Analysis
-
max time kernel
149s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 19:34
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://pub-9aa7299ae7e74bbe8783619074142fcb.r2.dev/pub-a1errg8uu83ghh883cnw.html
Resource
win10v2004-20240611-en
General
-
Target
https://pub-9aa7299ae7e74bbe8783619074142fcb.r2.dev/pub-a1errg8uu83ghh883cnw.html
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632128946234574" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 4192 chrome.exe 4192 chrome.exe 2544 chrome.exe 2544 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 4192 chrome.exe 4192 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe Token: SeShutdownPrivilege 4192 chrome.exe Token: SeCreatePagefilePrivilege 4192 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe 4192 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4192 wrote to memory of 3416 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 3416 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2932 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2656 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 2656 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe PID 4192 wrote to memory of 220 4192 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub-9aa7299ae7e74bbe8783619074142fcb.r2.dev/pub-a1errg8uu83ghh883cnw.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7057ab58,0x7ffa7057ab68,0x7ffa7057ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1860,i,1759236879050216992,5750289398827667248,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1860,i,1759236879050216992,5750289398827667248,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1860,i,1759236879050216992,5750289398827667248,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1860,i,1759236879050216992,5750289398827667248,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1860,i,1759236879050216992,5750289398827667248,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1860,i,1759236879050216992,5750289398827667248,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1860,i,1759236879050216992,5750289398827667248,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1860,i,1759236879050216992,5750289398827667248,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD55368388efea7425eada11859155c41b8
SHA153f5b5950ff224e85bcedf5b39174dbd85ac8e22
SHA256aa79dd857ea134eedd6a3421d13a536b9154896f0b9451150a3a98ed0a1cf4b6
SHA51206490e2c193d14cc06fca4b37596579bb2261a64bdf02e963128150da8c11edfb185a9079910e671fe0470aeaf378762dc18bd0c098da92819391e0b814dde2a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD582ea382df623925ede5cb08eda6c7aa3
SHA171cf98597f83685243cbbc13a7823dd4fd9b22b5
SHA256416e0a2fbef13597cf4f1db57d5ccd184c018eeb021b956330a5d28280ce21cf
SHA512fd57997b001049a4912c0d572186dc0c5b49432de2ede5225441c9256731bde660f411b0b46ced808009be44d799595c95039e3c41a6605201f695ee2a8d78b0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
524B
MD571f5ac167a7093384aefc12ff6ec2df7
SHA1121372c7643616b608a2a5ac513e36d0c56d2046
SHA25698be3a7018190672d5390a1c52432135b199bb60f5bb1f9cadf4ddc6177d896e
SHA5122117d24e64fbb5c67376073160c290d4f04aaf16a3e932f35589f4cb4baebbe9ddc6df9676bc2e7ecb209838eef2006f6c2843ef8e67531d2307446df42e50f0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5d2b30674696fb23536770b5d40b96c56
SHA1096812881e9c0a3021794f3a0c3fe9a030f46b1f
SHA256836160840ff65971aa181d6490496934d07930208b02ec4155ed392cf4571045
SHA51232d2d0bc6fb900653ac5c5e1172bae47b145f3bb026adba31cdc9c4b6c962ebfb7bf472bd3b1caa6327b7fd378d39a81778f2edee150c0268e37596ddda85d29
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
138KB
MD5ab37f93e8a4deda0df8a63cd027f3c85
SHA167f0fb0028012c457e2bb9fea7d3f5e3d5a85380
SHA256f5b199fe039f9af7f0208eefc37f13aff4eedf3ee3ed94ed6632a2ae63ab315a
SHA51243b35352d4b034c0997ab8d72ec455bda4f53515e52ba1cb8f36d47e7afe7e30797168203ccd1f895e0cd91261d793e1d3ba3f1e896a58c1298fff6a7570c8f9
-
\??\pipe\crashpad_4192_DZVGNQINETJUVBHPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e