Analysis
-
max time kernel
16s -
max time network
10s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 15:12
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://4dzar55ab.cc.rs6.net/tn.jsp?f=001C1CCnoiygU9ECS36KuSfCsVfcQrxBQmf_U-EmFgGjXpgoq5qQELX5k-KVtwj5dN5dUYxVIdSPCuaG6K58O4Iac6vl75Rri6_s_IbF8U8XmTq_kWOthLTaGntFffGzFI2e6uh8XIXO-r2urDaNc2K9dPRd7uhlkw7Os-shu7Hhq8XvZE6e5m9xuK-qbZysNct3TNstN2orYyi3eIfwCmNWGY9FNvLthdxbU6giiThm4cFuFLKve-okaNjwzBa8BQm-dndRMTTk29xv2hCX_wLdCiV2g_O0_tI&c=wDeIZ7QFuC3SRDXx41bootu4AsYG2-GeakXeOONtfuefrfhRHPvUGQ==&ch=QPN7ZO6uCUMeVvM-I5W7NSvIMR0xpPx_o9RjvwMeo-KsQVM5WIGSvw==
Resource
win10v2004-20240611-en
General
-
Target
https://4dzar55ab.cc.rs6.net/tn.jsp?f=001C1CCnoiygU9ECS36KuSfCsVfcQrxBQmf_U-EmFgGjXpgoq5qQELX5k-KVtwj5dN5dUYxVIdSPCuaG6K58O4Iac6vl75Rri6_s_IbF8U8XmTq_kWOthLTaGntFffGzFI2e6uh8XIXO-r2urDaNc2K9dPRd7uhlkw7Os-shu7Hhq8XvZE6e5m9xuK-qbZysNct3TNstN2orYyi3eIfwCmNWGY9FNvLthdxbU6giiThm4cFuFLKve-okaNjwzBa8BQm-dndRMTTk29xv2hCX_wLdCiV2g_O0_tI&c=wDeIZ7QFuC3SRDXx41bootu4AsYG2-GeakXeOONtfuefrfhRHPvUGQ==&ch=QPN7ZO6uCUMeVvM-I5W7NSvIMR0xpPx_o9RjvwMeo-KsQVM5WIGSvw==
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1892 chrome.exe 1892 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe -
Suspicious use of AdjustPrivilegeToken 32 IoCs
description pid Process Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe Token: SeShutdownPrivilege 1892 chrome.exe Token: SeCreatePagefilePrivilege 1892 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe 1892 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1892 wrote to memory of 396 1892 chrome.exe 91 PID 1892 wrote to memory of 396 1892 chrome.exe 91 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 4248 1892 chrome.exe 93 PID 1892 wrote to memory of 1900 1892 chrome.exe 94 PID 1892 wrote to memory of 1900 1892 chrome.exe 94 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95 PID 1892 wrote to memory of 2988 1892 chrome.exe 95
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://4dzar55ab.cc.rs6.net/tn.jsp?f=001C1CCnoiygU9ECS36KuSfCsVfcQrxBQmf_U-EmFgGjXpgoq5qQELX5k-KVtwj5dN5dUYxVIdSPCuaG6K58O4Iac6vl75Rri6_s_IbF8U8XmTq_kWOthLTaGntFffGzFI2e6uh8XIXO-r2urDaNc2K9dPRd7uhlkw7Os-shu7Hhq8XvZE6e5m9xuK-qbZysNct3TNstN2orYyi3eIfwCmNWGY9FNvLthdxbU6giiThm4cFuFLKve-okaNjwzBa8BQm-dndRMTTk29xv2hCX_wLdCiV2g_O0_tI&c=wDeIZ7QFuC3SRDXx41bootu4AsYG2-GeakXeOONtfuefrfhRHPvUGQ==&ch=QPN7ZO6uCUMeVvM-I5W7NSvIMR0xpPx_o9RjvwMeo-KsQVM5WIGSvw==1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1892 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2146ab58,0x7ffe2146ab68,0x7ffe2146ab782⤵PID:396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1904,i,6854118225685925045,6817643563556924313,131072 /prefetch:22⤵PID:4248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1904,i,6854118225685925045,6817643563556924313,131072 /prefetch:82⤵PID:1900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1904,i,6854118225685925045,6817643563556924313,131072 /prefetch:82⤵PID:2988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1904,i,6854118225685925045,6817643563556924313,131072 /prefetch:12⤵PID:3312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1904,i,6854118225685925045,6817643563556924313,131072 /prefetch:12⤵PID:5072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4392 --field-trial-handle=1904,i,6854118225685925045,6817643563556924313,131072 /prefetch:12⤵PID:1440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1904,i,6854118225685925045,6817643563556924313,131072 /prefetch:82⤵PID:2628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1904,i,6854118225685925045,6817643563556924313,131072 /prefetch:82⤵PID:1532
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4648,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:81⤵PID:1308
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5dcc2a7203929231f9cab52c85282b511
SHA1b9dc26c3613dc9e19a28a8d070b4fccc8a152a85
SHA2561e3e5e7a3b5dc619e54e8308b8d104847856d76411cbe6b887c6bcc92d7d7ba6
SHA512fd1b950d075b0bca8e160acf9bb90e9eda8bda658ebef55496be1e12b0a174aea554cb7e73b7332ff552e7f1c3ef72d17a10a7d27bd4f7284e33f3e44b0d85fe
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
692B
MD5e2b8eae1be6d01e0013984f021c29cb4
SHA1371c5db598473be5ce44c9b6e0a1d8577c5677aa
SHA256ad715f88f4ffbd67d02a8c09dd78c0d33231f50beb30b63ec115d994a4a25a0d
SHA5122d7fc950a5226d3234cb1d090f57dc4cc0fb6474f952fe7027c6efac9d1afaf5c8a2f6f2545e0aef6e41088b12838f7c1cc0d616cf5439ba7f27bc771fb40123
-
Filesize
6KB
MD540e48ecc41c06d6c31b752adfd6f6b19
SHA1695751cb427492ceb3c5ca2581728509c0214148
SHA256c7648aeb3881c7583c5013e94dc0019cac15f771e8272a4cdaa6e5efecab5d64
SHA512b5a394e18d85ccc7641c0f0ed1fdea56c2793aa36ed035f41ed99b96ad39aae26d735386889d153c7993a06fe121fc97feea5262cd9b799e35726e384a106693
-
Filesize
138KB
MD5e4edd79f4477fcdaccf85e2c0bea51ef
SHA130764f219b2067486a0686317b6407f9f945e6b3
SHA256d577559631f77f7b5b7b4ab4ac2b724c9896fe94989195c7cef0197882591c96
SHA512779344669fb80f90aacb596371f52cf10e651f5ea1d1d5f70624161883aa25cfa39a5238b64d65382a65af073be0380fe0aa2502b353ff8cd7acbfc77e4eabfa