Analysis
-
max time kernel
59s -
max time network
49s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
20-06-2024 07:01
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://pub-27f7254e773f4c6ea1d40a954c8581eb.r2.dev/USER05062024UNIQUE0839060517202420240605390817_1718802361761.html#
Resource
win10-20240404-en
General
-
Target
https://pub-27f7254e773f4c6ea1d40a954c8581eb.r2.dev/USER05062024UNIQUE0839060517202420240605390817_1718802361761.html#
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633404808574533" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 2232 chrome.exe 2232 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 2232 chrome.exe 2232 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe Token: SeShutdownPrivilege 2232 chrome.exe Token: SeCreatePagefilePrivilege 2232 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2232 wrote to memory of 2888 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 2888 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 5104 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 2744 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 2744 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe PID 2232 wrote to memory of 716 2232 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub-27f7254e773f4c6ea1d40a954c8581eb.r2.dev/USER05062024UNIQUE0839060517202420240605390817_1718802361761.html#1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd4eec9758,0x7ffd4eec9768,0x7ffd4eec97782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1784,i,4325193409922884359,10471426204215529718,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1340 --field-trial-handle=1784,i,4325193409922884359,10471426204215529718,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2016 --field-trial-handle=1784,i,4325193409922884359,10471426204215529718,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1784,i,4325193409922884359,10471426204215529718,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1784,i,4325193409922884359,10471426204215529718,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1784,i,4325193409922884359,10471426204215529718,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1784,i,4325193409922884359,10471426204215529718,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD5883f78473431ce3ca1c85c9f942df28d
SHA1581582016550a024815f7f535cd6833c2dc36f4b
SHA25640808dcf5cf80f553beddcb17c3c20a80b81356a93b23fa4b8b8e6d427fb2347
SHA5127833a40c7c383b7f012b6c043afe2048975ede28ffdcae0aa6ac6ab5650b6a172e83f1afd2614fbc97c539b3ba4cf55ac163c373b3a8b1dc6975f8245663fcca
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
706B
MD54b440f936305962981f520a5a8ab5dd8
SHA18ead533380a50b75f793362de3c4111a3aff3b25
SHA256e4092cfaccf360f6ac4e89646fdf85d5a3b0706fb3d62d6774ced8a7e3e490d3
SHA5125c998f8ea0a274547492dd93778c3d1c1ef0f6ee5d6e73c61a4f86a92a848d8597b25bde8ca5088c14797087ba5ef1b3ec6d8b5dd9c83ea6b315dbcd47cecd04
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD54a1ff3d2555b3fa2c34a72460872191f
SHA195c41bb5e78a739bc3da44d3ed5e9fd3fc4e5093
SHA25660c1f5e9cdbde7821238e10e2643b795024312e1b57e0c7372bb99d23f7c94d9
SHA51258954919c83ef69a7d88a9ba4f17ba0da62e2a3bfbf546ff4d157ce20ade606e15ca1eeddec4a934346bb6e6d4653b05ec2ce1a8d7dcae16f97bc1287988f84c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5dc5d085e9070d22a675139005fd92d2b
SHA1fd4589f704379cc7073ad4f6e6ef209e3e0e20b2
SHA2560bb87f449b166a686912ca4739245548f5c8ba7fe5060789feef302710d42e6c
SHA51257bdbcd7d3f16527b01f130e8ce31204a9892e908e57f5495a57a7810c900eb3de145318b420fe74bfb8550b0b2ba69e334ebf55389b554508aaa00fab68472e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD53c5f3d908b08d8c2f5e04be7d35d6004
SHA108044078f859f7ef7a0da701b93ae8186c738741
SHA256e6e780b88556d19e0bdb6be2e9d542790429c61b926d4bf2a45dbca2d8c16370
SHA5125122875c8fcb04f59541734e3d41986e7d15f2e0710fe785401096d49ce675a9613ab3fedba52f4c8752416f606bf905d84711ba29a72f1971235f01d4295df0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd