hxxp://79[.]127[.]217[.]44

Analysis

max time kernel
150s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://79.127.217.44

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645380410437441"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2272	chrome.exe
2272	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 3824	2884	chrome.exe	81
PID 2884 wrote to memory of 3824	2884	chrome.exe	81
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 1032	2884	chrome.exe	82
PID 2884 wrote to memory of 3884	2884	chrome.exe	83
PID 2884 wrote to memory of 3884	2884	chrome.exe	83
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://79.127.217.44
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a478ab58,0x7ff8a478ab68,0x7ff8a478ab78
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1884,i,3704619796524480910,229087278099153005,131072 /prefetch:2
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1884,i,3704619796524480910,229087278099153005,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1884,i,3704619796524480910,229087278099153005,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1884,i,3704619796524480910,229087278099153005,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1884,i,3704619796524480910,229087278099153005,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1884,i,3704619796524480910,229087278099153005,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1884,i,3704619796524480910,229087278099153005,131072 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4180 --field-trial-handle=1884,i,3704619796524480910,229087278099153005,131072 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3308 --field-trial-handle=1884,i,3704619796524480910,229087278099153005,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4520 --field-trial-handle=1884,i,3704619796524480910,229087278099153005,131072 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4544 --field-trial-handle=1884,i,3704619796524480910,229087278099153005,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1884,i,3704619796524480910,229087278099153005,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
928B

MD5
ef29c6882415289681962736f1bbe2d4

SHA1
6d71a0d6f8916e8c6c61d33c0d0c1bc2f577904e

SHA256
71d7731a29200b67f3879a4db6fa020206f74ec721a00a8404afaab963c1aaf3

SHA512
796ea8e5e8628afa3357f2fb83f66f7620b1dab7ee47fa96b30783f1fc54b7ff71e006a0abd5e5d9e367b8d95ee5bd927a46f84c6672de6aba505edaa3fc9396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
60f825896a63b70799d0af00bca61b4e

SHA1
cf766d901495f0618a2a4e9cecbd1fa413a4a995

SHA256
a9633647a6c58beb4bfe60ae746b3d20a17d04fea7fe379b2b3369fef02e595c

SHA512
b1575640c97764bcffafce88d91f32b836c123e0fd9d2b8416cfaa8a03127741741f3616b58954ec3c5bd9b62fa0cbc76ca223d3cb4f424fdfdca91f92377784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
c21ac15a3f7e489e740bddee407c286a

SHA1
d944e5f686107a74f55abd1fcfbad4745c6635c6

SHA256
cbb6833192e20ad9358773912c9c0b702f734bfee9e19f5c424d7eb5a5c2a2c6

SHA512
edc9ae42058cbd88f64e564c2a51f8d2f81619c1106614ec545ecbe1407279d000ec84cb601fad898f240597a6f9ea6708b8f2ef33aecfa46eb5884195979992

Download Submit