Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
12/06/2024, 15:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://betonrossi.atlassian.net/wiki/external/NzIwYTI1ZWQ5ODMxNDk4ZDljY2M5NmFkOGZhZjM3ZGQ
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
https://betonrossi.atlassian.net/wiki/external/NzIwYTI1ZWQ5ODMxNDk4ZDljY2M5NmFkOGZhZjM3ZGQ
Resource
win11-20240611-en
General
-
Target
https://betonrossi.atlassian.net/wiki/external/NzIwYTI1ZWQ5ODMxNDk4ZDljY2M5NmFkOGZhZjM3ZGQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2100 chrome.exe 2100 chrome.exe 2588 chrome.exe 2588 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2100 wrote to memory of 4208 2100 chrome.exe 80 PID 2100 wrote to memory of 4208 2100 chrome.exe 80 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 3104 2100 chrome.exe 81 PID 2100 wrote to memory of 4000 2100 chrome.exe 82 PID 2100 wrote to memory of 4000 2100 chrome.exe 82 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83 PID 2100 wrote to memory of 3996 2100 chrome.exe 83
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://betonrossi.atlassian.net/wiki/external/NzIwYTI1ZWQ5ODMxNDk4ZDljY2M5NmFkOGZhZjM3ZGQ1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2100 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc699fab58,0x7ffc699fab68,0x7ffc699fab782⤵PID:4208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:22⤵PID:3104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:82⤵PID:4000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:82⤵PID:3996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:12⤵PID:2860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:12⤵PID:1140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:12⤵PID:4556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:82⤵PID:3196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:82⤵PID:864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2588
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2928
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5d2e62c68b47d09dc5203c13e5937f3d0
SHA1d0e8bc6fad1b80f9b319447f709d174ef050d295
SHA25625bdd14e4ada514fe3439113730f8031586bc5a15e49f5dab8751df89717460f
SHA5120a7d83d4d1aec0f6e0ac98f3eda32275cbd9b52b5df05ad294140a306b59470381150799368033b446da541ef06768b65faf136aaa95f544db17c4cd1df8d3a3
-
Filesize
2KB
MD52598abacc71dda641b5d1bcc6f2ae96b
SHA13a28734477a3cecf58162179bded11105d9d2e56
SHA256cc7e9f67ab9b446ab5d1a106b934f0c792ba95b62f40b3f29e3199359498fda9
SHA51263f49d24fc9f575c46117441385aecdb37d9cb3d66a3ba213d1d2e39170eb999a57c4e89c07ec75e7685a09eeb2c1b2293fcb1cd762434a0782a27d156ed0206
-
Filesize
1KB
MD592af8471b010b178ebc3191eb25d90ad
SHA1d71f2641bf6184e5d313973ccb4e550e5d92eceb
SHA25681b388bbf44a5b7dad1fa4470b0f929e84a2a8ca479832251b8aae25eeec2b1c
SHA5129ce0a220c6b8f9fc50db1c384d7f72bfaa1875690b08438d9865fd5b90fa94dad45eeb1cd2bad5494a0dbf032b876adf8fc3c38883e4d4684b132e8d165ff3dc
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1018B
MD57490960f2bbeedcb62737d2fe5b28c48
SHA185ecd5df49f86d7be7f74e4a3672649795351639
SHA256377dac23c8ff192185f2fcc9f2fba30f38b2a1d0f770acd59eb886e52cc375c6
SHA512e16725a6ac27e029fbb6ecad15ae78a2962f5c8a9b62692a840b9278c4916e63426c0f244cc7516293b0c6edf2da74f92300cf45388b2f82536e13df85216dac
-
Filesize
1018B
MD5bbb15f200661eaa4d3e1e15c80875b58
SHA165054e4dd178bb365c40979d71fa5c898cde58d4
SHA25634436f64bf2183fc71f4b0b1fcb82ab66b5501c9574996110e3cffd75609fad6
SHA5124da0568e6e3f195aeaac22f009bd8c86544e77f28f39c98e379422eb2006244f7732ccca11a2823568c7f7871eb734cc96300de09e9b29e86ac3b76f7f5f3426
-
Filesize
1018B
MD5971973a732970899c4d3830c4a8f8d39
SHA1f19108277e509f24021372d0f966b4534d25fbb4
SHA25650983600be885933fb2e189134ba14906f58bc5ea36ce5b817c9ee68e7235cce
SHA512f3ab166ef07ca85164f2b2c3dfecf7c860df385a0d9af1cbca4115bf362b640df87d3c294e3b3591ecdc228d90d9d29fe9e8f81d7efd03d18c849df4865ca517
-
Filesize
1020B
MD51c448704b700a966f29fcdeb51aa6f81
SHA1ecfca7195f38eabca9e0ea80fafd388a5a450b77
SHA25602672a44b670fc189b5bb36b0e339da84c11d9d462d450302108c0361fba850d
SHA5122a54401b818c14d2e5588ab6b9d99c78206ea4d91bd8dfe4bcd2f1538760675fe17df4f3b06541ce4453205a38034cfc4f8e8bab67e5531ec8291a2465312975
-
Filesize
6KB
MD5f0bce2eb746161f6c7dc704fc53cc963
SHA1ce103626c5f0cabbb39732e68d15fe72dfbfb8e6
SHA2564aa59254bada14ddcb27aad2543c04040b2a5144a3b3b799a21fee47d4d622b3
SHA5123c0de4f03b4be77aa43ff27e2c8ce6f2a4d72a1f6355e2a4183ed71c4a38bc9591f56ba743bc598d55ed5d1560a466c72d7c8aba4a3957c072caf0b97d38debe
-
Filesize
138KB
MD5219c6f69e57067e0527ba3d3e8f90371
SHA137b05dc2a26ff3ae398c155d1054ee743f5fb040
SHA25679bf5e9b3fcfb775dc7ccfa2e4710a108c02bc7315db0fbfb763722e419a25b9
SHA5125624f03d984172b86210c2c772533650b54769248e4a12845b46f82c3a3f1778cb907dc7d74ce094f0632ea7cf9e6bbe65af36ddf1f3798d31ed70e682f39b3b