hxxps://electricaltransformationalmagneticmachine[.]customerfinancialservices16sherwin[.]icu

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 06:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://electricaltransformationalmagneticmachine.customerfinancialservices16sherwin.icu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627340249780836"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
2240	chrome.exe
2240	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 2284	4188	chrome.exe	90
PID 4188 wrote to memory of 2284	4188	chrome.exe	90
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 1212	4188	chrome.exe	92
PID 4188 wrote to memory of 2412	4188	chrome.exe	93
PID 4188 wrote to memory of 2412	4188	chrome.exe	93
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94
PID 4188 wrote to memory of 2180	4188	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://electricaltransformationalmagneticmachine.customerfinancialservices16sherwin.icu
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a21cab58,0x7ff9a21cab68,0x7ff9a21cab78
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1908,i,6605442886402091041,3675263485286925717,131072 /prefetch:2
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1908,i,6605442886402091041,3675263485286925717,131072 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1908,i,6605442886402091041,3675263485286925717,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1908,i,6605442886402091041,3675263485286925717,131072 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1908,i,6605442886402091041,3675263485286925717,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=1908,i,6605442886402091041,3675263485286925717,131072 /prefetch:8
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1908,i,6605442886402091041,3675263485286925717,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4528 --field-trial-handle=1908,i,6605442886402091041,3675263485286925717,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3192 --field-trial-handle=1908,i,6605442886402091041,3675263485286925717,131072 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4576 --field-trial-handle=1908,i,6605442886402091041,3675263485286925717,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1540 --field-trial-handle=1908,i,6605442886402091041,3675263485286925717,131072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4684 --field-trial-handle=1908,i,6605442886402091041,3675263485286925717,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2900 --field-trial-handle=1908,i,6605442886402091041,3675263485286925717,131072 /prefetch:1
  2⤵
  PID:2344

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1288,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8
1⤵
PID:3188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
533968d52e8db34f222d6eb09a271f63

SHA1
0da76d88079842f9ee3aa465b59ebe59f1b61f13

SHA256
4aadbeb6765b621019078a1ab499b40fa05006b476c93925947fd871e3b3e9da

SHA512
86420ba036e8c4c6c5bebc19034e22489910861f9698ba53bfd95cc2e2ee6cca54ed4e433f23aa4b3d133abf1f1d6d7655f816e26df358fa9b3bc9dbc2405261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1501e52fdf6c367d5addec6525e3c940

SHA1
e180d420eb2a6afbf4791ad10d60bc15e560aba8

SHA256
d24da2157d82211fda62e1ae77fe8da3688f4af0c2bc876e482589890e870349

SHA512
97ffa199d912ce1c3fdbc0f72c8461221d47e584b6977d4735b94a34e7fef6fad204181d32415c76709d34a6dac5c4c4cac8471228a8ada83545e9858fec5bfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
33ea2cefe2bf5cd83dbace1bf965149f

SHA1
573e2ecc791e0cec785226e55ff66a0e881e9e37

SHA256
2ead23442df2d1f57c79bfc434c1accf18692d8c559c9aaf2f55682924fbaaeb

SHA512
8c110cfe941c7ac8242f3f4d582b2aa79bbf23d05f09f27cdab1f851f50f909fcb0c0c4f4f9ed973024c0de8afaed07a34ed70b5968c60d9131900aa9120498f

Download Submit