Analysis
-
max time kernel
59s -
max time network
51s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
20-06-2024 07:03
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://pub-27f7254e773f4c6ea1d40a954c8581eb.r2.dev/USER05062024UNIQUE0839060517202420240605390817_1718802361761.html#[email protected]
Resource
win10-20240404-en
General
-
Target
https://pub-27f7254e773f4c6ea1d40a954c8581eb.r2.dev/USER05062024UNIQUE0839060517202420240605390817_1718802361761.html#[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633406237096680" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 3816 chrome.exe 3816 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 3816 chrome.exe 3816 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe Token: SeShutdownPrivilege 3816 chrome.exe Token: SeCreatePagefilePrivilege 3816 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe 3816 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3816 wrote to memory of 1352 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1352 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 1824 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 4064 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 4064 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe PID 3816 wrote to memory of 3536 3816 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub-27f7254e773f4c6ea1d40a954c8581eb.r2.dev/USER05062024UNIQUE0839060517202420240605390817_1718802361761.html#[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff08cb9758,0x7fff08cb9768,0x7fff08cb97782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1700,i,7230830787617367183,1816842743121886093,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1700,i,7230830787617367183,1816842743121886093,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1700,i,7230830787617367183,1816842743121886093,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1700,i,7230830787617367183,1816842743121886093,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1700,i,7230830787617367183,1816842743121886093,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1700,i,7230830787617367183,1816842743121886093,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1700,i,7230830787617367183,1816842743121886093,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD56940a17ce833c5f1fdfbffeb08a22fbe
SHA17f3d30aa6810e6d1fe9ffe5367ab728985129f56
SHA2565af50d727fee6265dc25a07f92d70454aa86d019d686a81fa11d0184f655c6a6
SHA512da0b94f00d05fc2d7048a26a47f02688a3fc653cf7b1466f5119befac8a76ba32289ea0031e72257c606b8ddf2ae1f6fd0bc85ababafa3311eb067ab1d38a82d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
704B
MD5d15694e8031f27c2a2c3cb284ceab756
SHA15c86eb92b12747b73c7d9a20d001b6f14e3e0e76
SHA2561c682699f9d5c3bbc4180fe551ce0c4cf7bad8e6310b9a17447bd8cf9250cda8
SHA5125016f6d1c6cbdf04b1df86b03e4517687ff9be097e4c35dff78b051537d214c00c4cdf1148f982736eecef3421007904e73b6b5367eaf0f8e8a7dc31bef4137c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD58d3b42c161ca65e033f1eacfaf3a2d2b
SHA1f9f067269724fb5e1f9c1fd5392ba2ff2df08dbd
SHA2567ad7dcda7ce90b5716480c6f53ecd1a6fa2314a8c0df28aa005c26fc4e43d991
SHA512fab800f3a75df85488926bded24c23b2b95c4b358b5773b3d51f67ef4d33542f27fc5f5c14a25d4ee0774512eb0fce3babf200aeef3109bcf78d862cf24d15f5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD52acc0bc47561771fe0c19471f8dbcccc
SHA1fdbf41aa3736f77036b9d925624cc26a7410b0ec
SHA256b930e4b0dc007647510fed2927d62bea2d05d415c38893ac47b130f6d29df772
SHA512eb19a0fef859428d7b7ed3e7554d783859ff799b6e937f53429b0c93dc5f03ad8496f49ca24695216fcc133f32f40a098aa77a3978c9b35323f04f13621463e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD501464e70ebf1c5393965f512cd62ac2d
SHA10b7f6d5b9a56684c5cc6019fc6f0671ddecef359
SHA256b8ea9f335cc58be2125c17c1e08cab5dcacb091aa0f67af7d6a1e30d18d22ed4
SHA512095d50f88500c3bd266f61391e94f5dbbb02ef7e57da8dca19663b852d0af0bcae5247604d72cc99798724cd1a00cb5bc37d143dd9f638b7d95b56b1af1cded6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
\??\pipe\crashpad_3816_ISRGJGFDSAIWVUWYMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e