hxxp://110[.]43[.]89[.]5/squery_v2?274253274

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 23:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://110.43.89.5/squery_v2?274253274

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621895000534239"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1004	chrome.exe
1004	chrome.exe
4884	chrome.exe
4884	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1004 wrote to memory of 1324	1004	chrome.exe	83
PID 1004 wrote to memory of 1324	1004	chrome.exe	83
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 2748	1004	chrome.exe	84
PID 1004 wrote to memory of 4248	1004	chrome.exe	85
PID 1004 wrote to memory of 4248	1004	chrome.exe	85
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86
PID 1004 wrote to memory of 5028	1004	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://110.43.89.5/squery_v2?274253274
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea723ab58,0x7ffea723ab68,0x7ffea723ab78
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1904,i,13434474238218142828,6328442907588544410,131072 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1904,i,13434474238218142828,6328442907588544410,131072 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1904,i,13434474238218142828,6328442907588544410,131072 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1904,i,13434474238218142828,6328442907588544410,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1904,i,13434474238218142828,6328442907588544410,131072 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1904,i,13434474238218142828,6328442907588544410,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1904,i,13434474238218142828,6328442907588544410,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4820 --field-trial-handle=1904,i,13434474238218142828,6328442907588544410,131072 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3332 --field-trial-handle=1904,i,13434474238218142828,6328442907588544410,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4980 --field-trial-handle=1904,i,13434474238218142828,6328442907588544410,131072 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1756 --field-trial-handle=1904,i,13434474238218142828,6328442907588544410,131072 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 --field-trial-handle=1904,i,13434474238218142828,6328442907588544410,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
92940dfaa6c9c7b6f8216c298e30e274

SHA1
d15005fd02d3bd27d2c39d082cc70ebb683d05c6

SHA256
d1b68a184d6a2f1810a5e884d6865594d6439f26541b674c7840471e9d3304b8

SHA512
f6e611cc57477d0779905916af247c891410b7f4d17587f2b6b7733341bbc7236300ffd9ede05b2300de4f38075b8ac83c9b67305025d1032d19cfa64092ed55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
899338081f35424a50cdca8a17d20eec

SHA1
19bea73d113210f79e919758d4a18d208f8cc02e

SHA256
aa8ecb6dd0417aaab07a3a20a9d28971f30126397cd9eb076a5e7bb857287571

SHA512
21ecfcad8809b474c2a9344b8e3d26247910b5ac6d6cf5655885a9edc1de75662ff4d7fa39ea81637070ffbd9b1ee7edfbf8cb2294797801ac07ac4c6a59892f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
fb978f1417bd884bfe2c5fde1ebff5f8

SHA1
9ece69baf7830f0d0f6582dc93b292219cc9361a

SHA256
2af7d8764dbe3d187d2dd0fd894dbab800b98d3e47a7c3737d340b5f06f5195b

SHA512
723c8da36c8eaed346d516d03b211813a34762c76e1c8f8f46e53351b3bdb1e0029d5dbba8ecbcdeef5e33b5c93d01d3e961063851739e545b99269f11e7123a

Download Submit