Analysis
-
max time kernel
59s -
max time network
56s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 11:15
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://worldbest.direct/?yhnxnbuz&[email protected]
Resource
win10v2004-20240611-en
General
-
Target
https://worldbest.direct/?yhnxnbuz&[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633557319942252" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 4260 chrome.exe 4260 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe Token: SeShutdownPrivilege 4260 chrome.exe Token: SeCreatePagefilePrivilege 4260 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe 4260 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4260 wrote to memory of 5036 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 5036 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 1768 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 3572 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 3572 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe PID 4260 wrote to memory of 396 4260 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://worldbest.direct/?yhnxnbuz&[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0254ab58,0x7ffa0254ab68,0x7ffa0254ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1888,i,7512899822111842146,15644330072067713587,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1888,i,7512899822111842146,15644330072067713587,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1888,i,7512899822111842146,15644330072067713587,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1888,i,7512899822111842146,15644330072067713587,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1888,i,7512899822111842146,15644330072067713587,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4212 --field-trial-handle=1888,i,7512899822111842146,15644330072067713587,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4192 --field-trial-handle=1888,i,7512899822111842146,15644330072067713587,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1888,i,7512899822111842146,15644330072067713587,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1888,i,7512899822111842146,15644330072067713587,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000fFilesize
672KB
MD53e89ae909c6a8d8c56396830471f3373
SHA12632f95a5be7e4c589402bf76e800a8151cd036b
SHA2566665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099
SHA512e7dbe4e95d58f48a0c8e3ed1f489dcf8fbf39c3db27889813b43ee95454deca2816ac1e195e61a844cc9351e04f97afa271b37cab3fc522809ce2be85cc1b8f0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5a355e58f2f26bacbb058c067b78f7a7a
SHA10184a40096b4557949273c9ab7f0e5a98e524ba4
SHA256dfafb8b07c4754e42f6dec35e5173ee0e8f3a244707639dae18626e852ac634c
SHA512ff842e31779a3e55a8d2b3488ebc36133e2e1b052191c1b7cc87ce285e9f966c934ff9b7a9cff4bc7a65f0116004030f6ef63e6df6a3160d6e9cb891e3ae0f18
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5dea6c8c3382c0c7be00dd3d5f4ee95f5
SHA18a50cd7a3b67d4c27d9f7c514e804c68fa6ae342
SHA256167ebaafe7b76076f4a11e1aa9186f779114a7039771a650e6272f91a5e90d76
SHA5125c4e0fda19bcb301a579736e8b85c922225638ac713d1bc2356e654d1aaaef47c2ab112c03646024f927d5e048f796b51178e86c2ba3247ab9f8c5ff35e59938
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD52d706878c0333652eb1794806347b939
SHA1b75911863f949b751f29fab2d69e026b44c925ac
SHA25610954771772859edc3c57f7e740fdf658b2b7bfc840c0df33e771b2ba5b77b04
SHA5124edb3fa81e3b3768fb34a95ea6544f0fb35dbfa8853f61dd5f65b1da25eeb1f8654e4cb6bcb1fb7ff67c47289c64cf241bfb615e7746713485165512e9f99ba3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5318c698ec481df067b3285124d1c51a0
SHA1ea8a7917d83a7aaf8daad2fe43f50c3a01b750f3
SHA2565d430484a63dce989fb83d0dba6ae3f01b098273023276791fadabe897fad17c
SHA512770db4b0cf6c7db9835eb29ac97617cd31c068b0ca0bab068b83f691b1ad96c5c6d7b3b89a6fa9f9cbfe002d0e46be29a7c10cad88a91e32d12bb815c2406119
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD58eff028e7810064dd7bcfab769a1c7cf
SHA13a1a0f51df3e5c4333ad3922e72640913b7e864c
SHA256f12070c8347eb3439d02f19a5544deca83699070ca201295bf73bff9e6a36546
SHA512429a114a02bb6a147762e5ae4ab82c251f2b3a0e5fbf7212c9bd3226a4246f0395ad06032c3b57c639fc9dfd27c638279f7703f517f5707cf21c3ba2ae5ae7d4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5070b4dacb9953d5c9192826e964a1f07
SHA10529ad76622d6640fc5f16af898bfc4f36181978
SHA256f6c9b7c7c11428ec2ccaeee061b5d329e51b2ff521a6690e2d26331d54f3a56f
SHA51236f8baa1d7ae595f57f470e1f4f76d18f52e45c2d648e96fdf77f9cec2e73b4543e3a8e2fbe2e39ad3449c8a9c839715cb96f20e2567d6c7849e37ba782ef8c6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
138KB
MD555392bd507a81794dd6d534bfdcd759b
SHA1bd27875fe265b7e5d17f824d1d89cc7abaff66d9
SHA256b1f3d7cfc8b798b92b76c03708fd870b3336e5a6ab129acb58a8eece38ce20f3
SHA51281339e3d9ad2f36b3523b79eb87101666ded98a43a45f40669bc6ca9e5e87a880fa569eade7382a5b76ca006d6f579dc6a4e63e69ecc237d8bb4a4150762d50f
-
\??\pipe\crashpad_4260_SHDNANEUBEAOYUCZMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e