Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 13:17
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fwww.tamm.abudhabi&umid=05c6c6a2-4b6f-4ab3-aa1c-2bf71f2c9fa9&auth=84247b409afe2128671efe0c5790aaffcd4c1d5f-9638ca8bc386418e2581b52fb12989d0a1825148
Resource
win10v2004-20240508-en
General
-
Target
https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fwww.tamm.abudhabi&umid=05c6c6a2-4b6f-4ab3-aa1c-2bf71f2c9fa9&auth=84247b409afe2128671efe0c5790aaffcd4c1d5f-9638ca8bc386418e2581b52fb12989d0a1825148
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618943096886615" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1968 chrome.exe 1968 chrome.exe 5612 chrome.exe 5612 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe Token: SeShutdownPrivilege 1968 chrome.exe Token: SeCreatePagefilePrivilege 1968 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe 1968 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1968 wrote to memory of 2352 1968 chrome.exe 90 PID 1968 wrote to memory of 2352 1968 chrome.exe 90 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 4496 1968 chrome.exe 91 PID 1968 wrote to memory of 3356 1968 chrome.exe 92 PID 1968 wrote to memory of 3356 1968 chrome.exe 92 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93 PID 1968 wrote to memory of 4512 1968 chrome.exe 93
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fwww.tamm.abudhabi&umid=05c6c6a2-4b6f-4ab3-aa1c-2bf71f2c9fa9&auth=84247b409afe2128671efe0c5790aaffcd4c1d5f-9638ca8bc386418e2581b52fb12989d0a18251481⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe964dab58,0x7ffe964dab68,0x7ffe964dab782⤵PID:2352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=280 --field-trial-handle=1912,i,1814634234821130740,9126362864368078903,131072 /prefetch:22⤵PID:4496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1912,i,1814634234821130740,9126362864368078903,131072 /prefetch:82⤵PID:3356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1912,i,1814634234821130740,9126362864368078903,131072 /prefetch:82⤵PID:4512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1912,i,1814634234821130740,9126362864368078903,131072 /prefetch:12⤵PID:4124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1912,i,1814634234821130740,9126362864368078903,131072 /prefetch:12⤵PID:2660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4168 --field-trial-handle=1912,i,1814634234821130740,9126362864368078903,131072 /prefetch:12⤵PID:3268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1912,i,1814634234821130740,9126362864368078903,131072 /prefetch:82⤵PID:3820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 --field-trial-handle=1912,i,1814634234821130740,9126362864368078903,131072 /prefetch:82⤵PID:4676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2700 --field-trial-handle=1912,i,1814634234821130740,9126362864368078903,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5612
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4168,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:81⤵PID:5096
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
312B
MD5eb8dcbb03a715387b3ee39af976af85c
SHA1533740eb5d626b1af10f49692a5e72fb4ee7e9c4
SHA256a7b63e75b3d3dcc34001cd8a1a39515768e18e4f1c03acbf3223358dbe79afc0
SHA512482cbfc5c620b801c00293d1a90101f5841d43d5022018c8396efed7cbcb1a6c14d9e19976f78d6cad7aca295ccf361fc9c37d02482f2b46d7fd6bdceaff6d7e
-
Filesize
2KB
MD548db3c527e9bd51a921e47d89f0c6b3e
SHA1a176bef2ecac0dadaa2108ae8c7d574366b8b346
SHA25699d1c6d9aefcc56d6989556af47570483c54b27dc525873d93f83a5f4c080ee8
SHA51257e21d4bf327b5cbade3fc687d00002172ce0d22913c03ffc00e7371770a5cdd978038f86d33ab3928765d2a75840d6d21e6a9c05fade8d9c458c7d693ed411c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
690B
MD541a3c888b9a47583b60293e867ba877e
SHA1f7e979df8f93368f7e599991856c958c50f0c87d
SHA256393ccc52fc80c219b32bf876d5a693d2c8348649c7dda60392d5f495d15d6317
SHA512b72c48cbce88e2e9a1494ddadb6bf465fb1a15c01a90a5213762a1d488ecf01f484151ecea4807b410db9ee5ecf07816ede2b200e00a177c2a12fbcd73419675
-
Filesize
690B
MD5954e9e111e8f95c3e217e02450c5bfba
SHA1ca459fa96287b65741d8255cf9ee6362c869e05d
SHA256e5f1323fc230b62104db7f280c5f3f24b1d115c153ce42e12517a1a762e072a9
SHA512a03dfa9c938f2f3e052eee0221753d2c2968288fc21e17d94066ad0cab65693dbaaae0b20ad4290d20b413d79262981e802a986a6db3d92dc4d37d054e87ca89
-
Filesize
7KB
MD5fe2cc2ff497373a4741e6d30f724b46b
SHA1ec6fa8af1bbced08f07c658464cad4b427ebbe60
SHA256cd0a63cd5aded9ad8c4eca6cd57ffed59e58faa7545d322b20a3e120260fef92
SHA5122d962a4f1961cf8e3da1c5dea901271c6188f623e77687655fdcfd15ee0bdb0ed9984304783740b6e72d0c46c306cc0b1b007c8ba7e85d66a733db8d7d975c9c
-
Filesize
7KB
MD503ad0ada2134674d212418cd4b2d0767
SHA1c3294835e3157050a3f45db82a6f6b08c7f2912c
SHA25657236687cdff2d9c0848e2cb5a144790bc8119f5dc0a82e018bedb20dcf2b500
SHA5122d86d2f6fdf74f607ff544d566104fb5d881e24fb0df0a2f11f28cc8863659093e99006cc9ec6f4b0987ed6d70b2ea092f34330eeff5b8462a7e8dc6552e9f32
-
Filesize
255KB
MD548cf0309f8d2fb4a274fcd67f0aa200b
SHA1ab35b32bbb33d6a4d8a3b5c5177844e768d71215
SHA256f7a494f827c58783f215c890c43172a5ae0bbc509f78fc7fd17ff27eeab6043b
SHA5122f5ad50156de3b5bf89c6babdbc1d4032b96fd2a3e0c64315fb11d068fd312218ee05beb4d11f2a52b7296bf06e96f8172d43fafb3b2ac4cde4eeb9e84aca457