hxxp://spherni[.]com

Analysis

max time kernel
299s
max time network
299s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 21:25 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://spherni.com

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133652067673225057"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 4564	1388	chrome.exe	84
PID 1388 wrote to memory of 4564	1388	chrome.exe	84
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 3612	1388	chrome.exe	85
PID 1388 wrote to memory of 4800	1388	chrome.exe	86
PID 1388 wrote to memory of 4800	1388	chrome.exe	86
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87
PID 1388 wrote to memory of 3712	1388	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://spherni.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffadb1bcc40,0x7ffadb1bcc4c,0x7ffadb1bcc58
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,9878332225258633912,15991386248985787323,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,9878332225258633912,15991386248985787323,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,9878332225258633912,15991386248985787323,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2236 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,9878332225258633912,15991386248985787323,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,9878332225258633912,15991386248985787323,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,9878332225258633912,15991386248985787323,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3212,i,9878332225258633912,15991386248985787323,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,9878332225258633912,15991386248985787323,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4548,i,9878332225258633912,15991386248985787323,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3356,i,9878332225258633912,15991386248985787323,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4036,i,9878332225258633912,15991386248985787323,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2728

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1044

Network

DNS

spherni.com

chrome.exe

Remote address:

8.8.8.8:53

Request

spherni.com

IN A

Response
DNS

google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.187.238
DNS

google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.187.238
DNS

10.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.200.250.142.in-addr.arpa

IN PTR

Response

10.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f101e100net
DNS

68.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.32.126.40.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

spherni.com

chrome.exe

Remote address:

8.8.8.8:53

Request

spherni.com

IN A

Response
DNS

spherni.com

chrome.exe

Remote address:

8.8.8.8:53

Request

spherni.com

IN A
DNS

spherni.com

chrome.exe

Remote address:

8.8.8.8:53

Request

spherni.com

IN A
DNS

xuwo.spherni.com

chrome.exe

Remote address:

8.8.8.8:53

Request

xuwo.spherni.com

IN A

Response

xuwo.spherni.com

IN A

172.67.207.93

xuwo.spherni.com

IN A

104.21.77.119
DNS

a.nel.cloudflare.com

chrome.exe

Remote address:

8.8.8.8:53

Request

a.nel.cloudflare.com

IN A

Response

a.nel.cloudflare.com

IN A

35.190.80.1
DNS

1.80.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.80.190.35.in-addr.arpa

IN PTR

Response

1.80.190.35.in-addr.arpa

IN PTR

18019035bcgoogleusercontentcom
DNS

93.207.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

93.207.67.172.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

39.58.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

39.58.20.217.in-addr.arpa

IN PTR

Response
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response

172.67.207.93:443

xuwo.spherni.com

tls

chrome.exe

2.2kB
4.8kB
18
20
172.67.207.93:443

xuwo.spherni.com

tls

chrome.exe

1.0kB
3.2kB
9
7
35.190.80.1:443

a.nel.cloudflare.com

tls

chrome.exe

3.2kB
5.3kB
25
27

8.8.8.8:53

spherni.com

dns

chrome.exe

57 B
115 B
1
1

DNS Request

spherni.com
8.8.8.8:53

google.com

dns

chrome.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.187.238
8.8.8.8:53

google.com

dns

chrome.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.187.238
8.8.8.8:53

10.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.200.250.142.in-addr.arpa
8.8.8.8:53

68.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

68.32.126.40.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

spherni.com

dns

chrome.exe

171 B
115 B
3
1

DNS Request

spherni.com

DNS Request

spherni.com

DNS Request

spherni.com
8.8.8.8:53

xuwo.spherni.com

dns

chrome.exe

62 B
94 B
1
1

DNS Request

xuwo.spherni.com

DNS Response

172.67.207.93

104.21.77.119
8.8.8.8:53

a.nel.cloudflare.com

dns

chrome.exe

66 B
82 B
1
1

DNS Request

a.nel.cloudflare.com

DNS Response

35.190.80.1
172.67.207.93:443

xuwo.spherni.com

https

chrome.exe

1.8kB
5.5kB
7
10
35.190.80.1:443

a.nel.cloudflare.com

https

chrome.exe

1.6kB
3.9kB
4
6
8.8.8.8:53

1.80.190.35.in-addr.arpa

dns

70 B
120 B
1
1

DNS Request

1.80.190.35.in-addr.arpa
8.8.8.8:53

93.207.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

93.207.67.172.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

39.58.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

39.58.20.217.in-addr.arpa
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
35.190.80.1:443

a.nel.cloudflare.com

https

chrome.exe

2.5kB
2.3kB
6
7
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.236.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4172b75a7df5fa3f3ed57c5285a75f6c

SHA1
265eba13acdfce16b4104082ce85eab04ff33909

SHA256
ab26278229c4bd3986c7774b77c89ac7338950c18051a12b850710c50cb0fa2b

SHA512
33e0ae66bdd4c791a485b2696b88439aadb67dfd7bcc13394b6fa7f97f1166e42585973fc4527c0f2562e1423085e079ad708e69f71bef8838b6a6702b00d610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
518e9096219066969df8d730e42d5e85

SHA1
7be68c597009418bbcadfd64c8b48760fba1ebb2

SHA256
6897813e678c3d90c8401bec740761a397f3310f9f2da10152ee7902bc8f1d64

SHA512
19bae2d433f1d7cae9bc990a05945fea5800bd7bd1ec35d36412ef20cecda0993ccc99b136b9644a3e0663b68efd92ba481df414c5ba2d296eac9a44c1ba9d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f6dd58bdff27e93430030766ce174a3e

SHA1
ba2e544eec4efb3eb15158ce13bb2864d048ac4f

SHA256
7eca40899e8dbdd50e51ad959110f378b722982a294b18301b390386580b3f35

SHA512
f5cd10411565d27a30132228bb5d8437a9fe8220cac41a3d15ccf75b965f770d4465520cbdd31bed42cc2c5e373987f1961d1841d0bb0d21340e6870e48e7f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c9055f14d5eed33cb88077587208295f

SHA1
ecca0f99342659a8c5052afa9a6eb66a46cca41a

SHA256
c80d5bb4424649c3c67b2b5f9e0d30ee91a458d70ce81c1c4da0135d9938d5d7

SHA512
56d67f4e1aa3bf676745f67ab9d2530911465b2a0d4800da31d8fcc699507a81bc14f51fee491e644eae1e4afd40fd60efc367bc19eb5f4a8f721f857a222372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
60d4ea6d56058e1a45d4e390aa01546c

SHA1
8f808b89e8cb186f62e015a88a013765151c353c

SHA256
6e85ddd525408415d7f682f5a598e265d8a0e115344bc244ff2e43d9a29e95ca

SHA512
3c051be0643575215d7889e3d995d789f3399c8712c923e0ee8eff38ad21ab8c3d33041ed3ab546a904a61b0f5579b02d18d151498bd9e079996459a21a37846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9e35c3e37009fa2184f044d4592345e9

SHA1
03110c8d938cef1facac64c87afcbfe2250e1980

SHA256
3368d96030c90f2cf1fda480d27a6fb52a742d10e406bc839c1727a1a929c929

SHA512
93915850fcdcff63cf2e33cc2383e1c010ce2b84b32a9752223c31224978dbf127cee984028dd44d783ca2a707b6a79ac294d475bd9ae3de4f4204f17c467bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
085ca7475ed0278e234c9e9f8e341725

SHA1
44070e7ab46f23fb1ea29e5efbf50cec88d0f5ff

SHA256
f190b1eb5444c9a64c0ed887d8aa1a3a18376006bf066cc3868de8d9c010e4a1

SHA512
0a84e3b16433b7b37f06e52976f62e6c0922f0b5a1ff1944cd34f30eb4368f34265e537d1c02ccc159dd1a1b3b2e8bef38b0a5a1e8c35b279607fd3b94611310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
643c1f02cc716478769044ce12ace4f0

SHA1
bd1b9f9eb66acec112eafa0624d71e5b2717c694

SHA256
9672d18270b312817e6f6761944634ba7e05e2c498b692d9b6f64f9b0c9af572

SHA512
e08c81bd67d3b7782abfa6cc4180cf8f121da606e27351742a10f9556d8fe9dac55a393244857d62f213b9a8a86b235b3d26019b9f2ec1ba36b212aaba58f681

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c5df1838be8e2dc862ce36cb5ca44581

SHA1
3030e2a21f8d66617f9259fb208c139fdc56e010

SHA256
ba222830309178ec0956aa7f0d41b0e65ef4e5d4b9b902b26e883940dbdc45a6

SHA512
ec3e8e127c627361ace7df37303bfbfbf834870df2a5e97b5b0160d4c063e5d9be8b18bfbdd2f797a2e004f5e411dc07e6b3e506c259a5f7200f0ab7f8d252f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59e908759e5fdec4b469c281373f88fb

SHA1
7fed41a3f1ef5a56d5c37d1c5d8fb834aff1285f

SHA256
05adf007a7207b767044e62a563e859462c65f482f6ad116a7984a963235b7a9

SHA512
b2094f9adf9bd57c681af48b5054a21eb10ff4befa923687723a7d4c1ad0c3e434e637bd138b844f0555e867cce8c7c7a94a339a501d8713156fa42d0c4b5f24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
116bdaae3fcedb224a8dd96aa9947a27

SHA1
a34b0ddbe968653e0a95b6f17bc37930094ed3bb

SHA256
bf982a3076d60976184d8fcab4861b73d3713f2cef0c64d6fc5cec521f6140dd

SHA512
0156728357fc19468f87dd580931a243f478e3ebed6227a9dcf542bf56253d472d536f0d4a99fca3fd4295261eccdf787f5bde210624b946a0ab3b2e6dec38b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d2f8a88adfaa53bb2841bf2da14c611

SHA1
c98e74dcd03070d262b85e2a03fa2109646e641e

SHA256
2af2f88c3423035930e06cbac3802fef1ca2aef4aa82911bd523eba3032c5990

SHA512
0459cad4b9eeee6c7ec1cc1a9519160258d1d1ede49d767df1093275ca02890ef113800ebe16375a988845331a2a330d65bde808c48e100c383f9425404c581d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
310b099b8555e1a62932e6c6b25d9dae

SHA1
f48cc06dee1bd30c8c420f2cbe4a1b721b5cef27

SHA256
b10f180bb35949c66bd5c9ff15f7a90e690c38d68d1abb11c7d1502ba2ff333f

SHA512
1f89cb277ce223b8ed9a262e9e53214179bd21c154d86c0b61aa2bed5cafa47f73d9b84517f2cb463ee0b1daa34170801c6305ac7fceb46b0e1e849ad6ed8ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
a71c25194922f6a8db8797f2fae81d72

SHA1
941423afdf7cd067794e2058734f9a47511f9092

SHA256
8a37ed3b37804d73ddcf437f4a9adea7b2cf04bebbf105083a48d663bdbd593e

SHA512
cc63571e33b21849c8dd95fb203e11f6919eeca69b17e1807efaf86f8b777fed99e632da16a619143e29a5de2104786ea020d3865b922f406e6bc01cd3bcdd74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
a6a4c02e641a6d6d9a93fde7b08b82b9

SHA1
72b92bcc0528a7c27a9595aaeb73c9699dec4877

SHA256
2891173d4b89f1cddfe41bb5a46909ea9a8861c9aee34610c667acf3a2f5cb0b

SHA512
eb3daa0124ce9fb460d74946d0a9e671cc6918e4336b41a87006af4792f54e6cf3de58cc806713820933c757a92d48c6f36927950b6d10c639a965ef657d3cec

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.