Analysis
-
max time kernel
125s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 03:42
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://sc-datasink.ffe390afd658c19dcbf707e0597b846d.de
Resource
win10v2004-20240611-en
General
-
Target
http://sc-datasink.ffe390afd658c19dcbf707e0597b846d.de
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627237589803854" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3224 chrome.exe 3224 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe Token: SeShutdownPrivilege 3224 chrome.exe Token: SeCreatePagefilePrivilege 3224 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe 3224 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3224 wrote to memory of 2080 3224 chrome.exe 89 PID 3224 wrote to memory of 2080 3224 chrome.exe 89 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 1036 3224 chrome.exe 91 PID 3224 wrote to memory of 4412 3224 chrome.exe 92 PID 3224 wrote to memory of 4412 3224 chrome.exe 92 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93 PID 3224 wrote to memory of 2176 3224 chrome.exe 93
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://sc-datasink.ffe390afd658c19dcbf707e0597b846d.de1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3224 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee5eeab58,0x7ffee5eeab68,0x7ffee5eeab782⤵PID:2080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1940,i,11910178990657484417,6078795171045014121,131072 /prefetch:22⤵PID:1036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 --field-trial-handle=1940,i,11910178990657484417,6078795171045014121,131072 /prefetch:82⤵PID:4412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1940,i,11910178990657484417,6078795171045014121,131072 /prefetch:82⤵PID:2176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1940,i,11910178990657484417,6078795171045014121,131072 /prefetch:12⤵PID:868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1940,i,11910178990657484417,6078795171045014121,131072 /prefetch:12⤵PID:1004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4140 --field-trial-handle=1940,i,11910178990657484417,6078795171045014121,131072 /prefetch:12⤵PID:3248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 --field-trial-handle=1940,i,11910178990657484417,6078795171045014121,131072 /prefetch:82⤵PID:3120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 --field-trial-handle=1940,i,11910178990657484417,6078795171045014121,131072 /prefetch:82⤵PID:3012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4604 --field-trial-handle=1940,i,11910178990657484417,6078795171045014121,131072 /prefetch:12⤵PID:4428
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1040,i,15316930299780304231,7592852768794498680,262144 --variations-seed-version --mojo-platform-channel-handle=3104 /prefetch:81⤵PID:1632
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD58bdee21841cea23609a2be43eab258b2
SHA18b49f9cec1e68f9a97332cb6e78020a99caa19ae
SHA2562424bf5d5460a6f192afaa24a02a5197469c118c18a6a9562e83757101ce8edc
SHA51207aaa4548c3c10e62ed328da28dbce796c43b329c633bc5ba94062106d17c63ba59bd31696dcf3917f4d7cd99da0d547cb85d4fc1cc91554cca2a029537a732c
-
Filesize
2KB
MD57717694406b1309b6034cecb013bf5b7
SHA181a4da71b94e6839abaf6794d44b62e39102bc68
SHA256160774bcbd2c21dfe07f1930b94be4078a41d54cad3f3cc3a0a06870fbc8329f
SHA5129820720d9fa66f75fce284ebfadfd1229e74d59876f85c7e09a5809b662131fd5e3a6af0fd2df5f7460d3967a129f237c75cb960e340d9c61e7c877ba9d7017f
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD5d3c0f0816b33f2158c37d54572396399
SHA1db662b746d7cc5aa743cedb603b74bee5533638f
SHA25655164456b70abc7b966d859d67bf8d0378247175c343a9b176e24b5410a98580
SHA5120f49b617c96a9559d5ea1a71fb9415c0ecb074cf688e91d79d4832a551edd41cdcfbe27f865bba25675bcca610f6171a6719d91704976d37b012486d7be4605d
-
Filesize
7KB
MD51b03c94c7b07a66af7191c9c570513c2
SHA1815d0b6de2a1a3dad8689a40ad4d30d0e594518b
SHA256f5ed29666725a553e3f651ab0c98ac70fa251b1394e5cdc6281b7a8261e82c2d
SHA512cf5e2cba8a38892b893be7c5777570f99d2087896b27102827b4231c22fe774203e051af3611d92ceca081a4d53f0331a436dfccde042ecf4f7b567197f0ce75
-
Filesize
138KB
MD57f41282b1d58c015968bd8c4881c8385
SHA1dd71da29e8fb8514b3ffbe6c9fdde82dcbe2ddb2
SHA25661f9919ab79e50a4185cda3908bba44cf7613446dad34e120273a9cda81b3c8a
SHA512e13caa2fbb944c5aa4dd23ab4b6cad500ee37bf30a72cd797a51a8c0887a5b31b10291d5cae0f79f5b728f4e87e6aeee1f3757b4a1264802675a5b87f6c41033
-
Filesize
138KB
MD52c79fef23a4cdb0df3e96747d346a48a
SHA1d9b30d44c4df4b630cc103ca508cf1c09b69ca1e
SHA256111cbcaf7066078c944d36a937613b20b83526055cd80d32b421fd62730e9171
SHA5123ffcfc24c9bad43e6aa10863a82ff6b6091e7dc06346ddfb512a6b1a17c47038eece14704e202bb665cc01fc3cf4c1782c25bf23820fdc067c673705e225518a
-
Filesize
264KB
MD52bb0302ed05b08b88b897a710ed79581
SHA1067cdc2b2199b7fbf55b137167e1a944b374df01
SHA256a6c2dcff6e7bfddbc323c3fd49ccd1cba28e175f26afd381c726b69dc17985aa
SHA5123281c721065b66142ba8397995a46a9cc7f169ebb22c2a74f5cbaafb186af5bb6d6a3b188e4899682bd4178f5aa1a73a3054d200f487007f78d3f81c31134621