Analysis
-
max time kernel
149s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 17:40
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://rbq.hello-jury.com/
Resource
win10v2004-20240611-en
General
-
Target
https://rbq.hello-jury.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627740337197139" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 3768 chrome.exe 3768 chrome.exe 764 chrome.exe 764 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 3768 chrome.exe 3768 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe Token: SeShutdownPrivilege 3768 chrome.exe Token: SeCreatePagefilePrivilege 3768 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe 3768 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3768 wrote to memory of 1108 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 1108 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 232 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 2396 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 2396 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe PID 3768 wrote to memory of 896 3768 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://rbq.hello-jury.com/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3768 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80afcab58,0x7ff80afcab68,0x7ff80afcab782⤵PID:1108
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1908,i,14195578679474467533,3690641175531600385,131072 /prefetch:22⤵PID:232
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1908,i,14195578679474467533,3690641175531600385,131072 /prefetch:82⤵PID:2396
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2076 --field-trial-handle=1908,i,14195578679474467533,3690641175531600385,131072 /prefetch:82⤵PID:896
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1908,i,14195578679474467533,3690641175531600385,131072 /prefetch:12⤵PID:392
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1908,i,14195578679474467533,3690641175531600385,131072 /prefetch:12⤵PID:4684
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1908,i,14195578679474467533,3690641175531600385,131072 /prefetch:82⤵PID:1576
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1908,i,14195578679474467533,3690641175531600385,131072 /prefetch:82⤵PID:4272
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2380 --field-trial-handle=1908,i,14195578679474467533,3690641175531600385,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:764
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1768
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264B
MD5e27a9be0dccfc75fed30c0612a39dc0e
SHA11421ba5ccea73933f15b8d58181abf5ec5f6c51e
SHA256aefae83a20983adc0c5bfa49a875f5951e58a390c21abc3260503d396f7ac819
SHA5120066f0fe2aae23ca3f2be7a90161354feaf0b57ba9f07ddb506c1f9b84d9bb16aa7b8c9af135860695cc651fe238e2a741d95b0034cafbc8fabe4a700ad3fefb
-
Filesize
1KB
MD51bae7dc56d03665ccddeb358cf9a3624
SHA16a49f94097e23a48e1759df895b47322e402e22f
SHA256ce2ddeb70798d7883d703045d77c76410b1f191c02892c407e8d43b0395ec15a
SHA51233fe8ed6cbddf4b1765beae4dd5a8e3e3d6d2fedf802b74568b25d249caf67cbaf8e44a826185ce1a5b639725537f7c5b861e00825a139ed5a282f0376bad345
-
Filesize
1KB
MD5693a75adeb92a83935ebd63bea5a1de8
SHA14b86c713c67427f8b1363cce9b052411e746f17f
SHA25615f0d4cc695c161d97955a544915bc3ee848a1d067bf8f5936af31a7894165bf
SHA5126152fa92cb2f3ec4847215f6e7d079c3b86974799d14eeb1427f76683612adf882321f316e028691765e1b4c1701ae41afa3f62683f85589164436cc242629a8
-
Filesize
1KB
MD5f7b689147e5a0c3761a41f1a16f7f2a6
SHA1dd7e22b9a61a3e00d357dc1abd325311077b2f64
SHA25646d2a5f7fc1ff6ec73d46badba589ffce4e21deccc24e2f48233024f6b316ce1
SHA51252537e19df956de1476b2eecd5fc566a612e8db2983a69ac854a9363163ea77902d3b894448aaba199d53cd44d4991d5b889d1c765c6f0d560aeb2da103c3da5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD598016de60cbf4d02b09993cda3e04a77
SHA1bdf256ea529e11771109ed3f0c41a1236b2d581e
SHA256ed581427b4460ad5e8d9dd1c20359546eb52e0ac67d9044f95ee78a667da2a33
SHA512c7b8f88796b9c764a5178fda1569206fb723ff18f06bdd2f3486fbdde7e462034e79f09e8b5b54dceb5d4623c018bcc69edce794f64c3207aceb15c7a27bd6e1
-
Filesize
7KB
MD542f81b4ddb3d6046dcec04e7f64328f1
SHA1d4dfb0df93863733690e666cfff4d73ef9e9b9e7
SHA2564475a63e1c737b8c8a172d4bc077ee832fe7f71d9d4d62a0fe43e20c72cd13b6
SHA512c68143d1ba15faa0d1fcf268d3d40e5b3e010f403bd79bf9842d7dfa0365e6e36425f12d1aff39842e5e36226c86c7ba1a7c969ed5d02f8fa7795b7462a737ba
-
Filesize
7KB
MD5c9ff525d189ffda4b04981642421c853
SHA185b93a9ffd700e41969309f3c55a2b0aaa3e1cae
SHA256a24a72342140eea6447f2ab4ec3bbd70655aed26b6c6d13f8a23174c8730a7f6
SHA51292d2aeb82b76da331b41234005ce90cc2837d77f07227f27aacd8d6aef203231babda437c6dec7b8a32f1470b3e1909af4b1341eac4ec8634091cad2c396ab47
-
Filesize
138KB
MD505fa1f10e407bffbde4332817f1d5687
SHA1dcd2b019bb06240519048e4ba1b7a45349ec8e7d
SHA2562a1e560eadefdfb6afda8f3751723bf6729fd15453592614f8048709f806d620
SHA512ba7a14bf6d2800cbef3a311e2ec9dff8dc560fb2586d75559aa7779ad45a0aecc58e31fa7c5aa747ed412f82e82ec583885b94acf96f927bd6c1ccf09a156022
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e