Analysis
-
max time kernel
118s -
max time network
94s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
12-06-2024 18:09
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://zpr.io/42ShbWTH2JNA
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://zpr.io/42ShbWTH2JNA
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
https://zpr.io/42ShbWTH2JNA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626893565106231" chrome.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
chrome.exepid process 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid process 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe Token: SeShutdownPrivilege 2812 chrome.exe Token: SeCreatePagefilePrivilege 2812 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe 2812 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2812 wrote to memory of 760 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 760 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 2316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 2316 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe PID 2812 wrote to memory of 4824 2812 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://zpr.io/42ShbWTH2JNA1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2812 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa8db89758,0x7ffa8db89768,0x7ffa8db897782⤵PID:760
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=296 --field-trial-handle=1644,i,18341160223455140563,5783584402092556119,131072 /prefetch:22⤵PID:316
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1644,i,18341160223455140563,5783584402092556119,131072 /prefetch:82⤵PID:2316
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1984 --field-trial-handle=1644,i,18341160223455140563,5783584402092556119,131072 /prefetch:82⤵PID:4824
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2828 --field-trial-handle=1644,i,18341160223455140563,5783584402092556119,131072 /prefetch:12⤵PID:4112
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2836 --field-trial-handle=1644,i,18341160223455140563,5783584402092556119,131072 /prefetch:12⤵PID:2792
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1644,i,18341160223455140563,5783584402092556119,131072 /prefetch:12⤵PID:4668
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3056 --field-trial-handle=1644,i,18341160223455140563,5783584402092556119,131072 /prefetch:82⤵PID:2960
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 --field-trial-handle=1644,i,18341160223455140563,5783584402092556119,131072 /prefetch:82⤵PID:2204
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:5100
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
776B
MD584711b40111c923d8c1d3812049cb466
SHA1b4cf7afa2b9608b39a2fdd097b741164f511df91
SHA2567040093a88e1daa9ef14a1b247f76ff600a599fbb771e07bf29e3bb06811356c
SHA5121fa68f4396d697c82583d8a66e5cbc518fbe48c823900dc50f883dcacecb2b106d57d01b222898c736a0d9391308e317f9ad8cc65b3830c70566ca0a99ca73df
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD545cab7b78c299f57da4d1a90c10f86ab
SHA13bbb29f3b6db6eecfe78c5e64a7fbb2f9a40197d
SHA256941a63cfc6ea28685c3ad20c4d8b2bdf962a9d499785645b1bca1b5b31eaa931
SHA512e0a1c35bad28e4d7fb1d655f6cb5cd82ee7c44935a037cbce73472ff20f09c5b4bd09c809cfa60975c46d7581691a2ea5bbbb0ef2d707feb4e584bfbe7557067
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5552412f21ff78c5289ffbfafd85a8d45
SHA1add925b92966cf7b77511afc7378f0fb2269b361
SHA2566ecc9fea23ff875d596a58e16e6e6044f9b5a28d80d5c0087c5cb2c95d740c7a
SHA512dd0e7096893bbf46b7bcd00e14b8114dd53ea68e9d3e3e0945b446654f270f57a5df93dc674faf32202beca2bc8e831f8edf953641e0c83747f04c0fe8a2133a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5742428ac8a812187d575c9b48a81325f
SHA19c29e5f7d89c9a3339dac2dd413ebadb0b192b1a
SHA256fc0c98bc99ca9d57e0baea3a96cb20ebfc2c0a1e66effa6e702d945b695627d6
SHA512b12052ef0146c383fc24af6aec11e234433b446efdc0361b154ae3ffec06427489d110c41a4b16ce37600450e220ac14b5496b4b5248c461bf77571a93ae0d79
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD5577a859ba5ca4f854548325fd3d018a7
SHA1d6a32b70f24b3a3a1b2cccd4fe4adcdc396cd806
SHA256d745d2f3af740d99164db31f5819ae340e4bb134f9a11f2452cf9bd76b619dda
SHA512b1c4903157e01d252d69b8f0171b6ca0c64533b07786abb5920210e659f330d05c9a008b8b6b3996b5111c0cd82cd8a104fc3ebb3bc57f93d44a44de448d46e0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
\??\pipe\crashpad_2812_AZOEYABDZKSNNYZDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e