hxxp://www[.]resume[.]finanze[.]info

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.resume.finanze.info

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661102161859452"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 4916	4636	chrome.exe	84
PID 4636 wrote to memory of 4916	4636	chrome.exe	84
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 4924	4636	chrome.exe	85
PID 4636 wrote to memory of 2992	4636	chrome.exe	86
PID 4636 wrote to memory of 2992	4636	chrome.exe	86
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87
PID 4636 wrote to memory of 3032	4636	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.resume.finanze.info
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa6abab58,0x7fffa6abab68,0x7fffa6abab78
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1804,i,353049372407585367,15886719208663969897,131072 /prefetch:2
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1804,i,353049372407585367,15886719208663969897,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1804,i,353049372407585367,15886719208663969897,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1804,i,353049372407585367,15886719208663969897,131072 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1804,i,353049372407585367,15886719208663969897,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4200 --field-trial-handle=1804,i,353049372407585367,15886719208663969897,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4468 --field-trial-handle=1804,i,353049372407585367,15886719208663969897,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1804,i,353049372407585367,15886719208663969897,131072 /prefetch:8
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3068 --field-trial-handle=1804,i,353049372407585367,15886719208663969897,131072 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1804,i,353049372407585367,15886719208663969897,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e476bdb180718879ed33486f20a6a036

SHA1
38837edf75028f428f06fb418d126b1335e0057b

SHA256
d1866fd8a3ebfc18034237f62b9eef206651e99780c8735187f9379e22e80f1a

SHA512
471189f04294fa1de2fb15e1ed0f229d209b767fd1da70dd2f5767e7403485b41f72a2e7d4f49857cfcf7f543b0968bb54600c7dab4c588c16e576dab718dab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
70f2d3ba90b1f56a4ffb4324ffee2047

SHA1
95188927a5267b84639078bec42a582f8dc73674

SHA256
19a0966ea95582b2ca6351d039e56a821159e7adb76ef9509c95e6984c692604

SHA512
6997104cb866bdd5e2169e2354300501fb1dd9452a89bd71b36b61a6a70578dc83abc82d29c1c647363ac246db3b0b906971d2dfbf61c82f629c852624107f42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
de96bf0e41872813f328ef379b05bef5

SHA1
ddc726ce325a808dc07f114d246c018b01ab8034

SHA256
cb1815f2390b81ac071019b1ddd5dde1b9a8a526a14302f64c4aa35bb40591c9

SHA512
cb1c4e4d642b48d335976ab1b89aeb754e5815d5de68acbf8c068ca72f85e7741601f743638737ebca33e3bccf88c8e18c6554849fc0a81299c2e018c8131ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
224cf0b97a60cd0c97df5966ca24e90a

SHA1
1de0d08cd137204035fe8f1986885964c7529758

SHA256
be636ed8fc4874c749a10e3f0fc29c26bb49be73526c61ed8ae42714c70738d1

SHA512
d9870491a0238ffd30dd3d7e2964ede16da47ee29d77a0a86befee4170443a5c1fbb43f65d759896034665d054d8d6729fd2407c56d687d78da0af7fac663e8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
7c8959eb1b9ba9d4f5db5245a6aff356

SHA1
88ebec68bc2ad7a888e2f16ab8da069ddb75d693

SHA256
7d2255dd094ad10dd1e75c2c471c358d689f4c60587f4198c03aab03146c8fa2

SHA512
6693239bd50411b75d4bbf8bb4f770e4d48b6384830ec8128bda391e965566473fc6e54d7b2d4693d8df4ae1076fc175cede676c52479fa60a7aabde170cd408

Download Submit