Analysis

  • max time kernel
    47s
  • max time network
    47s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-06-2024 16:24

General

  • Target

    https://qrco.de/bfAEoR

Score
6/10

Malware Config

Signatures

  • Legitimate website abused for phishing 1 TTPs 3 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://qrco.de/bfAEoR
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4511ab58,0x7ffc4511ab68,0x7ffc4511ab78
      2⤵
        PID:4576
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:2
        2⤵
          PID:656
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:8
          2⤵
            PID:3604
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:8
            2⤵
              PID:3608
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:1
              2⤵
                PID:3480
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:1
                2⤵
                  PID:2464
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:8
                  2⤵
                    PID:2204
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:8
                    2⤵
                      PID:3896
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4568 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:1
                      2⤵
                        PID:1596
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3380 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:1
                        2⤵
                          PID:1344
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:8
                          2⤵
                            PID:4444
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:8
                            2⤵
                              PID:3596
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3020 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:8
                              2⤵
                                PID:4800
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4568 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:1
                                2⤵
                                  PID:2572
                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                1⤵
                                  PID:2224

                                Network

                                MITRE ATT&CK Matrix ATT&CK v13

                                Initial Access

                                Phishing

                                1
                                T1566

                                Discovery

                                Query Registry

                                1
                                T1012

                                System Information Discovery

                                1
                                T1082

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\957f59b2-987b-4410-9635-bb2c674b39db.tmp
                                  Filesize

                                  91KB

                                  MD5

                                  8684fd14993dc9288645e8eec8c66caa

                                  SHA1

                                  0b4c69a3fbf21fa2dadb25c605b6f69920f57dc9

                                  SHA256

                                  d7a9a2472270292d5457f091c2c9ee6398c468193c8b6c6aeb9e5331ad029f24

                                  SHA512

                                  d400ec959aa07f65ca553ed7e92e4d4ee5607cfb41002c3d680482806cc2ee4b0124032743c636ec4468415bddf1534a073df578095e93e67e55001f5f80ad39

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                  Filesize

                                  2B

                                  MD5

                                  d751713988987e9331980363e24189ce

                                  SHA1

                                  97d170e1550eee4afc0af065b78cda302a97674c

                                  SHA256

                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                  SHA512

                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                  Filesize

                                  7KB

                                  MD5

                                  d3554ce36c9d52c1bae318a5a733445c

                                  SHA1

                                  f7a4dfafe22bd63d1ff014cf546407c5ef84c8cc

                                  SHA256

                                  dc52c39509c9d80ab86749cd23332b1ce90380072d384dabe534b301e6c31489

                                  SHA512

                                  a2f6d3d28182b7adf357a55384cace2acb50a0b950acb984225bb20fe393405802243d04acd80b1f6771794baefa5a5158f405bcaa25d14c8acbabdd48bb2d93

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                  Filesize

                                  257KB

                                  MD5

                                  c5d2a2f85aca03b1079b223658f15fa7

                                  SHA1

                                  3def7ea339240cf2309e89351b48a659b525fd41

                                  SHA256

                                  38867830910921d38a6860061a93aa49b4644ee5edae93d82d2c4f5d6336a416

                                  SHA512

                                  f750fd571eba3f4ca2fb922abfd8e8be013b7a36cd8d10ee8424c4a1fac953913a383ddecad6e41c6dc49c578f1d60e4e39571b4598f092a84f0af40e3c23218

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                  Filesize

                                  257KB

                                  MD5

                                  0d85605f3e20f4f64ce1b8795e5a8df8

                                  SHA1

                                  779f88bbf8c6a5a22b2c897514db01c6a3b9a7cb

                                  SHA256

                                  f6a4d62c21cdbf61819439408a9e951e179adb827116e82126d0170a9489e7c8

                                  SHA512

                                  c96ec8e83be28449cee519df8ebb41deaa9306dbec3c9b809c23cf450f0c145fda12da3b065439ce2457fe461f80e3bc77c0a8a561727b6e9e5d766be3261339

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e232.TMP
                                  Filesize

                                  88KB

                                  MD5

                                  648b2ee76f79dbb72cb6fbb335a55a62

                                  SHA1

                                  557a61fee9bd02a745efd1228a3f35d5833bde9f

                                  SHA256

                                  e08a7a1be6fac0f1d1c2a7d6ddee109b1ab6c58b7f24d8f0ac1de643bb2ab2c5

                                  SHA512

                                  0d64550651e9467a42b9bc9ee737abe214b692e80e05ce4b25591863b5275175a1118bf9c658703853add74183f702c4df2ee1b3d152989e302334f0c325d9f6

                                • \??\pipe\crashpad_2912_XOQUGKUQSZUOMXLW
                                  MD5

                                  d41d8cd98f00b204e9800998ecf8427e

                                  SHA1

                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                  SHA256

                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                  SHA512

                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e