Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://crypto-o.click/16SZED was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:26
Reported
2024-06-13 09:31
Platform
win10-20240611-en
Max time kernel
300s
Max time network
295s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627444071085768" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://crypto-o.click/16SZED
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc6ba29758,0x7ffc6ba29768,0x7ffc6ba29778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4712 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4752 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3760 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4464 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4460 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3156 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5212 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5236 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4472 --field-trial-handle=1796,i,9651512842554363101,14040523134443153730,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | crypto-o.click | udp |
| US | 52.173.151.229:443 | crypto-o.click | tcp |
| US | 8.8.8.8:53 | grabify.world | udp |
| US | 172.67.161.186:443 | grabify.world | tcp |
| US | 8.8.8.8:53 | 229.151.173.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | grabify.link | udp |
| US | 104.26.9.202:443 | grabify.link | tcp |
| US | 8.8.8.8:53 | 186.161.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| US | 104.26.9.202:443 | grabify.link | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 202.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.197.17.2.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4448_OIYADJNFYDUDFVIJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 88d0dc133fa0622f6cc5f35aca1ec47b |
| SHA1 | bd44f7e49a07eabb52d6e4d68a2036a0c3ed6f94 |
| SHA256 | 6abc6bae2f1269e8b890a1ca26f792e9a48f412a5695ed027f0cd74358d60d23 |
| SHA512 | e00fc929d18966b73ba7bb5aca4ed745dcee5d68dd9242c2c86631fa9eda9af9ddf4c8d81cb9594c0825febd0503cc3f613927383be0276ec7f09f07dbcfb603 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9d6016fd732a18c748fef5c418f9f6f9 |
| SHA1 | dc3ec1767df0f72d230c350ddc58052d89bdb30a |
| SHA256 | bee8a663006486580ac793ac62ff8aa1b77b49f02eed273a19726cc8b99ab024 |
| SHA512 | 2937838e2d690003559d987ad2f915dcca9c93a784c56c98553b8cdf37f88356e926928b586ac7ff928bb21db8de295f9f0b3ba0d65598d9b401a48d22cf0042 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bdf4ea2ac007518d17dfc4dec209962d |
| SHA1 | ae1da87e12d17a49d1e101607de0b349885d73df |
| SHA256 | 77965519290079f29b6cc097c5d68b5d654d84935596ccd32e14f6108ec42084 |
| SHA512 | d96a718c35a8cee02671fcc29cb139435c06548e8b7c42fe85c099d1934a76f11d2300e1de46b92e94589f7333bf06ee724d4050ea34e682e37e9aae4125a9a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d8509c11-e8b4-418d-8d3e-a99055817ef1.tmp
| MD5 | 784836fe5e73a7c28812fb2c81a000a7 |
| SHA1 | 5bba11b8a787e788cb4bca4a8d45f9d7daa27a8b |
| SHA256 | 144278051dd6e90a16cdc9608510d0adb26f240e5e80e806179601755492fa1b |
| SHA512 | 8ccb5436f6369e839a9205ca64eab98de373d5e5773eb6159c3e49ca26307e2f3169da3b4a9eee759519f4a629b10b96decbd19f32ef8b50ce8ab892f143660f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3d1331f6-51c5-42bc-a59f-e5b8be9ca1fa.tmp
| MD5 | 9d906214e7339483e9be67d147a03503 |
| SHA1 | 32a47f1198a4d98b5c6b9acfc17d8a78f5b12ce0 |
| SHA256 | f478e5c8befacc48cf01d48efe5ee17968194e4ee36f6bdd7458609651149e8a |
| SHA512 | 6f301bc6e95b905cb478b5e9f31320c13851444e4f22f2639c9dea3e786121143bc310f75a051450f7068e1c53d0960e820961156380ecabe4134d9da469077b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 95ece14b7fb32eb80b9fa1b621e44689 |
| SHA1 | 37a7b7f0bf97764453ff54ceeb28e1106f1a55f2 |
| SHA256 | 8f7efb75392197a37046be2cbc5f988d54289b877b934215a3cddfb013c1f9c7 |
| SHA512 | dceee1fe1e3cb69e999548bd8fe6ed5dc86a7f303f21d2e80180b13b60fe2722ca3ce43e303c279802d39364ae01e73acd15164c5223316d5301b57503f2814c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7726b3c74446c57a0833ef4e8769095d |
| SHA1 | 07208e7a97dc3d66e4d47ab7ddb9a55c59230eb8 |
| SHA256 | 021f4aa54a8af504d2e3345a1dc63195945e5cea1eac3eda73ee8f342298333f |
| SHA512 | 369f1ef0755663312de38776c63550d8501602a22dcf656eb8ffc1b59e5a1a9c694d86344e37e1a2d130bb533d86bb13d8ef7a493b9ece275e60eee282aa60a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f028501d21daccdc51236c8d35f3d2ae |
| SHA1 | f311f76b7e983d0899956b578e4e510e83a72117 |
| SHA256 | 5812288561944c9161e8fcce3cfce396431e2b3926ae2c53b01f7c2fb79c4f9d |
| SHA512 | 6ed39417b2e87a90f61419c701b99c39d8ccd5e55323ab8ebbd5165acb985e60a6031744d2f66e8d68ad91c7d6a5278acbbf711f4f632e733815a65a8233c870 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1b166a5543048d59e9b14c93f7eeb12e |
| SHA1 | f1291b69bd247e72ad558ca8c5e7921037bb5efd |
| SHA256 | 4f809e3d004d2233c83e0bd1fdba22b27f1c41e6d98adb3acfa7cfad02199c77 |
| SHA512 | 0ad2cb07594708231039cf7f6e845c2d858a0bd5a3f64899033c4fb9d95732e1270f071ae4cb60ed89aa6b9c94fd317dc74459627e960a61caf6232be6b46dc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 26d8bb3d4d60817b3628c04eddca3b0f |
| SHA1 | a5243c03d02f3b7487bee9f349384568ea753b00 |
| SHA256 | f8b2dc972b3bbbc9992bc2d61bba97c65cd523f4ef3d8f66b1f2857857653809 |
| SHA512 | 09136b2ce807ad3d699397040ac79a6ccb819b522faf9283fa13a17d5b07daa825b501362cd24f9ad8dd9931abaff1cbf19407917aaf092d60a3d7ad941f3a85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e7d4240d1c7969e260e34a92d0d5b47f |
| SHA1 | fcbae461e2ad3b99f34839bab36815d50ffb201a |
| SHA256 | e4dcc4404e8b0a1cdf76649860e052a7f5d3b36e86199b6033fa376f49f59272 |
| SHA512 | 5b52d3c10b5a5511cbcdd9b39a7be69ecfd9697a99081982883de9c40a6dae22beab455deb7742e6b4e6f800ae7a6e6c3dda9c591363428861a595ff64687d62 |