hxxps://tor[.]pdos[.]csail[.]mit[.]edu/

Analysis

max time kernel
149s
max time network
146s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
09/07/2024, 18:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://tor.pdos.csail.mit.edu/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133650221681870062"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 4900	3244	chrome.exe	71
PID 3244 wrote to memory of 4900	3244	chrome.exe	71
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3220	3244	chrome.exe	73
PID 3244 wrote to memory of 3664	3244	chrome.exe	74
PID 3244 wrote to memory of 3664	3244	chrome.exe	74
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75
PID 3244 wrote to memory of 2060	3244	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tor.pdos.csail.mit.edu/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8729f9758,0x7ff8729f9768,0x7ff8729f9778
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1864,i,13737635026479276110,15633240448282126272,131072 /prefetch:2
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1864,i,13737635026479276110,15633240448282126272,131072 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1864,i,13737635026479276110,15633240448282126272,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1864,i,13737635026479276110,15633240448282126272,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1624 --field-trial-handle=1864,i,13737635026479276110,15633240448282126272,131072 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1864,i,13737635026479276110,15633240448282126272,131072 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1864,i,13737635026479276110,15633240448282126272,131072 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1864,i,13737635026479276110,15633240448282126272,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1864,i,13737635026479276110,15633240448282126272,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1864,i,13737635026479276110,15633240448282126272,131072 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1864,i,13737635026479276110,15633240448282126272,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2838782005bbfad1f175e1017725c673

SHA1
96512ec3d242f011aa64da2c0ae97c323f871cdd

SHA256
926c630d3fcedca7307dd891b9dd3f0f4382715674479872184e61e97b8f548c

SHA512
eadafeeeb308f715e9f76be2638cc37a00c1c859a9d976453446cc4d57ff387f196ed3670e7a6287d53ee7f21f9059d86f2f2b06f6bd5974940f58c49cc15907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
950df199735809c6e46e3e18ddff000d

SHA1
50cf86fc890955aa39d4f42c79c9eeb959a136dd

SHA256
000ca8a9692e4bac2600c4efdcce831e5dbe153a45b3b4b45071dfc92e831882

SHA512
3bb523a74907e7febadd23cc571eaf5c5790eee4211199e1cd2ce40e966da5b56d9b73a960bfb61c945b58461ea104a044b04646f69a2ab2e0af5a3cba684c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7dae38d46d9412c20f9a2e405889fdab

SHA1
57f6fee7e1e80c902f1e5243fd5a8604758aee66

SHA256
57fca7a82c971c01b04006b7acd4f8f9ceca135606c2dc395de6018bd1d841ac

SHA512
e5aadd7bc2e50ba9eadab7327caccc1513205cda910c683898843e8a2224ce7656c5c802e1d90c93264c6ab7cccb0cdd86ebae5083ab6e01428cff87ec6ac306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
d7411a3755f7a878917477be53a3fff1

SHA1
d5a5700f903cb25d7e0fa01e7f535c66eaa8184a

SHA256
174c015f42c86c588bbec9fd7835af965b99ff3fc6550f4e1d75536c9e3fe127

SHA512
b41418ee6b2c8d51721f531966d0313c3120552a620f28ddb09adc6bf0f9f2ff602cc65aff76ffe8a6c65d96e32e5c52f9e68167c2d200150b26c89c32ee69e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
5967112b510f19878bb7ff202c55b8d8

SHA1
a40e3c7014464841903916ed6f65a1f60760300b

SHA256
6d6bc18d026d72e7f508d4c6d755c8c2d44103c87e769af8858b4d6017f7dc95

SHA512
df68a90ef66dea63113065574f89d96bb31b76970c758754f008f4de189940a0caddd81143843f403c55664fba6f4d923dab4680ec928a5869e5589d08ff593a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
168KB

MD5
6a52447300c5c53bdf3aae39dddc4bf5

SHA1
dcec00f926dac9422e4933087369cfc78b301dd3

SHA256
f73bf6417e04ec885d2307a9d6596a921a75ad0a797f992cb1bc9e8f0c9d2e7d

SHA512
12a3d71478182842dcf39807e31ccebef0e3b20f11d1fef97e3f56cf4a67be1e2ac74867c7b169aac61c0b549b001b09d289ffd624f62aa15556fa76e1c1fdbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
ca546aa51617c6c099b5804f58cb719f

SHA1
2d6dc51f7eff92f555593092f1e810b4f187d44b

SHA256
2c3cac261f710a20e2eccc199a079375d1c03f7714fc7a491163aa85748af8b8

SHA512
3d96e4825ac07281cc66438e65248f1f94bbc4842118ca667585d6562d9ceefae811b0c3d946fe96eab5b6ec13d849b29f4e8ccde4518415e5a2b0672fb1de40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit