hxxp://windows[.]com

General

Target

http://windows.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

220 chrome.exe
220 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

220 chrome.exe
220 chrome.exe
220 chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 220 wrote to memory of 224	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 224	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3848	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 980	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 980	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe
PID 220 wrote to memory of 3408	220	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://windows.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8ca719758,0x7ff8ca719768,0x7ff8ca719778
2⤵
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1848,i,1411620737471739784,8323032844249050515,131072 /prefetch:2
2⤵
PID:3848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1848,i,1411620737471739784,8323032844249050515,131072 /prefetch:8
2⤵
PID:980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1900 --field-trial-handle=1848,i,1411620737471739784,8323032844249050515,131072 /prefetch:8
2⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2648 --field-trial-handle=1848,i,1411620737471739784,8323032844249050515,131072 /prefetch:1
2⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2656 --field-trial-handle=1848,i,1411620737471739784,8323032844249050515,131072 /prefetch:1
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1848,i,1411620737471739784,8323032844249050515,131072 /prefetch:1
2⤵
PID:1520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:748

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
c2b5449f920419ee18ecdcd87ee88967

SHA1
e0fdedd0e37950425dcdf11c7b78f50c5a4cdf7b

SHA256
73b90cab82468ed4ffa0dd2524a05dcf00366b9e0b35bd9e6f2967ca8132df76

SHA512
48a1396bf9056671e493b8bec583cd64bdb865e12ffa4df3dfc7a475d375c1516cbd18942bcda5eadff28968f7f99ccb0ec0557cac9123dc7d886765deeb45f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
792B

MD5
98415321a4b1243f44628a66d4f0878c

SHA1
c3e693e74c5139438b7201103fb91f3cb56d3a61

SHA256
f8eef793720a1b953087cb7a9d5a271adc0bbce125c71c72753cbedd6a143eb9

SHA512
e392303bb49cb633b6462bc83525c01900641ae30e2cdf10436544bad412651856a140ce9e87618a0931a887b8aed0c4317e39a924802ba9b5f8d20fd664f2b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
33bfb22f32a6f31433b4e7a1b3680cb1

SHA1
ba9356d022af13974defc0a36c9b308c7a2e5e82

SHA256
0307bb0dfb4c92ad897eae8efacd8b8e729811161dbd98c2296f05337e2e41dd

SHA512
c5e3d004e69f42574ebc0219d72d88d9e0989f2117697dfd2a38efdf70f33dd3bb9b3bca6da66b24e6ce24f134c6761fbab5a793f8fc6d8ddff0aa9ebefd81d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
99b76cb6d663dd2bc9fafcf3756ff248

SHA1
c7a68c3e70a3a49c31874f520878286ce32e2a99

SHA256
fa2f194113c754227644a5f324c0bc5e84d7ef8b3ce8a2b2fb8195b03b59ea7f

SHA512
d53580cc7326f4cb60c9c4a3613a15884ca8b026867aeb1820ab70ee0925f3c64636ec5d04e3b324046225e62fa41f840054dc4cdae938ad46c47ea963ca757d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
7c14a55c88ec239ce6f088e624a84241

SHA1
f1da6a27e6fa2f0b1dadc0c204c92189a6f034ee

SHA256
22b7288d5b2f5ab4f4f7e8014b71905a649d92cef2beb0a49ce2ffe0917c8b6b

SHA512
a707f1be362963a259f2c4e6bd73224a1e819d88fdc77ec56a2aa53f2fda54054ef1978e6a0e7c6288d3e2d32502c6d06052343fbb1a4d9a1b579428708e645f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\??\pipe\crashpad_220_WXSIKJGVRTRDMYAB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads