hxxps://sc[.]link/vOBtr

Analysis

max time kernel
96s
max time network
97s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
07-06-2024 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sc.link/vOBtr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133622227453505390"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2804 chrome.exe
2804 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2804 chrome.exe
2804 chrome.exe
2804 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe
Token: SeShutdownPrivilege	2804	chrome.exe
Token: SeCreatePagefilePrivilege	2804	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe
2804	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2804 wrote to memory of 3064	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 3064	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2192	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2820	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 2820	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe
PID 2804 wrote to memory of 1148	2804	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sc.link/vOBtr
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8d6259758,0x7ff8d6259768,0x7ff8d6259778
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1856,i,1806766690273244533,14745709936501894275,131072 /prefetch:2
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1856,i,1806766690273244533,14745709936501894275,131072 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1856,i,1806766690273244533,14745709936501894275,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2664 --field-trial-handle=1856,i,1806766690273244533,14745709936501894275,131072 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1856,i,1806766690273244533,14745709936501894275,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4704 --field-trial-handle=1856,i,1806766690273244533,14745709936501894275,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1856,i,1806766690273244533,14745709936501894275,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 --field-trial-handle=1856,i,1806766690273244533,14745709936501894275,131072 /prefetch:8
  2⤵
  PID:4592

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
c3010d2f11e26643cac67fe182361104

SHA1
09ec9154e4f61d98614cd99947b51e3a44786ec4

SHA256
3c644d337213f516aa674efe5e8ec6eae7c595bd26a04e82c2f38164f472a126

SHA512
7b4a91b01d121b1ff32e5fbed40dd4f4d5bce2246285c4f9dc7e7ebe73dcac3c66498e3d404b3cc11477cb9eb049c2aca23ccb383112e204a8165349b94105e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4b8ad8bd91083878a7f11f212d5523e6

SHA1
8a671c0a58bf04d855b17a846faafed6e9f2667b

SHA256
aebceba1d66a7b1e6049cc1ccba1d82157c6e159cffa00b382be5c4d7e7e1551

SHA512
379b724d0b9560cd443cc56d180e88b32978eb1e86332eb71504d9a2cdf1e4a4ff6205bfb34fe8ba8150575677e9359acd3163fff22e82eaf232114847d2410c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c4c6547c35b9a1fff96f5522a91e0a6e

SHA1
4844664ba62972ee8284272b7459ea63e5ca0fd2

SHA256
2611fb3d2c3bfe859be4121ced0ce80b52aa6099a5697b6312bc26be6850ad45

SHA512
c638ef1e045eea630f82cac3e12adc09474b6c9a68ee99f8a7f9a46eeb526d5e92e78793446ba807e19238e4a15ba0da5d26d79629b7ef23023ea8b286c43ef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fe256e40b34a16f9ab2ae2b1aaa31c88

SHA1
768a086f08227e76b776940b39d0e04509cd4a63

SHA256
9dad640d6e8627cbc75fbee127ff8518f8231b6d996717e721546e1ea8494c2c

SHA512
31dd560120c34cf5c26abee45497229aeca14f46da24f972238bf80002ce98addb8e0822fa4132e9564b360713afad25a4e5f8dd60b7b4acdef8081dfb295af2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
854437f1ce25d56291544c6cde00bcc8

SHA1
69d9bbbe73ebef6ef056cbec3511211be86c39a8

SHA256
8047fe83fa09e47dea5f164109fc1b74f0736963b9deb45a67b33e9b60d3615e

SHA512
9b7499782cb3dfa1f68fe2b59d4fa164381110a7bd6164ea2ef1f5f6179040e5cb9815d45f574052ffc67b65b580241edbb334c8339a57d690672f7a9e4beadc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
46ce8252e838fed3574705485c158450

SHA1
f77494895b24d5c99bd8ed39a899d1e5a512f5de

SHA256
a70c4a41eae5a1e5fb9d4576797cbf2059db47b4d8097b4dd45344ed461a7f61

SHA512
3c4f2508fd8f421a6759259beb48ddd3ab46de0cdb09404916a031b776eb096b32b2713ca5d1cfd4a0f1f400b4f49f206c5d4c0edce1055eaf0d857113d29ced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
a3501a626f7263e8a6d28abf38d3875b

SHA1
1146f169e8b53261b99bac1a6ec6791e52354f72

SHA256
3a3f0a4a894be042859a34a96f52c2b94cc470f2c8b1bac742f749f1bbe612e0

SHA512
1fd4d2cfd75a2cfb1812713a162f870ad6fd8c89943dc26743fa4de5d85a5a1e9a10f2f97fe2a3ba5c205ac38fe9792b33b3a99c4aa4ffdaede38cf1b32daf54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2804_HMWTXJOERACILRIX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit