Analysis
-
max time kernel
149s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 14:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://na.eventscloud.com/ereg/index.php?eventid=790084&
Resource
win10v2004-20240508-en
General
-
Target
https://na.eventscloud.com/ereg/index.php?eventid=790084&
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625882569931630" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 1492 chrome.exe 1492 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe Token: SeShutdownPrivilege 5000 chrome.exe Token: SeCreatePagefilePrivilege 5000 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe 5000 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5000 wrote to memory of 744 5000 chrome.exe 82 PID 5000 wrote to memory of 744 5000 chrome.exe 82 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 224 5000 chrome.exe 84 PID 5000 wrote to memory of 3656 5000 chrome.exe 86 PID 5000 wrote to memory of 3656 5000 chrome.exe 86 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87 PID 5000 wrote to memory of 2580 5000 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://na.eventscloud.com/ereg/index.php?eventid=790084&1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9021ab58,0x7ffe9021ab68,0x7ffe9021ab782⤵PID:744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:22⤵PID:224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:82⤵PID:3656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:82⤵PID:2580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2792 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:12⤵PID:5056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2800 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:12⤵PID:3356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:82⤵PID:4636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:82⤵PID:2380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4432 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:12⤵PID:436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3212 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:12⤵PID:1540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:82⤵PID:2160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:82⤵PID:4800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:82⤵PID:1368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4440 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:12⤵PID:3576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1560 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:12⤵PID:2280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3820 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1632 --field-trial-handle=1908,i,3546432066613913167,13343810355344249184,131072 /prefetch:12⤵PID:2120
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4980
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD52c8ecf111510d13456656fd06584344e
SHA1bc373217d3ed6cafdd28aada67239e8993b1aa5c
SHA2568ddab4fbec8d271e4cc614291346e99012d5f7463f3ed088c97ca2e18fcb5803
SHA5122071fd44bbabf74333ad5765825b6863538c016308c9db5af5c1f58165ba319ff7a02c1eba6fed48001263c871d2e1e809d8da11a4437c433d0992b9824cc323
-
Filesize
257KB
MD515b5db476188c6c07e79c162ad004bdd
SHA155adb72fa150ff1e615ba39b283841fc3902e6af
SHA256e79945a9448e10b1488f5e010385b8df9b82bdb60af40b9b189adf21b5f6deec
SHA512548aa9de02db9bba9f5fbead972fe3d1d2ff06027fe8ed7667c825e0c68ddfbdf44365ac61f6224ec7caa7f10812d7e4798659708324a5dc4f61edc87ec04acb
-
Filesize
257KB
MD59d2757742af13975d6439236b37ba7ed
SHA19637b7fe66600de6a999ce839fecda1948a6ecf3
SHA2565c57f9bae12a0b7bf857d97a83ea1c0253d77432da6132450cf6c7a38ea8a2b4
SHA5128ced971ae565ec2a04d56320c0257370d69dfd8fe8e4a158cea8acb759fda349916ad2a96eafb1809877489b4f464d6c4f23ae40e4bb485fd933bb105efd0773
-
Filesize
91KB
MD51d8f4920866fb726d8780bf4591e6e02
SHA167a6ff7bc3e9a4b89d040a569031c9e23369ad31
SHA256cec753bd6c0351f11b655a3e1cef56daf1a34f079f66a192966fd6c3e3957219
SHA51206006e19729bc994f65d1516ea86a27503a60904c28edc8165cf807ce41881f797c1b5d7ce97012f1c70f52022158c83d14cb831a7413d3b19b78cf1ef451c08
-
Filesize
88KB
MD5fda086e9f9a2603244f010289fe985f1
SHA171706995b6daf3753f1789c47912c28386ccaf28
SHA2560c4dc0abf721f7074d5a1cad61f68ac27f44fb06d0c70e440250852c6894f69c
SHA51219a05511cfb15051b394b8e2de5f3ccd14a5c0ac659c9f1f0e96b3874640fea0d1f86d1603ab67056885a05b7594da480c9ecc998602324e35fa7072459b479d