hxxp://homemerce[.]com/image/cache/catalog/products/Dimensions/New%20Style%202024/BFS2_size-1100x600[.]jpg

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-06-2024 13:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://homemerce.com/image/cache/catalog/products/Dimensions/New%20Style%202024/BFS2_size-1100x600.jpg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625000903624983"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1536	chrome.exe
1536	chrome.exe
1712	chrome.exe
1712	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1536	chrome.exe
1536	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 4740	1536	chrome.exe	80
PID 1536 wrote to memory of 4740	1536	chrome.exe	80
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 4932	1536	chrome.exe	81
PID 1536 wrote to memory of 3236	1536	chrome.exe	82
PID 1536 wrote to memory of 3236	1536	chrome.exe	82
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83
PID 1536 wrote to memory of 3208	1536	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://homemerce.com/image/cache/catalog/products/Dimensions/New%20Style%202024/BFS2_size-1100x600.jpg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe417ab58,0x7fffe417ab68,0x7fffe417ab78
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1864,i,4988333047403525186,3075732888203483722,131072 /prefetch:2
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1864,i,4988333047403525186,3075732888203483722,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2056 --field-trial-handle=1864,i,4988333047403525186,3075732888203483722,131072 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2708 --field-trial-handle=1864,i,4988333047403525186,3075732888203483722,131072 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2716 --field-trial-handle=1864,i,4988333047403525186,3075732888203483722,131072 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=1864,i,4988333047403525186,3075732888203483722,131072 /prefetch:8
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1864,i,4988333047403525186,3075732888203483722,131072 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1864,i,4988333047403525186,3075732888203483722,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
851B

MD5
ca357e4997f3e75701b018a498e1c440

SHA1
e090ae221e4e3f64b406c0f9644c47f3960ab053

SHA256
89ddc309814496261ed1eec427d84e52d5cee279f4291d01137f98d30481a5ec

SHA512
1bf1685082f091fd86c89e1cf2d452427b5042af1a89f2c02acdbdee804994b7d9d710fbb3da96b380bca595df04445090bde5d1a358e218109bdffee0951140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7223c975b3af754f168fa69d5daa6014

SHA1
aaab030f3791a797ca2a22a72805899b4f609912

SHA256
f16fb260fad1e51acdb07efe9b46fea659832823a2b2f6a50456f6adb86dd0d9

SHA512
ceb7c82ab90c2680f560c5fb72c26c7046eb81c03a407af2ef074d1c05c58ec07494acb26f186b37cf2f31ec2320ce204d0151a72d5a6e2398a97be2eb091cc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9408cb34d463a41ec8687f2a2e2bf8f6

SHA1
d8587905023585882c96e59f267f8c3a63f28e8c

SHA256
857e76df5c0b7e52871afeaf7da48fe9ede83773feb8f8ecb689669289f4e007

SHA512
c5c2ce166af5589d1c78f5ea4c192620df5062d96f4e9f0f91650d322a627633cffd93bb2f5d76fe68a70afa5e5489872245b7f4a2a423599c45f93a948afef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ea195feb-b67b-48c9-95ac-5d1e1f94e06a.tmp

Filesize
7KB

MD5
51156b3b3be4809d2eb42c4d77f969f1

SHA1
0dc0fb94080be7191599936aefaec7059239172a

SHA256
fddbd0018f892b0d34c5cd85e7bb6a90195b791800c33a373dc92f342bf3f652

SHA512
c5afa668155aacc2189311dc286fc6f929d21296a8c5f52c23971d935715aae0f685ab42aeadd8f331d9a32fda0a9e6585a732a0dc90329367074090e3938ddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
07cfd719220ef4da309bf5e602336c0a

SHA1
e436c81ead8e16227e2ff5a95a38ca1b4822d770

SHA256
f87796098fb2a853d5889b2925a7c546fd60255e544860cee5cc3429ff0471d2

SHA512
4afdd0ed36fcd091be85874d125b05ca3209a0f0ff4ea3865b2cc2ee9021b908c2550cd34a5253162be0dc22386488eed0b35fcfb4691955375de5872267a18e

Download Submit