Analysis
-
max time kernel
299s -
max time network
300s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 16:14
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://qrco.de/bfAEoR
Resource
win10v2004-20240508-en
General
-
Target
https://qrco.de/bfAEoR
Malware Config
Signatures
-
Legitimate website abused for phishing 1 TTPs 5 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632872759078194" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 220 chrome.exe 220 chrome.exe 2356 chrome.exe 2356 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
chrome.exepid process 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe Token: SeShutdownPrivilege 220 chrome.exe Token: SeCreatePagefilePrivilege 220 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe 220 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 220 wrote to memory of 604 220 chrome.exe chrome.exe PID 220 wrote to memory of 604 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 380 220 chrome.exe chrome.exe PID 220 wrote to memory of 2016 220 chrome.exe chrome.exe PID 220 wrote to memory of 2016 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe PID 220 wrote to memory of 1924 220 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://qrco.de/bfAEoR1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9272bab58,0x7ff9272bab68,0x7ff9272bab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1892,i,6020104104735047953,18166731405226299761,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1892,i,6020104104735047953,18166731405226299761,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1892,i,6020104104735047953,18166731405226299761,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1892,i,6020104104735047953,18166731405226299761,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1892,i,6020104104735047953,18166731405226299761,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1892,i,6020104104735047953,18166731405226299761,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1892,i,6020104104735047953,18166731405226299761,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4684 --field-trial-handle=1892,i,6020104104735047953,18166731405226299761,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4104 --field-trial-handle=1892,i,6020104104735047953,18166731405226299761,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4608 --field-trial-handle=1892,i,6020104104735047953,18166731405226299761,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1828 --field-trial-handle=1892,i,6020104104735047953,18166731405226299761,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4384 --field-trial-handle=1892,i,6020104104735047953,18166731405226299761,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4036 --field-trial-handle=1892,i,6020104104735047953,18166731405226299761,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5c53ac944275ca26a3a49366e2a1f004e
SHA16c4380232a4d3a6772d27ea65e340337e2d8ef41
SHA256e313ad9f15cfbcfa6da8a40a5fbea3a395da528f6299e53a5cd3acc6fb0b7b40
SHA512c36a73f7ecaa17625debfa42cd020aa9525d46ff36796a7d8a137b577bfaf13d6d4029cd43536f8cb6ee744d08f506e8bef4ef6f210f2197fdcd6afc041bd5fd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
255KB
MD58f9a3b4fa22a7a7833c562cc9f7a50d6
SHA18cb01f49e0a7d9d2c41e4cdc0a1281ef4b071b7b
SHA256ddebc300ba56c72630a45fd00969f06da83244f945c01f9b703b8a1e83f99cb4
SHA512e54bd261e3f6526d1223f4276920ec804189cc1c435a86db52f780e1de0b1ffb253e0e3dee94c22bfeaa7600f967a5f020d8bade6693a00f70b5e3b7c9ae8630
-
\??\pipe\crashpad_220_MTKFTKNUOISVTISGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e