Analysis Overview
Threat Level: Known bad
The file https://sif3a3-g54sf3-ddbd1c-qnv45f.netlify.app/dev.html was found to be: Known bad.
Malicious Activity Summary
Looks up external IP address via web service
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-03 06:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-03 06:41
Reported
2024-07-03 06:44
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipgeolocation.io | N/A | N/A |
| N/A | api.ipgeolocation.io | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644625261053285" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sif3a3-g54sf3-ddbd1c-qnv45f.netlify.app/dev.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9cafab58,0x7fff9cafab68,0x7fff9cafab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1916,i,17863400439392290978,3415176621608363267,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1916,i,17863400439392290978,3415176621608363267,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1916,i,17863400439392290978,3415176621608363267,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1916,i,17863400439392290978,3415176621608363267,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1916,i,17863400439392290978,3415176621608363267,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4348 --field-trial-handle=1916,i,17863400439392290978,3415176621608363267,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1916,i,17863400439392290978,3415176621608363267,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 --field-trial-handle=1916,i,17863400439392290978,3415176621608363267,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 --field-trial-handle=1916,i,17863400439392290978,3415176621608363267,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sif3a3-g54sf3-ddbd1c-qnv45f.netlify.app | udp |
| DE | 3.70.101.28:443 | sif3a3-g54sf3-ddbd1c-qnv45f.netlify.app | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | api.ipgeolocation.io | udp |
| US | 172.67.18.64:443 | api.ipgeolocation.io | tcp |
| US | 8.8.8.8:53 | 28.101.70.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| DE | 3.70.101.28:443 | sif3a3-g54sf3-ddbd1c-qnv45f.netlify.app | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 64.18.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
\??\pipe\crashpad_3932_UDCUADMHKITTRMFI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 76a9c0cea90abb0a5504d7243694369d |
| SHA1 | 850682dad57e80ad2004f5a96da3367e8b415a2f |
| SHA256 | ef41962a16b101aad9abd33cd86bd9537542ab6f66b760b7bf2d3eee1c231efa |
| SHA512 | 1f8a63db9b957be4ebe963ca1ecd66e5ce5443f0f87c9a028698b5a88d952d9ce995fabd7524c4a041a96161ba3ed4762912e4ce901c26f17b2d15ec840a1d4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8fc031b7f58e7e76609393c0644945d4 |
| SHA1 | baefa6b196d0cb295c75fff19215ff976e1a1676 |
| SHA256 | 386bfc0556d496e1323e83d090f9bea043fb262b16fdd2c1419e60d50111ebab |
| SHA512 | b709edde1a2bfb156b315886f15b59382454e8c0eb6bb6d57b8a48a13911f28747824f9d46731033817350c32092be4dec6e42e81c1f93729874b8133c74e3f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f52ce1647436490449534bec485a3cd9 |
| SHA1 | e9eeaf652a694e7b26541458caee8e32ee9c74f4 |
| SHA256 | 6377df1c75da0be738407dea03526a864013be4a9441dc3db2e2d247889c8efc |
| SHA512 | efccf747ca68967d26828636afc30b309dc80de97d42d801224181534eb16e295ec63ae4b880923a24f83396b0072c9ab885d4ad0597855252dfe5df50dced91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a54732b23c5eb269406900056dbb2852 |
| SHA1 | 0be73ae51fa54ec33c2119f6e145e35fc5474a72 |
| SHA256 | 1ce9e40be8206de4b233705fc5d5796e489e654e13b416a2b82891dc7b3f4188 |
| SHA512 | b6f63ed2a57bb7a9a0ece5f82bae5ec29cb5b470fee1bd8588e1ab3d81c4fe4fab946177ed79f71f466a36720d598432678be1962a962d654e687391aa98f83f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 096d40bccb8c041ab3df6d87445a54bb |
| SHA1 | effe614a677dee1661124ca648cebb173c477ab0 |
| SHA256 | 87556a60f625396dff748585dd608a2f5d1bd367000861afb710ee582fa9af84 |
| SHA512 | fd6ff86882c901d7a5ee05224a8991c9303387cbe875c2eba022bc862de32d976bb0bccfccb7d8f2d6beaa8fabdf592bf77946a16e07828ed1b0e30623717a62 |