hxxps://shorturl[.]at/CkD4x

Analysis

max time kernel
149s
max time network
139s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
03-06-2024 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shorturl.at/CkD4x

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619213444533987"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\release.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
836	chrome.exe
836	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 4732	4836	chrome.exe	78
PID 4836 wrote to memory of 4732	4836	chrome.exe	78
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 5036	4836	chrome.exe	79
PID 4836 wrote to memory of 4444	4836	chrome.exe	80
PID 4836 wrote to memory of 4444	4836	chrome.exe	80
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81
PID 4836 wrote to memory of 2904	4836	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shorturl.at/CkD4x
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbe880ab58,0x7ffbe880ab68,0x7ffbe880ab78
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1776,i,6829444796164972837,8482415578426236903,131072 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1776,i,6829444796164972837,8482415578426236903,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1776,i,6829444796164972837,8482415578426236903,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1776,i,6829444796164972837,8482415578426236903,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1776,i,6829444796164972837,8482415578426236903,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1776,i,6829444796164972837,8482415578426236903,131072 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1776,i,6829444796164972837,8482415578426236903,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1776,i,6829444796164972837,8482415578426236903,131072 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1776,i,6829444796164972837,8482415578426236903,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:836

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3add3a6ff8574ca89e54a11cd153e652

SHA1
543029afbdb23d4a4d1aba0dd8f05029dd6a47eb

SHA256
e09395db3d9fc00efcd19ac7ece8785f2a435ec3e076ca362612b26625903211

SHA512
7e6416b076965347d43f658bf6ef69d26ca74eac1e3cdbf20e4682ab0d827883884bb96e96c72f604af72e25d27eebbfd1d1c80911b0fe8b36f05d1191a1122a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
019c33b887350bbb1bb2db6986a18d96

SHA1
bdbb07e28d972949606b1bbfa499b9d32561d328

SHA256
9181683752b66fe0aa67bc50344025124bc8c20e5b30ac94ab705a572a248a5d

SHA512
d589bcd85694342cf3a050400efad006e10f5addedd8831485d04966044676349f85410b1c296bffd0502cc1d7410fb742a6038958fa6e5dc2168c3d828701df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
80ac4567a61fa8621a39eb6959e4f906

SHA1
659d2c2423266a557bf361ea1ed42d3416c565f1

SHA256
e39f354a64d4a1918a4a3dedca39e07b88b42a6079d7c24e0fbfee0cb4200994

SHA512
8817c6f18c11c104601c7d1e3bb871052ab79cd8f67cfa27569af15d80d1b4d58bb74e0fad2a2c9183d7f0b6948f8bed753610a6d3500093e50bfbf751f3a4a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e863e97df502caf192e4e38e5bb22623

SHA1
4e7a3ffc3e2e473b5cdcb2072698f965566dea7c

SHA256
0ac01a9d49053d7448f9c3c3fc3a25b7ff1cb77b353321570291617028de480c

SHA512
1f7f0064a2bafc1b84b8aa14cd4f5952858ae64aa653e7d8904580624b6961bf4461f22bcdf9ae2f3d7d37686e7594766d0c3d41fe63457fee07769671d19e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
e4f7f164e42b6fd06b69f2eda1957c1b

SHA1
915eb918e8ebc2c75ee40f0f2495f696fbd86522

SHA256
7107c25b775c453f2e82a4382b4b34c232184e89af5d0562e7b1cfd052828360

SHA512
dacaa2bee96f166f11fe03b0adbf87546d4854e2e6d7f16a5b1923d9f2590e747a3a9a974c1af9344112c25db965da53032a458d46e23055e2d1b58b9a83d5a5

Download Submit
C:\Users\Admin\Downloads\release.zip.crdownload

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit