Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 07:33
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://beonlineboo.com
Resource
win10v2004-20240508-en
General
-
Target
https://beonlineboo.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627376178582345" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3920 chrome.exe 3920 chrome.exe 1756 chrome.exe 1756 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe Token: SeShutdownPrivilege 3920 chrome.exe Token: SeCreatePagefilePrivilege 3920 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe 3920 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3920 wrote to memory of 1500 3920 chrome.exe 82 PID 3920 wrote to memory of 1500 3920 chrome.exe 82 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 3960 3920 chrome.exe 83 PID 3920 wrote to memory of 2092 3920 chrome.exe 84 PID 3920 wrote to memory of 2092 3920 chrome.exe 84 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85 PID 3920 wrote to memory of 4052 3920 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://beonlineboo.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3920 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffcce98ab58,0x7ffcce98ab68,0x7ffcce98ab782⤵PID:1500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1888,i,623821145828051046,14251239956995697478,131072 /prefetch:22⤵PID:3960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1888,i,623821145828051046,14251239956995697478,131072 /prefetch:82⤵PID:2092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1888,i,623821145828051046,14251239956995697478,131072 /prefetch:82⤵PID:4052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1888,i,623821145828051046,14251239956995697478,131072 /prefetch:12⤵PID:664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1888,i,623821145828051046,14251239956995697478,131072 /prefetch:12⤵PID:4452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1888,i,623821145828051046,14251239956995697478,131072 /prefetch:82⤵PID:4436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1888,i,623821145828051046,14251239956995697478,131072 /prefetch:82⤵PID:1272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5036 --field-trial-handle=1888,i,623821145828051046,14251239956995697478,131072 /prefetch:12⤵PID:2736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4156 --field-trial-handle=1888,i,623821145828051046,14251239956995697478,131072 /prefetch:12⤵PID:1856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4996 --field-trial-handle=1888,i,623821145828051046,14251239956995697478,131072 /prefetch:12⤵PID:2360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2516 --field-trial-handle=1888,i,623821145828051046,14251239956995697478,131072 /prefetch:12⤵PID:4872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2980 --field-trial-handle=1888,i,623821145828051046,14251239956995697478,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1700 --field-trial-handle=1888,i,623821145828051046,14251239956995697478,131072 /prefetch:12⤵PID:1052
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3448
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD587cb9d07951afeea92d47a73d7fcb6e9
SHA1c3ea1c742c1d2a94f43f8625e3de26be437a5269
SHA256a326ef3e61faadf29fc8d42156c884a2283c5892bb01c1eae949b9c1ec9ba6ba
SHA512e1c26c17549b7c1dbb0fd824ad3f79746e12118eecbc9315e3f3121f8649cbc39f3f714d0063cf1abf0e1ab1072aecaa9101587fa1d5cfcecadb26da476d5594
-
Filesize
129KB
MD5dfe3c3174fe7b06a33c6caad4b647f9a
SHA11b4108ee065b6f5bf9028a764c9a3860d114e824
SHA256b64ee1719fcde91f0e85b30181fbe8b86599ceb7f46e4f29de34064c433b3c07
SHA5122157bf745460a9bf48c5006cda08c4e38bdc742cf5a4a20ca7f3fe27964b3f59427c513dd7f96fadc0339be8665030ea7a5306c84e1cdb514377e66aef05dea6