Analysis Overview
Threat Level: Known bad
The file http://peakoin.com was found to be: Known bad.
Malicious Activity Summary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-27 15:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-27 15:24
Reported
2024-06-27 15:28
Platform
win10v2004-20240611-en
Max time kernel
271s
Max time network
276s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639754653395707" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://peakoin.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccef1ab58,0x7ffccef1ab68,0x7ffccef1ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1908,i,9987639246946011279,3332922456169778855,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1908,i,9987639246946011279,3332922456169778855,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1908,i,9987639246946011279,3332922456169778855,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1908,i,9987639246946011279,3332922456169778855,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1908,i,9987639246946011279,3332922456169778855,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4356 --field-trial-handle=1908,i,9987639246946011279,3332922456169778855,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1908,i,9987639246946011279,3332922456169778855,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1908,i,9987639246946011279,3332922456169778855,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2568 --field-trial-handle=1908,i,9987639246946011279,3332922456169778855,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 --field-trial-handle=1908,i,9987639246946011279,3332922456169778855,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | peakoin.com | udp |
| US | 104.21.83.161:80 | peakoin.com | tcp |
| US | 104.21.83.161:80 | peakoin.com | tcp |
| US | 104.21.83.161:443 | peakoin.com | tcp |
| US | 8.8.8.8:53 | 161.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 104.21.83.161:443 | peakoin.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.147:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 147.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 104.21.83.161:443 | peakoin.com | udp |
| US | 104.21.83.161:80 | peakoin.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 104.21.83.161:443 | peakoin.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 104.21.83.161:443 | peakoin.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
Files
\??\pipe\crashpad_4996_UWXKPEZMTMJZTLZG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0e4d0378b8abe30bceb02117ac4cb711 |
| SHA1 | 800291d182914b1f6fc2d0a24ea74831292f46ff |
| SHA256 | aa0e2414d575b443f00f0c422e96db9d60ef96560dd35659f4d7e04a987d7589 |
| SHA512 | 7cb744ea8f57db774365c3e6656537d411989515c1a34e97cc099dddd267046d2b3434ff8ecbc75dfe34aaef120d30a9dd3192795128c7b78e45cc44d36dde01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a90d25bc-453d-40ea-a736-e198d447dc97.tmp
| MD5 | c0b57f066e9fde8c133a8e71080ec3b2 |
| SHA1 | b915320194986858bb43ffa8e995baaa2bebea9c |
| SHA256 | 4a1141c573ef769c0085be7b8dbec1c16bae8959280e67f1d42b688001958163 |
| SHA512 | 7dd398b65d82adf18e21ebbd00893b053b56eff72c943a198a332547b171251d10973102392549c27728dbce283917e5719dca102c2eb5fb61ca990c16f458f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 70006bdb3f7113c7c05ab24552979ec4 |
| SHA1 | 637de7ec21faf1e80f6b237594976f093a52cde6 |
| SHA256 | d1fb5c79f465622d0593864fa790177be2e62d631788971adf6c7280017538e8 |
| SHA512 | 0e5b77b8f2883710745c2e8248ec6b5a721acdb3ac45aaf062181c4fdb4503300b70b789755a6b200fda90cb27782995a61dd61138641b6a9115ad0974bf0ccf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 503c3d72b021837196d6cdfc72b1bda2 |
| SHA1 | 363e6dfb31d2e8abe3235c9fc52cee19cdbdd3c5 |
| SHA256 | 94d2ecbd9d40ef75a1fcf91f06b6ad36c81def3e2f09fd4c9a6e5cd04786ead9 |
| SHA512 | ea0aa4e28e9453dfd0dcf4687c38708766c4515308b60b2462a9fd88d7f38cbac6b7973e29e321a785ce06eac03e2db93ca57505482cd50d36ac0fffeb4fb390 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cf7c19fcc456a1cebe6d73ee894ea28b |
| SHA1 | c0808f31add536b7e55363967ab3f69b730edd23 |
| SHA256 | ddd9d80f47950084e9bab77c739f19f78b548a730ed0d2bdc202b11564519df0 |
| SHA512 | 7288318f7a30658340cb477fc21f0dd6b2682f0c8056da7d12e6779163cd4c2c89e3c05a5835ac65ed486e7b939f40058c4bf7d38bc08352da841d101c246e28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 42eb07c3e1bccda44fe542891a2a3e2c |
| SHA1 | cd181b3d13a79e1e53dccad720bb787206e35d87 |
| SHA256 | c9dacb8f8d76800b82e3ac8f761f99fb3bd7e9cdda7dba876db1206a9b0611f4 |
| SHA512 | f50433adfaa0790c5c0c4e07f66a371b50237fc8d0360fa3ec3182b05c774fbc6e3c273c97e72b9fc56ffbe46e2114164ad9f0a0ed45ae27603a55c08819d737 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3334c3a00a29eb37f6273c5c02bd14b0 |
| SHA1 | 9d83f25e3d037bdd2fb082da073ce48e49298570 |
| SHA256 | e164c4a0a081c93012b6801ddb27468047d952158692f3f7ee2adc1cea3a9f68 |
| SHA512 | 56f055287532f8e6de6f06298fe1b11787bd60247005b6b599a8b310905f4326c05b479eda2f94cf811ea95ff712afb9509e41c76abaef00f1ecc947f1ebb8e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ef6ecc8698dd326181835b6742ce5348 |
| SHA1 | f70712f41fd979318e83400fbc1ad7c05bf4f88e |
| SHA256 | 7a8525402b284fd51a493a73526ceda23cc3619211630bb63029c9d93a0a16b4 |
| SHA512 | bcbedec1d2897f6d34175ba844604544397f5e8417163bd201fb37b7f4b0a078783473b0b20224f41bf1c50311a36bcc7b60a16641a9bd976a88048f00361d75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 98411d218305d3b9cf2ca011f7dffffb |
| SHA1 | cafb5192d98e7cff13c4f6d4d85258a67595ff79 |
| SHA256 | 262a5461aeba0858b75cd6c55c244cc0efc772060c95f941776aa078a219e959 |
| SHA512 | cdf42ea49a491b7c9b663e3e96a18b902346d789daaea6c153ba41ceffe52210c63138157c3de9e9c51b3bf5cc4f269757e8e78427a18902c87045993f263694 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 66115099c9636a6732923857be63bf19 |
| SHA1 | 038627042345588828683dd8ae3101cadaefdd2f |
| SHA256 | d71e8bd9000fa7f91c75b7b048eb76d6657de88b875618b55658ed3cb5be3f7d |
| SHA512 | 2dda3ada0c35434821bc70feff2d5100832aa9b279a7490d78577ce40bfabfab7fa54d002e7ed1ec915d724b8363ecb6e1f054484126344d31e65fd0ceb2e62d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fd52e1bc5e39786fd4e26344c0c5c26d |
| SHA1 | 91a22037e5b08e74b03a721f1d08da0b9ba90500 |
| SHA256 | c2aab7d4a65d92e6860cbbf66823d7df1c1f49a478a73c77f8062432a1734ad2 |
| SHA512 | a83d09e2602b9218c069fa49d89219e82f8039fb2f2fb6056154c0784231b97a48e754768b6350a8d089d3fef9a9a4a93be68b2ff6993064d8083e7a15a8946b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 46b75bd3add360dfff9dbb6b814eba1c |
| SHA1 | 27fefec0a5dac6c9c95087a8152fae85f201c4ee |
| SHA256 | 848d308f763ed857dced03ec0aa7616e20ea7ffdf20964153deea8a96a8abd50 |
| SHA512 | 72f9e5b51a852cbdf1d7e4ae9720401fc879e5b0317ab2b76b9f83e9ea93d32ef64a779f55c256ad9c7d59991e79bb1f50180ea17c959f0d95f70a7852b5bd29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2ec9ab9e25f760043c13b886b3f8b531 |
| SHA1 | 8d046ba6e52385332a066a280dcb0efadb71bbed |
| SHA256 | ef4334b3f718703e0c2aaf2991c9d7546a11969cdd3bbd87820fec38e0576271 |
| SHA512 | fb1ce06980368062440ceeb21af0f59703b3f13aa50699367d9661dc85768359e303df630e1366c1fde286571acf26c13fadbdd878c888db05d43e8ddf5ee80a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f5ae6fb400b9c4d87929a9daf9f850d2 |
| SHA1 | 97f43a9e22c47e1fd2ab369e6bc82adbee83c821 |
| SHA256 | 5f553aab98fee5d04655c8ac128b274a74abc69bc2b02a3d32009bae983203bd |
| SHA512 | 514a37ae00ae0a27a9bc8aeba7885a7bbe6e4e11897aade98f210cde25e45239eab8e123e11c17002bc0c44ed256c66700d2b60686a3705804ea8f6c1ee4a4b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9ecd23b6441df4d9cb0b2238e235c672 |
| SHA1 | 36a8b340aed998dc1baeb273e32b4c3d6e048cb4 |
| SHA256 | 5f3d3c74f0ec588ebf26d1849c09e606bec7f64322fe6931b5c638b2c012448d |
| SHA512 | 4121e48325b65a82b6bfd2d4dc32f4f6948adfa5a707aa6ea61b6e7562a11bcb37693150a9ac3dd1aaf19f827ca697159fcb8900689e82db5092dbc5173406af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | 5890d92eea600637fda91c44c2b29599 |
| SHA1 | 3f323314fe6511bb6b2183b917d6aadac9f23b26 |
| SHA256 | a6b20497727358b4ab47eb05b1aeb4d7aee800756d0ec24a140c41ac273091ab |
| SHA512 | 01bb47c86586acaff43eb2dca4a162fa1e5ed20ef9500e55759bf179c374dec0c3b742ca09197088ef3a7128b57aa4462a745327622eeca9d459cf2589265ddf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d5c8ed1871de3efa009a6d47381bcbc5 |
| SHA1 | 0e6b30859f9e1b4fbe36d9d13e0ed99652d6d15c |
| SHA256 | d201f6377828c9f0ecee67c4b95531f17ea487908d1b214acf326164af6746fa |
| SHA512 | c974faa9fdae1da488036f97fac78e7793350a45dcc9286ad75c0c488b7c48e144bd90f373ed8a4e3d90225f13ff6f44fd24bb67e766130bb49ce00ee1f743dd |