Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 06:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://events.humanitix.com/nsw-apartment-think-tank-sustain-sydney-2035
Resource
win10v2004-20240508-en
General
-
Target
https://events.humanitix.com/nsw-apartment-think-tank-sustain-sydney-2035
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627331268545933" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 3608 chrome.exe 3608 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe Token: SeShutdownPrivilege 540 chrome.exe Token: SeCreatePagefilePrivilege 540 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe 540 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 540 wrote to memory of 724 540 chrome.exe 83 PID 540 wrote to memory of 724 540 chrome.exe 83 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 2888 540 chrome.exe 85 PID 540 wrote to memory of 1672 540 chrome.exe 86 PID 540 wrote to memory of 1672 540 chrome.exe 86 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87 PID 540 wrote to memory of 856 540 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://events.humanitix.com/nsw-apartment-think-tank-sustain-sydney-20351⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:540 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c0dab58,0x7ffa5c0dab68,0x7ffa5c0dab782⤵PID:724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:22⤵PID:2888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:82⤵PID:1672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:82⤵PID:856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:12⤵PID:4472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:12⤵PID:828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:82⤵PID:452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:82⤵PID:2032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4496 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:12⤵PID:2548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3252 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:12⤵PID:4176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3844 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:82⤵PID:4064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:82⤵PID:4600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:82⤵PID:4904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4608 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:12⤵PID:4956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1548 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:12⤵PID:4880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4516 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4580 --field-trial-handle=1944,i,5357182011496438454,876675590362742500,131072 /prefetch:12⤵PID:2144
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:5088
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD51a7b4eee55d527056973304b29066100
SHA1b36427241c1989e01ebb5527bed09744ac0eaff7
SHA256053f46f52660860fe6b8048ea05a051005bdb640f2920425ef51d35630f552a9
SHA5125f3fc0cab3d844ee5adc59b4aa57735a05e927906d09865c16cda674e197b0d648c35eb90e750224b619a6727eb380605933f4f98fcad70c51d0f7793dc9fd81
-
Filesize
257KB
MD5fed671c541f778927b045ae5c0255133
SHA1e2ccd61a25dbf296402205625793b3faa8f1b18b
SHA256d63654f537bd0f0572ab518d91ed1b230b0fe3d33e54d4ee8022dd28a4de52bb
SHA5126f4eecd4cda7cc7783aa0df3393e83fee76fe05dccaa2b7e1016d8becb8bed0ee26169cda02a935153d4205db206ecdec8ab4bc61788d76ad73287d6c8883a33
-
Filesize
257KB
MD516eec86c691148181e8cef9bf5180036
SHA1997cae32df597d7b806c5960fc56b154a04ce85e
SHA256c57993add92856b7813aa804a6de50c7507d7499d22c2d6b2b34c1d943e89d58
SHA512e0deee5a6b9fa05ad3f10028b2df3e2f6fbc306af6ceec1c8eb6de1cd545f470afc5997ba430c2f432898f1e56b5d76d659bdc7262655b306b5dd23a4ec5ed09
-
Filesize
91KB
MD541359cc8d046d6f11a23f27ae80cca1b
SHA1e490c1be71a9039b169618e5f5543fb185f63893
SHA2568d50b741a7f2905bfb20153c9b55b701f5826fef00d6b81ca0a4f1d03de7683f
SHA51222b32858bd627b53b857dddee6b68103a438c901e070e25f53d4aba18ebcac03a7b1c5d3c65d3a9822c3c45f06b40dbd020b5e51bb098a45f057a6c3dd6d807b
-
Filesize
88KB
MD56312d198783f13f21a7784594306d02e
SHA1f0b76090dd121e2f38681229e308f697f1260151
SHA2566f4601fb2d2daf77bab4bcbc8a28b9d868aadaf7ebb3be9d051fc92a8dfd8c29
SHA512d61d8d75b77e38c8a6176272b830028265f26263249fa9ddd33676bc374bd3a10def81d1cdea9199f153611b4f5a7184c714ab3466c5bc4127665cc347f40726