Analysis
-
max time kernel
149s -
max time network
138s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
17-06-2024 01:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://u.to/lz6rIA
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
https://u.to/lz6rIA
Resource
win11-20240611-en
Behavioral task
behavioral3
Sample
https://u.to/lz6rIA
Resource
android-33-x64-arm64-20240611.1-en
Behavioral task
behavioral4
Sample
https://u.to/lz6rIA
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
https://u.to/lz6rIA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630627668630181" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 4732 chrome.exe 4732 chrome.exe 1936 chrome.exe 1936 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 4732 chrome.exe 4732 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe Token: SeShutdownPrivilege 4732 chrome.exe Token: SeCreatePagefilePrivilege 4732 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
chrome.exepid process 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe 4732 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4732 wrote to memory of 3680 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 3680 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 240 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 908 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 908 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe PID 4732 wrote to memory of 4800 4732 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u.to/lz6rIA1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4732 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff95a92ab58,0x7ff95a92ab68,0x7ff95a92ab782⤵PID:3680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:22⤵PID:240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:82⤵PID:908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:82⤵PID:4800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:12⤵PID:2096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:12⤵PID:4752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:82⤵PID:2544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:82⤵PID:4748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1936
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3568
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD510c4010f19e1eaad07035a3c4ea0eb2c
SHA16aa1f7b7cd4a9d4b9c2a2a98dd78c8f45bc2d948
SHA256e0f27b46e31fcd0150a35bb76755f2580c828c2fb48475bd1d21bcb51a55548b
SHA5125276ae35bd8d624a1012cbb144f256595c5c69cc62ab58fa4be99cec79daa3ebc0709dfa01019a5d3b732726594f342f17fa41ce4c801faf750e4618e6473822
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
2KB
MD517cc7f25e443cbd9f4bf2727c606be14
SHA1d0960884a1b482c8ef95de0cf06fed0dc8c3c279
SHA256340b9ff1fc57867e94126fd30903e2fff5178bdfdb3cffd709d8003dd6a8471f
SHA512312184f5c66d411fc09623a48fe442b6335773523f24a7bd092245e9da2eb7734801828d270fbe66e0f1fa068718a1894d5f0a948963518bbf5ba34ce4a0bf5b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
860B
MD55f3acb3b52397baf6b2cafadf46f0b87
SHA12ef9a497d8b71cda71a6784ab4645f19f5f7a11b
SHA25659b2e4cb6be820b96d9085e863b5b81a8bd65c3f671d6ff92144c17393b9d7f2
SHA51292d667b0ae0449c3f028d9b18529107fb73b97b88a25c47d01cffbc73d32d5719801057b4e08c4944fa7938c837d85c2851b4d36b6fe667dc62c38e3543dad66
-
Filesize
860B
MD54f212ac00aa566a6d268ed7ca527faa3
SHA1154303a222d0f7039371edeac105f0e099ea3032
SHA2566d91ed9a23e299eac15c371fb70fb419e00af442185c657c034581a2d3f6b919
SHA5127bfd02b402c7ed5f0d39dc4e3e9122d480e77bd9ba4dda0b1b3152aedfa0499904173f37c3936342b8693183b02294d60f43b1814dcf9b3f4b179e039c9e6a35
-
Filesize
860B
MD526e2e955833854df92d09268e998b415
SHA1bd83642874e325a78830675daf151d49ed0f5bcb
SHA256589225cabf4cf5b3b6fdfa39cf1f7cea2c627b9ff8e6e78ff3835fcf28d35692
SHA512792b9a5c7100a176ac1465cf97d6b419875918f347c63b79c388882f8c26c4ec92a6c397a60985cbd961c6dcfbe105cf7e900507c141704835225bd7b6f0f057
-
Filesize
860B
MD575270e77244769a6563f88c1a480cb2c
SHA167d777c1b8aaf26612bdadf2e6b104c0c1554ec5
SHA256c9bbd1f08e58ee7995f403b4e2a1bf795cf8a242bc25593122b56c4485af13b4
SHA512e0ae9eb8f06b91fb7c154be8f9a5075418e641f6ecdf7781c241f46bdc1c88d293b0f1992843ad594b12f351f4ad473b501c10eab045c66a9ade80bcdcbfab4c
-
Filesize
7KB
MD57b44312d97cab0cd5b7e7f99e2179528
SHA1677b15588c457fe968da8815c5d0c03ced0074e3
SHA2560bc6050f39ff645e8159e81cbd26aac0128b16d2b4bc3e0009c653980bc95a47
SHA51263e9c1e8a1ac81965a9243334f64b12970f02ba7e1506b167dbeaa171adee12e11909d7724b00c01400375a1144141fab479491f13038b46c101413179ae0fc4
-
Filesize
7KB
MD5a477e7021c2e12c34b74b9a53afff02a
SHA13434727d30b0f0e98c62b36d2f4967529f4e44f4
SHA256d2366801a9bad9a21a2b15aeba6c6f3908503b0dc3490d603041a96e3834c99d
SHA512413e23f78b4c352c49bec0b27fa2c73abcca64f8d6f2a00383fb73a8d88f840215f30006c6e85330580aa7abaa27698380fef4a8cfb9f3e582c416e31c8ed39d
-
Filesize
138KB
MD501f262842fc0344a96a06897bcffb6aa
SHA12ce367e19d80511e4125358db233cd34360e3532
SHA25685523222397d6ae828aaaf290b09ca9cd4f9ad3e1c9f675c2063d4040d9f14f7
SHA512210d19094ac3b97db40f698990eec786a2ce2afdb2e58b88bcffe220ff13e3e17937bad68e7fce07b8fc662470fa3c480d4afb994c12d352409106a9ee4f1509
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e