hxxps://8wvb5cbs[.]r[.]us-east-1[.]awstrack[.]me/L0/https[:]%2F%2Fwww[.]moonreading[.]com%2Fdaily%2F/2/0100019033d111fa-99227ffb-02fd-4cf3-b3df-428d6264f37c-000000/EBHgXI8o1Cm3QUCDtNRs6WrfDUM=379

Analysis

max time kernel
299s
max time network
293s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://8wvb5cbs.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.moonreading.com%2Fdaily%2F/2/0100019033d111fa-99227ffb-02fd-4cf3-b3df-428d6264f37c-000000/EBHgXI8o1Cm3QUCDtNRs6WrfDUM=379

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633540690886098"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
2240	chrome.exe
2240	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 3340	4632	chrome.exe	82
PID 4632 wrote to memory of 3340	4632	chrome.exe	82
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 4292	4632	chrome.exe	83
PID 4632 wrote to memory of 5060	4632	chrome.exe	84
PID 4632 wrote to memory of 5060	4632	chrome.exe	84
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85
PID 4632 wrote to memory of 4760	4632	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://8wvb5cbs.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.moonreading.com%2Fdaily%2F/2/0100019033d111fa-99227ffb-02fd-4cf3-b3df-428d6264f37c-000000/EBHgXI8o1Cm3QUCDtNRs6WrfDUM=379
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0c65ab58,0x7ffc0c65ab68,0x7ffc0c65ab78
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1892,i,2539035094602763041,4915431454173502068,131072 /prefetch:2
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1892,i,2539035094602763041,4915431454173502068,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1892,i,2539035094602763041,4915431454173502068,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1892,i,2539035094602763041,4915431454173502068,131072 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1892,i,2539035094602763041,4915431454173502068,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4388 --field-trial-handle=1892,i,2539035094602763041,4915431454173502068,131072 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1892,i,2539035094602763041,4915431454173502068,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 --field-trial-handle=1892,i,2539035094602763041,4915431454173502068,131072 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4008 --field-trial-handle=1892,i,2539035094602763041,4915431454173502068,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2240

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
41ea3a6914196224f7725f317b90e3b9

SHA1
10ffcf9cd271c295c86d7724731da20c1acba117

SHA256
88c31791c1c2b67ecc63c0948fc2b2b0d5e1ba93bad961130619fb513007e7a9

SHA512
038c61b361c44870da2d69c5942de69f926801156c2196073f03345864584bf9aa1405b9092ac8e054bbe58d65614b207bdf88f8a648b446703a80148937f09b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c359f26485cd865f7e144961966073eb

SHA1
c928d86281060648617ee10399e54f735fa5f4d0

SHA256
4fc980625ece48cb046e4ebf8e8ee19d86312c9b38e1019215f946fbb40fe4c4

SHA512
0685e61a7bc3d814bd2ae4029ae7ca4338ce08cfdc8f6de944b6ae3a1f61034d578b297c839cafb342ac63effea8fd2ee93ece0c9fd651d90eff67e408ae6397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0da71c7da9089d194faafb1914398820

SHA1
96460089f4d6a1a5edd2ed8b6c100541c3b1d321

SHA256
cd5af0541e6daee0868f6511473b68ff92faea7ab0d4b15b7384e00dbeef6e37

SHA512
f61759ca709bf6625ea3b0c75bf67c27e5bb55ea2a174f8c0d285cb4f38f0164842a664335b84428a0a53ae0868fc531bf1bb477052384b7c1a760f9d0f9a528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
88bef51afe2bb4e4742a26cbe5da99a9

SHA1
6799160a25319e4b31f82512ae7f9b8e92cf99df

SHA256
e5de21ee14ffd8a20b2078e7bcb8208c42fdd1a37f7bd93e94cbffa407a800b0

SHA512
b29a9ec24efcdfeb5a7a54466c592c7c486add3227cc3662266e893a0339e4bee1ff5fdb9a0a79980adca6a29642fc4c61604a6a7c475e05005ca6b8450676a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
6baaa6cadb8466b6b1ecc51aa5e8b9a6

SHA1
1620258cd86aeff89744993c204c5d2eefc9b8c0

SHA256
f4861c459b84612d12b1b63dcadc436050b2d87a2a3215b085fd4b86faca1993

SHA512
02f6819b059c4306b91c31fee25a4c3a33e9cddcb3ede0fd310d7a59fd938c504040458fa622120c5085c44cb27df8b996ad87589686bdf3721f1fc2c1561eb6

Download Submit