hxxps://pqrcvscqn[.]xyz/Mc2FyYWgudG93bnNlbmRAdm9sdm8uY29t

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pqrcvscqn.xyz/Mc2FyYWgudG93bnNlbmRAdm9sdm8uY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619158025191007"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1012	chrome.exe
1012	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe
Token: SeShutdownPrivilege	1012	chrome.exe
Token: SeCreatePagefilePrivilege	1012	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe
1012	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 820	1012	chrome.exe	82
PID 1012 wrote to memory of 820	1012	chrome.exe	82
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 3196	1012	chrome.exe	83
PID 1012 wrote to memory of 2752	1012	chrome.exe	84
PID 1012 wrote to memory of 2752	1012	chrome.exe	84
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85
PID 1012 wrote to memory of 2944	1012	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pqrcvscqn.xyz/Mc2FyYWgudG93bnNlbmRAdm9sdm8uY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef941ab58,0x7ffef941ab68,0x7ffef941ab78
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1912,i,17451447383093795821,11998603328234169309,131072 /prefetch:2
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1912,i,17451447383093795821,11998603328234169309,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1912,i,17451447383093795821,11998603328234169309,131072 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1912,i,17451447383093795821,11998603328234169309,131072 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1912,i,17451447383093795821,11998603328234169309,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1912,i,17451447383093795821,11998603328234169309,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4412 --field-trial-handle=1912,i,17451447383093795821,11998603328234169309,131072 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1912,i,17451447383093795821,11998603328234169309,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3164 --field-trial-handle=1912,i,17451447383093795821,11998603328234169309,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1912,i,17451447383093795821,11998603328234169309,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
144B

MD5
da59ad2c4a8cd59952c8d1f7a16361ac

SHA1
c62e81438d7b5a6e1ca8d8ed82e327d0977e75a0

SHA256
e5ed0390f1b160eced25c53bfa0898952e34a43d899b32918a44f6660499a5ba

SHA512
397c7ce5e249d107b74e34e208a0b003569b50178b180146f0d9aec40f5872ecfc3c9346c965e49ddb14a2020ab194c2c0067827148e9136e448f1ac6e857000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
95267333cc0db51d937f412c7020ff75

SHA1
1285b585096b8670fa2beddddd3525448ea1f35e

SHA256
647c66dc38e02c0e7f6e72538d324b8240fdc3f5842b7ad11e32000dcc7708ad

SHA512
002711f34b0d37bf45cb9f8e0689da52145286c26237be58640adb02145a92776cc13a4c99cdeeac480e02cdb0c0a5252bbaa2bef646fd3ed5c9f51e29feb963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dfa0f7e9545b57a83dc70e9eeb54a67e

SHA1
b6e149277f4aa332742585a75b09ed43ad39f5ab

SHA256
5b3a270946e89042d9e3ceb9a6bf8a2308da19fbec0ae1c255d218f55d645e7c

SHA512
704027aea7aa515b4532735265a76144c77b33a20dd4b3ca2636a646c983eee59b1f0428341f11a08d728fbb1085884df2a4af62aa3cf5cc5979774cd9d55530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9bbc81e0caf111e0555b5116dfa19d9f

SHA1
512038b94943a5b594e801796fc49f93d5c68bb3

SHA256
1b34ddaccb9d5e87dda5e15e0162dc0122e2b443acfc9b783ae2bc2953b36343

SHA512
e5b13592bd4ced9a11c4c4ddf16b0409b0d54e98d92bf93754e94e9786afcc46562408cf1f9ac0bef5a30f3e5f98e99fd0ead579c6990c7dec0b6a203abb9544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
6e16e49f028e1a2c8377edb96cad4498

SHA1
9e29d728c5411e540a57e4e105712f4ae9983b56

SHA256
6bae8be30baf65f24e6fdfdc2c92a8b75fa602ebc599401428f827b9328e814e

SHA512
630ea873a397c716cd61cbe019c20ef237e465390dea338c38baeea2b6ab1fb04a86969526aae246746dc673935d08d818c405661ff3dd2a2aaeef6101b1d3c9

Download Submit