hxxp://unisis[.]co[.]jp

Analysis

max time kernel
1s
max time network
19s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2024 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://unisis.co.jp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 4136	4408	chrome.exe	82
PID 4408 wrote to memory of 4136	4408	chrome.exe	82
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 1068	4408	chrome.exe	85
PID 4408 wrote to memory of 4736	4408	chrome.exe	86
PID 4408 wrote to memory of 4736	4408	chrome.exe	86
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87
PID 4408 wrote to memory of 2288	4408	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://unisis.co.jp
1⤵
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdadfbab58,0x7ffdadfbab68,0x7ffdadfbab78
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1920,i,17061152148963801411,8359196630006824781,131072 /prefetch:2
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1920,i,17061152148963801411,8359196630006824781,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1920,i,17061152148963801411,8359196630006824781,131072 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2792 --field-trial-handle=1920,i,17061152148963801411,8359196630006824781,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2800 --field-trial-handle=1920,i,17061152148963801411,8359196630006824781,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4136 --field-trial-handle=1920,i,17061152148963801411,8359196630006824781,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4524 --field-trial-handle=1920,i,17061152148963801411,8359196630006824781,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=952 --field-trial-handle=1920,i,17061152148963801411,8359196630006824781,131072 /prefetch:2
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1920,i,17061152148963801411,8359196630006824781,131072 /prefetch:8
  2⤵
  PID:2748

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2096

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x3d8
1⤵
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
b4e2d90780a0ebdeb7b2066cc18addff

SHA1
dfc3a3bbcdc277059bdfac5bf001b2a78122088d

SHA256
678096035308c41f6faf0eaf72b4c6dc1df6dc0430b607437a252cefa8003d52

SHA512
04e97f0e6e6a9f730fbb4da38affe0130445c74c141eb673435cf6afcd261d75f789b6c6a29e66dac92c2fca69473dfd9b45709de5abde678b5ba22b5efa3fa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
501eed5e9ce76081de4b2784fcbdeb02

SHA1
2abcede6b0f906d5bfb19d533aa9a66898cbf632

SHA256
c6968b63f1d094d87e90479bfc69733ee6bb345f42f6e746a2283987c4ec08f9

SHA512
226ec27cf5aeb9ffb0680b7617d679a0f8880cd2ab14844556cc10d72e7ae75dbaf3e3be1169c1d654b9f2e4e7cd86cc5437a74a55ae1b31bcce56e7c4647d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e2d54324d454c103eacfb55397aea830

SHA1
c55d9cc04366759c6b80829b7c74f7c1c1fe687d

SHA256
90894339539b7e07ecbba7131477f8c7737f6158544ffc57bc65db4655ecc971

SHA512
5b5929f1b10a1364bb9dcb5d3617bba0750d66cd48066dbede29a8453069257403e496fa49cbdcff7b3cb3712c026787eb1e0bce9fb47dd517aea1d8d22604e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
92429882910552cb0072922935bcc695

SHA1
613ab4d9db75fc6e0df21432709959e816133e09

SHA256
7cc2a5c727b555b2b82e76b7ffc02bcb8eca17846540e6c1833fb62e39d9300e

SHA512
7a79733955f119ed7a71c6f61b12b79c7bb3d9021f408f3460bfda9d1a7f5237e57fa8b88d62c0fe9b1fef29fce9fe03a5ebe7cbe0033b12ab810eab47f0b480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
855B

MD5
8571556c49cba1cff9f7eec4047871df

SHA1
6ba9d4fe8e05cceb9a70322a2ff5086f03edd8b9

SHA256
334718180226b45abbfc2225b7087934276c7225f67d3bc7503add21becddba1

SHA512
084abcd01794799f6787153a2b73c78ff49476cd2016b43c1aef56b87b1d5f7e07de92355fe03d2b9702b5911f8451a715b3ccca5fe7dd3d4e8b43a177b5be8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6222d08172356b3f049deb681a8fbfc9

SHA1
f03caf64e3b0a1d5867cd19c8c591043c80fcd4f

SHA256
fdf937da48ea713daa1c7a791fd8b9aae3f20b6dc786832c38289b2d7a8901db

SHA512
1fc730e82a7e4cba1f3a594ee6ef1f4de00afaf75ff3ba41fefc8771e7e6561e00938d36d02d14f86599cde1929cfac95580459611d292bffca101866b212a00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
d3e7b62e97868b1982bffe1cc17632b7

SHA1
3aee2a900323d85c19f15ca0dfe8dfbb3446d86d

SHA256
69ceaddd65cb36ce2db978abc5676153c82391ec6d4c252e78795105199e3cf8

SHA512
e1eab1a5bb507fc319d33e1afc2fbb72bd23d896e625ec7c9e1cde2ecb221a14f03bfab1a1355f68b0d1334ff6dc6c4ddcf4513426e56c5f7a17b10d00337413

Download Submit