Analysis
-
max time kernel
56s -
max time network
57s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27-06-2024 14:26
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://WWW.PEAKOIN.COM
Resource
win10v2004-20240508-en
General
-
Target
http://WWW.PEAKOIN.COM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639719989191169" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1460 chrome.exe 1460 chrome.exe -
Suspicious behavior: LoadsDriver 6 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 656 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe Token: SeShutdownPrivilege 1460 chrome.exe Token: SeCreatePagefilePrivilege 1460 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe 1460 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1460 wrote to memory of 1808 1460 chrome.exe 80 PID 1460 wrote to memory of 1808 1460 chrome.exe 80 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 4996 1460 chrome.exe 81 PID 1460 wrote to memory of 3276 1460 chrome.exe 82 PID 1460 wrote to memory of 3276 1460 chrome.exe 82 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83 PID 1460 wrote to memory of 4024 1460 chrome.exe 83
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://WWW.PEAKOIN.COM1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1460 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1688ab58,0x7ffd1688ab68,0x7ffd1688ab782⤵PID:1808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:22⤵PID:4996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:82⤵PID:3276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:82⤵PID:4024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:12⤵PID:5052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:12⤵PID:2428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:82⤵PID:4524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:82⤵PID:4544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5104 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:12⤵PID:3164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3308 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:12⤵PID:4232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4092 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:82⤵PID:680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:82⤵PID:3108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:82⤵PID:2272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4172 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:12⤵PID:4340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4136 --field-trial-handle=1876,i,4834904923195122261,18052535679966246248,131072 /prefetch:12⤵PID:2996
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:432
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD56dbc5d9f54ca5cb30d636fc90411b2c2
SHA1af62b3077a2d06c9b58340b289d8916e7dea71e2
SHA2562168708a5dc2c4f311af59c24315e23ba6bb9b02a30c65f2c025d57e2f4d964b
SHA512e93fb401a9d953b6645e687b381d4a4ac674500c4df8ced14f5f289d07962894eaffebd52bc3496cc53236ac2839366ecb193118aab8d0f45adcbf8789d7cacb
-
Filesize
257KB
MD5bc1766ebb34e47310aa041281fda89c3
SHA1d6d5df4dceabf9b7eb5211a2521464cfcabef280
SHA2562f22d4d3d9ba38069c40c794dbbcc879d6b25dbf1ad21ffda618126e835463b0
SHA512352d811ca305b54887748e098545682d8b9c155ad79fe072456b4cf6bc70fa1344a5eb8ff338c6678ad5488ab49f0b53da07ebc6b40194655c6643be1381be4e
-
Filesize
257KB
MD508f94cb833f87d12eea00fd6e080012c
SHA15ad295c6c7384c3e258b039ddfb34149e2547510
SHA25682c87feaab5c5c25a122aa3b4ded29c0778911f7e9dd627f553de65435232dc5
SHA512e3f44a71c3bd6d21771fcc361c7150b954b03fa39dcf7ab228768ba01efff1e73646598b1e7955e74a658208ac215024d5faf5b11ae86a2baa4660defdbde6d5
-
Filesize
91KB
MD5c3cf20cd61ad35c10db2b2f4b19bc8be
SHA1efff108f848cb34eeddf1e6d53016a5ae1b2ffcf
SHA256bc4c1535569e0f1fe2cb0c72db9b5e31705ba43a358751adf0acfd4df787edc8
SHA51211af3222f3c43f388454b0b726f510290791e34ef4c31416ce23f620e1988c011b2e3193bf088db3802223522bde51f59a06dca49b4ba004222965ee76ea0f05
-
Filesize
88KB
MD50a59bb99c793bfef8305f9d4408a46e6
SHA11112d96f4170040057969b06df18405256fd4197
SHA2569d49ec18621e9a96f8c34d1abde1baadcafdefd0fb38de377c32e3ef7d933166
SHA5128c5bc5498510759bf6aa273cb264139d841dd237dd9030e122d7e67ccd9f651075584bd76a8e62a486cc2b2584d6f2887f01438395201bb08aea115ac1339ef6