Analysis
-
max time kernel
149s -
max time network
139s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
14-06-2024 15:36
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://hidrive.ionos.com/
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://hidrive.ionos.com/
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
https://hidrive.ionos.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628530075985959" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 308 chrome.exe 308 chrome.exe 2364 chrome.exe 2364 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 308 chrome.exe 308 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe Token: SeShutdownPrivilege 308 chrome.exe Token: SeCreatePagefilePrivilege 308 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe 308 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 308 wrote to memory of 212 308 chrome.exe chrome.exe PID 308 wrote to memory of 212 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3620 308 chrome.exe chrome.exe PID 308 wrote to memory of 3524 308 chrome.exe chrome.exe PID 308 wrote to memory of 3524 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe PID 308 wrote to memory of 4348 308 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hidrive.ionos.com/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:308 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff86f5e9758,0x7ff86f5e9768,0x7ff86f5e97782⤵PID:212
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:22⤵PID:3620
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:82⤵PID:3524
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:82⤵PID:4348
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:12⤵PID:1872
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:12⤵PID:928
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:82⤵PID:4308
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:82⤵PID:4284
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2572 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2364
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:880
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
312B
MD52f1f8a59db75a1a448b33bc132d65fa3
SHA10ae55b11d10d01cefa329a51ed187811d6fdcdb4
SHA256330037352c9496806de3cec5f8c838c6873ed0dc9918edd65276abc1cc6b1f61
SHA512f8dd67b8c85bdc78c4509d513bd170298cf95cc514eecb8e36bc7b535fbb0577e08de989addb1bdf093fb06be2b64ff7e5128b5a4053060b41b98d3e234be66e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
762B
MD53e663edd81c30cb4b266b77fa82716c8
SHA1551769e6040ec8ccfee60626d8d8fa58215411ce
SHA2564af0ef74b171ba1f457523059e05a4d0618fbba1416794c574f1e66483ae6360
SHA5124cdab6afaf1cfb8399902df50145bbaba01445eafe86ee1dcf53af2678331a0280a0bdbe4eb38b3ba3f8135c5da3795d01232833324037102c8a115365158a6b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
538B
MD558e13d3d585c2600027b144e1c90f782
SHA179e95ed9e42fad2af1ee967995578fa765f55360
SHA2565dcaf2245edf4c462aaafd7234d3a1d0ab7d559c2a416713322ba2c2c0c63551
SHA512cd87a969a8a8ccff9a7e8b007deaab1d74b53ae4b9db9aaa0cbdc89fbfbe9988fcbda0943b22dff8b32b61bee99f58f646e99c093c22877ccbe03bb465ee402f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5ceab73e80cdd06dc38e9f99884ec37f9
SHA14247352a090326be01ca56f72f56a61dff19bc2a
SHA256dbe173e92e12984ba4810a8c9c4c7b1fe1c09f7ead46d4e0d3c2bb18b4a3d5e9
SHA512165cec4fa7bafef296715b51aee527cb059ea015795f64665b8939a9eb34edd76c28c86c1518c5e56514ebf5cb7f904b5786f1a68c8c322e0fd2c6c3f37ab7f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD549380d555e14a2070468c81adf90fcea
SHA180003af452e10fbfbd51d65846f316acd9c22b26
SHA25637c6cfe50fac0147dd71e936aac0e17403cd9dd4cc7344b0a80d52b1e32d0ac3
SHA512ba89198d907c56c5fe8bb459dadc963980314a702b1f325775fbd118b210011d13929d91e411a5f85295226b108015c2c41987e96de6b6b2ae7daabf3caf0d1d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d9d74807-a4b8-4891-97dd-bc90fbbe5d44.tmpFilesize
6KB
MD56506841506d8a7a4d3a9d121c30b4756
SHA1f0f5f3ce773b2998f287470d7f72cdaf9610542c
SHA2569ca98da0566bf50f840463efc063e95bdf9a7b0ff765767f8f7b46fcd0b590be
SHA512dd91e078564668a6f72dbf3a5b698eb6133b7ac604fe67c658ef4411ed154f6e646e780a131ab30b6748e65bc60a9413ee681d3c51a2d6ab3a10dd93041e6e24
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD5a192d07c464c65ee8fdd5a0517ba7dcc
SHA18e7566f6ccdd61197588364271be9cb289f0b4f8
SHA25672843162ff3fb4c97a0e89ad38ccb3ca6a754f9e04d698cf51b0b4e57f70e816
SHA512042b7d3924938b9c45e3d55341e26c0259c60c1ec6550ab6b5c55552572e8f6359507a1b1c52ab2e074afd01ac1b03a860dcf75b5242edf4c1138d58cdb58013
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
\??\pipe\crashpad_308_LKPOLXTZIBKFDHJYMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e