Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:42
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://soge.it/”
Resource
win10v2004-20240508-en
General
-
Target
https://soge.it/”
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618921531319636" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 3860 chrome.exe 3860 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe Token: SeShutdownPrivilege 4180 chrome.exe Token: SeCreatePagefilePrivilege 4180 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe 4180 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4180 wrote to memory of 888 4180 chrome.exe 83 PID 4180 wrote to memory of 888 4180 chrome.exe 83 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 528 4180 chrome.exe 84 PID 4180 wrote to memory of 2572 4180 chrome.exe 85 PID 4180 wrote to memory of 2572 4180 chrome.exe 85 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86 PID 4180 wrote to memory of 1260 4180 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://soge.it/”1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4180 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc65eab58,0x7ffdc65eab68,0x7ffdc65eab782⤵PID:888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1860,i,14525083547951788279,2701932666936114900,131072 /prefetch:22⤵PID:528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1860,i,14525083547951788279,2701932666936114900,131072 /prefetch:82⤵PID:2572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1860,i,14525083547951788279,2701932666936114900,131072 /prefetch:82⤵PID:1260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1860,i,14525083547951788279,2701932666936114900,131072 /prefetch:12⤵PID:4268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1860,i,14525083547951788279,2701932666936114900,131072 /prefetch:12⤵PID:4904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1860,i,14525083547951788279,2701932666936114900,131072 /prefetch:12⤵PID:3884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1860,i,14525083547951788279,2701932666936114900,131072 /prefetch:82⤵PID:1588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1860,i,14525083547951788279,2701932666936114900,131072 /prefetch:82⤵PID:4792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 --field-trial-handle=1860,i,14525083547951788279,2701932666936114900,131072 /prefetch:82⤵PID:4480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1860,i,14525083547951788279,2701932666936114900,131072 /prefetch:82⤵PID:2072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1860,i,14525083547951788279,2701932666936114900,131072 /prefetch:82⤵PID:3516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1860,i,14525083547951788279,2701932666936114900,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3860
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96B
MD5e6b9c9523d4be85fead75f78518da59f
SHA1139936214a69f08226af90231323b2ed876b1218
SHA2569e4fde030cc5f26eb6dfbba384f2b0db2efecb5e3031fe715d7138a0f62c37bb
SHA51249c62ba2094e9132d2da1e1e599dd5e46865359d5fd471ae4e2d010e0d927a100cc83e639c6620a34df2bae575838420ed9f588ed59dd39a34f4089be915b083
-
Filesize
2KB
MD58d8e4a4b42f0823ea5c4ff8539dc226e
SHA194852537661eb8fb0ef66514fb8046f371a77569
SHA256978c8eceb30863792c61382e7ece3f80f3ced5e1fae9a523d7d1123381becbb8
SHA5126b5effb98a8db9b4c82dabb123164aef5e7e705a1ae61d6714a82f600e5e674012ca9e7155c4924d8e37de2742639e31e1751527bef3c952759667083ca159e1
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD524af7f65cfda2ab5c254941cb9708add
SHA1b828287742bf418d2327616234f5330b5eff78c1
SHA25601788b3c96560867f8dd1c2b9e6165060d0f8aa7e924fc552d31bdeb81457c5f
SHA5126fcc3fdad59d25c83e6aea6731d538d29910fd0dc982fd10dfebd7a5a75131e7e2a73f7ae671e53e9af623115953dce16d5701535d52b3c4f2642640c06105dd
-
Filesize
257KB
MD5e9119a64ceba35b3843be7e75e5e9aa1
SHA1b5c729d43ae9cb6c1e48fca3ecee3c728560b212
SHA2569ea85685b7822c48009355a3b9379feadb7192e922a685bf3a82e327f322a9e4
SHA512f1dd09beb86f60abcc6fca6e037e5a073d78d55ff9b0b1fea172fe0c36c41e0473fefce99c4c93e89e4d8ab1665be2423db3f1b9295cae42e3a3e5bec2f675fb
-
Filesize
257KB
MD5745117b9b33d2b1e3b32b0b784c90b6c
SHA1adea46441f7c388c6accde97017fd757b126b22b
SHA256676d3d86ea5c72a1c372399e82edc4bafea0dffea590e94c37948f0e7f4a473b
SHA512166ef7b276545e309f7574ce993b7c19d80418ec8762f8c521bf9ec9c9735ca4762b8265083e56262542ca981ef96491a6bd06ea6bf038d10d73253372d3291b
-
Filesize
275KB
MD5d664103e45fd4ec26d359614641641a5
SHA1be06e9a5e0552b4375dcf813ef707339bae8ab9e
SHA256967e413fb188d2bf905b992ac2722fb675fac5e5e360ab989fa72ec13bd69dd3
SHA5126c636fe52c6a6e8c3ae755b4929b3c848d24285a542b7202b54ee3acae792047a4d1cb52f9474a032cf4803e1b8c1073b3d6a6d1b02a5adb5b3ad935094ec952
-
Filesize
257KB
MD59b5de5d4a8f30cab22625db81134751a
SHA1af72eef3adf7cb0be023c99303354262e186a984
SHA256deca41812603bd07314a50960620559f9dd96eedd27e0ffb6a9f1922a34c0039
SHA512cf995ee270d42bf193fe9086d008fb39fe784f538e3152406c65d2f9ebf044d8207fd3e4bb431237558deec2fb8449d36a4f7ed930384a764f493290f53f0c17
-
Filesize
91KB
MD5958a7bcdc277204de7b8b1bd0bd3ffc2
SHA1e30e883b0293f5093bb2383760f2f35d80db5b2b
SHA2560e2175cbdad845d8269f3a39ee7411af7259f8844ae0dab78bf72d2ab93095b8
SHA5128c3e70883914a75f265f5cc64f17f97e7606bedbe129b26fe17b2b8745b53fee009fb5878a88ddf7f9b056a87611e2ac108c6138971f0b4d919378a276db175a
-
Filesize
88KB
MD53082adac0af6eff5d76552633049c1e8
SHA1fb3518bf2d0e91c8bb838ca4c9ad0b4246bfb840
SHA256b7e881171403021c2d6c36dfbfa9b9021f058d5025fabf2fab101b3c57b8f1f7
SHA5125e420cb7ce40de78c6d33e0b7eb73151ce5cde7bb63801fed6b6cd80dcc5dd9221a99be2c4a09b493afac595642644e1f80cc7e4f2b23f7b030ca1fe7e004d1b