hxxps://virtualcomputing[.]soge[.]it/

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://virtualcomputing.soge.it/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648985908669363"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
5044	chrome.exe
5044	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 4168	2984	chrome.exe	82
PID 2984 wrote to memory of 4168	2984	chrome.exe	82
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 1156	2984	chrome.exe	86
PID 2984 wrote to memory of 4792	2984	chrome.exe	87
PID 2984 wrote to memory of 4792	2984	chrome.exe	87
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88
PID 2984 wrote to memory of 2368	2984	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://virtualcomputing.soge.it/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99256ab58,0x7ff99256ab68,0x7ff99256ab78
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1900,i,959759905479617971,13623878613872150970,131072 /prefetch:2
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1900,i,959759905479617971,13623878613872150970,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2292 --field-trial-handle=1900,i,959759905479617971,13623878613872150970,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1900,i,959759905479617971,13623878613872150970,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1900,i,959759905479617971,13623878613872150970,131072 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4048 --field-trial-handle=1900,i,959759905479617971,13623878613872150970,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4220 --field-trial-handle=1900,i,959759905479617971,13623878613872150970,131072 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1900,i,959759905479617971,13623878613872150970,131072 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1900,i,959759905479617971,13623878613872150970,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1900,i,959759905479617971,13623878613872150970,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
870de61393ff140c8a431b6a5eec133b

SHA1
785668e8b03dd442f543a19e7ecf569adf9b5834

SHA256
1319df0695f726d7643f62e50d4cc1b2c8ea67f346243cfab4fa28b2225f4585

SHA512
2f85df43733a9deedddbae1475f8ebcdcc98fec2add728b416f4122f3d5be5aab94186e0983de4dd3d4864ea340289847729ce4ff087c88f2b40043c56e8c137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
89d199b2c1367414cd45e398f9ca391f

SHA1
592e5bad84f8af10976881635792567590238965

SHA256
9b578b295ed0989afbd74d7685fb13de2023e128a311f1ff23bb76870f612963

SHA512
6fd71b3b554d53dce775d95d19685c706275c69d0c27deed11ca3b618966ad9b5b30066badcda49c3d47ec56832d6c9f2414b5ecbfaa2bdf591dcb276015db9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
59e4aa17883c6142686e3085138ee510

SHA1
dcca47d0d326a8a994d1210dff56defb4cda68a6

SHA256
57d77b48035f703c07eefa7a838e9a6fa2c6f41c0be142a268335b025ba137a8

SHA512
dcf15ac5be6b4180087eaeb344d98a8b8ac8961e8edde82c9d1a05ff310b060ca5f98d56999a957bc065030c35a966f125661f09152705791165fdd2d0d22dce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
192ae624b31e53ce069f2dfc0defdee6

SHA1
3fd98a5c1cabff755418e138e13764200b092121

SHA256
08e4a429bdfc4fa647b4215e7f1c0c48d12fbba250cb64ffaef18f6971eca7a2

SHA512
0c98b616a351130867e246b783760bb5211d290a19cfff12412250dc5a0babae320030dfc2eeaffeec83e94c8e768fb8c3c9ab9daf2d2e7ac3800461c2cdfe43

Download Submit