hxxp://45[.]207[.]168[.]170[:]7744/

Resubmissions

15-06-2024 16:28

240615-tyqrqaxbmb 1

15-06-2024 16:02

240615-tgvz4swfjf 1

15-06-2024 15:59

240615-tfeazazeqj 1

15-06-2024 15:48

240615-s85syswcpg 10

Analysis

max time kernel
1800s
max time network
1690s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
15-06-2024 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://45.207.168.170:7744/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629530784297445"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2676	chrome.exe
2676	chrome.exe
3724	chrome.exe
3724	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2676	chrome.exe
2676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 4116	2676	chrome.exe	74
PID 2676 wrote to memory of 4116	2676	chrome.exe	74
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 4436	2676	chrome.exe	76
PID 2676 wrote to memory of 484	2676	chrome.exe	77
PID 2676 wrote to memory of 484	2676	chrome.exe	77
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78
PID 2676 wrote to memory of 4828	2676	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://45.207.168.170:7744/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa5f7d9758,0x7ffa5f7d9768,0x7ffa5f7d9778
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1664,i,7052185163585740019,10418001481889170466,131072 /prefetch:2
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1664,i,7052185163585740019,10418001481889170466,131072 /prefetch:8
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1664,i,7052185163585740019,10418001481889170466,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2664 --field-trial-handle=1664,i,7052185163585740019,10418001481889170466,131072 /prefetch:1
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2672 --field-trial-handle=1664,i,7052185163585740019,10418001481889170466,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1664,i,7052185163585740019,10418001481889170466,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1664,i,7052185163585740019,10418001481889170466,131072 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2460 --field-trial-handle=1664,i,7052185163585740019,10418001481889170466,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3724

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
a1cee879b8ca124df26a5136f966dc26

SHA1
9f05bcf138512b1e1fd97aace7d300b2689b5389

SHA256
82025f8e3100f63a0a55ce267b173e5047d50f09bf851e3087a67610d868415e

SHA512
837b04dc422947e04de943663506c2163bd91fdbe6b9cbc88c9d7804abc4c30e151a0294189282df4023b8f17288ce45a0850060e833673c92d507e2d9cd0fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
691B

MD5
c982649f8514aae03445bcdd7919f137

SHA1
5bb986272df40855fcfb4c272c04ffadd944e333

SHA256
48c97f93ab0823e13fdace1b14bbae84e4e7ee099b78bad3e8d846f734433e9d

SHA512
bbcd69f53642b7d6a7b1301966ee799a9820fce1ca4c30d768284d7ae6a500c2a0fcdd9053e9df78b033f3677243bfd730c2c915b891fc67bad84a7dd2a704e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
9094f8916bc5f1ffa474e85aa1939558

SHA1
bc1b7ff07358c09d42cb1c7e4c8dcb53917c90e5

SHA256
04a14332a7c06a32fdf1b693b61d703a8c41df72133bb43e4dc1a75b08331a7c

SHA512
f0c3c3a5ce62836f2efc91af45021f4bc9a69490f3eb785c548b16ac37f353ac5e1597fa0dd15caed92c9828484d0235aabe53a55cf55585c35982ca49847778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
29343355714f54ca4d059aa96c202170

SHA1
00a223126ae0e5d56d0df1566f204302e62ec5e7

SHA256
7d3eb9077995c36499106113889c606835f968b95e00a0e2d0b812ae463889ee

SHA512
d346de5083eb38b35e6a6d216d8036b7be730b5032853d116d755d53541556fa0e408a7cc48b178e2959059f0aae1cde1bddeca10586c2464575c95806c1d708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
44912b8e1dc4404d076367cdaaa5b187

SHA1
aa43cb0e387c3412cd67acd3a2ea35d13f65275f

SHA256
1da32e9edaf0c6f9f4db789e4b0974f7ca1bcc0673b2a38c6680dcdff11b99ec

SHA512
c63044de9dead474dfe3d329b3bb6b4762a158f259a1af6f206a704e3d7024a4e90911fee320826e4352c3b1bc13b1b5a9c5cac6013a20752610a85298276f33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6810c6890d68ea236cfb2bfd2cc43f93

SHA1
04f5b26fd98ff20f171d86d393e7a3fac36b8272

SHA256
0d451af46b1ec0a11880531c3e7b8bf197e4c8a50f3de349623309da2fad3b45

SHA512
1ad8de2fb84a0773b3bc4ec690700a514e431bae673e2f80d5ff5c2853f987ea6e1990b7ba122047a4b63415aeb2dcc2ba389b743530b8d0fd6e2c18f6bd951c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f9940b160d7449d6bcbbba582f72a525

SHA1
a17b7803c70be7b9c9a4857d7c893ba687dbfaad

SHA256
a61a0010aa9d0e31428992cd66b2a63c2f2cbc681d50f7861fd52ca3aa65c6a1

SHA512
550bdfe9c95ed1b5b9f51ea27e75a1b1af456ff3372200aa62405493278911c08c24464b2d78f6b36750cc10377d58a8194cdcd61db042be07eb25ca15f330a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
827ec836f9fd6b70ae33ac820834a03a

SHA1
7ec3a8de7e8c130b69f756299261ac78c77dae98

SHA256
a0c618ce95993eb1d8733696d29045601b23050a7a477ba7a7584e97adf396ec

SHA512
c5458f2111aa2a51d17a12010bdc7e41acc13a6a693529289504ab23044676a9da8473aa1af3e5cb087cdbd9ffcee6241ff1f29d8edbfb2f1a4c8f1630815609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit