Analysis
-
max time kernel
47s -
max time network
47s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 16:24
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://qrco.de/bfAEoR
Resource
win10v2004-20240508-en
General
-
Target
https://qrco.de/bfAEoR
Malware Config
Signatures
-
Legitimate website abused for phishing 1 TTPs 3 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632879798724124" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 2912 chrome.exe 2912 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
Processes:
chrome.exepid process 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe Token: SeShutdownPrivilege 2912 chrome.exe Token: SeCreatePagefilePrivilege 2912 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe 2912 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2912 wrote to memory of 4576 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 4576 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 656 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3604 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3604 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe PID 2912 wrote to memory of 3608 2912 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://qrco.de/bfAEoR1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4511ab58,0x7ffc4511ab68,0x7ffc4511ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4568 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3380 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3020 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4568 --field-trial-handle=1908,i,1978424057663908988,1938013584921487685,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\957f59b2-987b-4410-9635-bb2c674b39db.tmpFilesize
91KB
MD58684fd14993dc9288645e8eec8c66caa
SHA10b4c69a3fbf21fa2dadb25c605b6f69920f57dc9
SHA256d7a9a2472270292d5457f091c2c9ee6398c468193c8b6c6aeb9e5331ad029f24
SHA512d400ec959aa07f65ca553ed7e92e4d4ee5607cfb41002c3d680482806cc2ee4b0124032743c636ec4468415bddf1534a073df578095e93e67e55001f5f80ad39
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5d3554ce36c9d52c1bae318a5a733445c
SHA1f7a4dfafe22bd63d1ff014cf546407c5ef84c8cc
SHA256dc52c39509c9d80ab86749cd23332b1ce90380072d384dabe534b301e6c31489
SHA512a2f6d3d28182b7adf357a55384cace2acb50a0b950acb984225bb20fe393405802243d04acd80b1f6771794baefa5a5158f405bcaa25d14c8acbabdd48bb2d93
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
257KB
MD5c5d2a2f85aca03b1079b223658f15fa7
SHA13def7ea339240cf2309e89351b48a659b525fd41
SHA25638867830910921d38a6860061a93aa49b4644ee5edae93d82d2c4f5d6336a416
SHA512f750fd571eba3f4ca2fb922abfd8e8be013b7a36cd8d10ee8424c4a1fac953913a383ddecad6e41c6dc49c578f1d60e4e39571b4598f092a84f0af40e3c23218
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
257KB
MD50d85605f3e20f4f64ce1b8795e5a8df8
SHA1779f88bbf8c6a5a22b2c897514db01c6a3b9a7cb
SHA256f6a4d62c21cdbf61819439408a9e951e179adb827116e82126d0170a9489e7c8
SHA512c96ec8e83be28449cee519df8ebb41deaa9306dbec3c9b809c23cf450f0c145fda12da3b065439ce2457fe461f80e3bc77c0a8a561727b6e9e5d766be3261339
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e232.TMPFilesize
88KB
MD5648b2ee76f79dbb72cb6fbb335a55a62
SHA1557a61fee9bd02a745efd1228a3f35d5833bde9f
SHA256e08a7a1be6fac0f1d1c2a7d6ddee109b1ab6c58b7f24d8f0ac1de643bb2ab2c5
SHA5120d64550651e9467a42b9bc9ee737abe214b692e80e05ce4b25591863b5275175a1118bf9c658703853add74183f702c4df2ee1b3d152989e302334f0c325d9f6
-
\??\pipe\crashpad_2912_XOQUGKUQSZUOMXLWMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e