737c740f605b6c361e0e46
SHA51209bde07bd424cf6cb8e06e640aa5b6107e610a24a5e5a238510eef738541e6804e48c96be4f152fa35ef8c457ce341d03f32ecde06f7cbbd3d607f4f8e18f588
-
Filesize
128KB
MD55910a2306856d5c594806e88d518ba7d
SHA15ca8f9f19383eba9eb8cba815f6c94a93e5d4f27
SHA25601e9271c933fe9e7be44ff3b1bf06c0b9a0f25b766f2dbee899517ad96565ead
SHA512307027d2a526291564af7a767d3f3c64b0f833e1f8ee049e5454d4bcaf0d7a2fb77677ea2cce8cd998dae6361b24528396c2d8e0e96547a2615aea74ce68e66d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd