hxxps://tbmx[.]momentum[.]co[.]za/300/9e286240298f0d5a8d4b0be5f971d40a13e31712

Analysis

max time kernel
149s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tbmx.momentum.co.za/300/9e286240298f0d5a8d4b0be5f971d40a13e31712

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664799594847510"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe
Token: SeShutdownPrivilege	5040	chrome.exe
Token: SeCreatePagefilePrivilege	5040	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe
5040	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 3092	5040	chrome.exe	84
PID 5040 wrote to memory of 3092	5040	chrome.exe	84
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 2784	5040	chrome.exe	85
PID 5040 wrote to memory of 5076	5040	chrome.exe	86
PID 5040 wrote to memory of 5076	5040	chrome.exe	86
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87
PID 5040 wrote to memory of 2248	5040	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tbmx.momentum.co.za/300/9e286240298f0d5a8d4b0be5f971d40a13e31712
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff9a3bbab58,0x7ff9a3bbab68,0x7ff9a3bbab78
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1684,i,13535837700939850720,7001869398653634942,131072 /prefetch:2
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1684,i,13535837700939850720,7001869398653634942,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1684,i,13535837700939850720,7001869398653634942,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1684,i,13535837700939850720,7001869398653634942,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1684,i,13535837700939850720,7001869398653634942,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4580 --field-trial-handle=1684,i,13535837700939850720,7001869398653634942,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1684,i,13535837700939850720,7001869398653634942,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1684,i,13535837700939850720,7001869398653634942,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4920 --field-trial-handle=1684,i,13535837700939850720,7001869398653634942,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1684,i,13535837700939850720,7001869398653634942,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
318396588d165f015dc85a0322995a19

SHA1
09b7654e4de5a7781be0ece2680ac9cc66e95af8

SHA256
26e0e9df3f4ba92b0ea5b8ef948634f06712a7283e929158814b4c31cbfb6e2d

SHA512
9b725eb9d51f64b71586abd49671495438f86ec57bef23c7c9d0f630ac2da42e57f9128f44241be51977d3db4beb1a7fb6f0b14e16af03b3ca51588058930bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
613d9d3c73158d1412eb47e2076aa496

SHA1
8dd91c7433d74fc729cec89b0eae464df2161113

SHA256
de069c168d7fec69ee186ab001463123cbae216c79f9469f5de552dec45be339

SHA512
fe0e1b270f53382823c62da3d83e3bf051486e2528619c1ab2deb125ac392c5ee25813720c5cea492dc5121a682ff55b2109d10365811820bae463f737d18d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8280d73bf888755d2aa7db5889d81daa

SHA1
997be1723fc945f7a6a0f70c5b4bff19ef2392c3

SHA256
89ec37c95980dc5bf9bc364a6b185270a0f1f5c9804794068d66bb84c758dd2c

SHA512
6ce781a1326af0ce8d69182dd2fffcca13fa0f91bc463ff65ff491a4bf3e9fe98d7df7192d49c58d116c0ff09f10e84a3cad18c90f400a07f1b76e0d508ee49e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
93ee5e6eb4563e7d92dec52248729648

SHA1
d687de10e447d02a349e882ca6e18b501b9afa41

SHA256
11e1fc4099bd427030373c7a16195756f2556b6a8d165ea6bf6758c7ea0035d2

SHA512
0e92c1333de1247f0632f088cf9806bdcb0ad83c5acd20bebbedb63a601479cb2c1570af1ede4795f66764236274ae9ad43723797381e907227c77f3d4b05899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
3c2fc304829dc1fc9b51f6c9cde8332e

SHA1
605ba869f597cd94970edeb63680c4e802d4be44

SHA256
372d28b0899beb525f8984bd7ea26fdcf0b2e37eff3947a4ab5509e1fc3c4f9a

SHA512
1e8854c39136a5f1bddcf4bc7bd7f363d42aaf6aedd333d09dbb57b08dfca93930d08667517f575d100e034f3c5121acafb9161a4485817f6fa4f995efe4b230

Download Submit