hxxps://jamila[.]et-serp[.]com/adaptation/interweave/tome?WeSyw=aGFzYW5hYmlyMDA5QGdtYWlsLmNvbQ==

Analysis

max time kernel
44s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/08/2024, 10:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://jamila.et-serp.com/adaptation/interweave/tome?WeSyw=aGFzYW5hYmlyMDA5QGdtYWlsLmNvbQ==

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679312463429137"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5176	chrome.exe
5176	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5176	chrome.exe
5176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe
Token: SeShutdownPrivilege	5176	chrome.exe
Token: SeCreatePagefilePrivilege	5176	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe
5176	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5176 wrote to memory of 5196	5176	chrome.exe	87
PID 5176 wrote to memory of 5196	5176	chrome.exe	87
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5328	5176	chrome.exe	88
PID 5176 wrote to memory of 5592	5176	chrome.exe	89
PID 5176 wrote to memory of 5592	5176	chrome.exe	89
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90
PID 5176 wrote to memory of 5008	5176	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://jamila.et-serp.com/adaptation/interweave/tome?WeSyw=aGFzYW5hYmlyMDA5QGdtYWlsLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff8a8d2cc40,0x7ff8a8d2cc4c,0x7ff8a8d2cc58
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,17864597334973787701,13341881337775804140,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,17864597334973787701,13341881337775804140,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,17864597334973787701,13341881337775804140,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,17864597334973787701,13341881337775804140,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,17864597334973787701,13341881337775804140,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,17864597334973787701,13341881337775804140,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:2120

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5144

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d75673272eb380381cfe9aab2902071d

SHA1
df9115d1dd9913cd51fdba96b354c5fde3eeb964

SHA256
b1d5dde3a21865bfa92dc471ff19f678d2a3a596d8d2af6b2fa02ef896e96476

SHA512
c7946de8850521e875e6b850dcfcf4d40c1f1db9d01482621c0faad8d6937cab9d979db1235871c6d542356fdeb7fffd1d418269916d6e7eb2e6380c69ebc27a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f2c9db20af7d032c7d7e451cc3c6efa1

SHA1
355ec90d268dc9e21ddc6b248e21540e7d61c8d7

SHA256
1d94263175956a2195b1ba84cc2f85cd7c0fdc3f35aa04f5a97b033266f4bcf3

SHA512
61b4ccb370559109350b6494a5d9f189362020b45181eff2f08f3a828e29766e790479883321e72ccbfcc190e38282ec3f0396bbb230c48f55725a92aa6d221d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bae918e0e912ede29e37753bade4e712

SHA1
b409d68aa639c12095a24dfef1bef37c485bb960

SHA256
834d99916dcc4605e28a1e27e7cd4426fd49a58cd8bbe1625d4f0876e88f5290

SHA512
85b2e2452988f1317b8d9f90c2c05bad7a31e3ea2cec66ecad09e1ce783123c9f3b6f4411583b4cfe282e5aa088a8e145fe779c64575bd05f825526f6ecc199b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d61228a071ae1b65417ce70b26708c61

SHA1
edeae29f49027c048e0c2d16869aeba83a01428d

SHA256
8d631f0eda2f9ec6b62603ce357429fcf339695e22e826181b4e50eaee42f152

SHA512
eea0398b6cff8b83266ecd06329af9764c12bd9962a6b01e533a181303df42386b4b73db584de1f21e9d3e4b873c90ccb3606bee5d431c1d2d1dbf55c15cd46b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4039fa4ffb8123b69e2c6beb25f2cfab

SHA1
8b65b3f869bfd5ebf4a70c69659c6500f2ba55c5

SHA256
a3df1f98a92d4c371d4f00343d0ba917694093411ed11c660d72d7d581fee81f

SHA512
9fdadf89cf1b5418074b587d410c8d31aaee7d2ec7327d8557ef29890e4ec2a9f47331ccd67c7292614887c00028e2da2bbb52c8ccd0d445b5ec42f688d35af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
9c4dd3c12f8a4ea278b0c3a9043f737a

SHA1
b105fe123ac33a45854a2de93c344d27d13b8646

SHA256
aa4a5108be7156f6dd956a5357a9e589f8f112dc77ec62343259261bfae64f39

SHA512
87adadfbd695a0e9050568da9081a0a79c2725b1d4f8dcb112d03e8198cc05d568fab879706e9e425c4722c03be0036ecf1ac0dfea073e22b851f511055a55f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
5db8f4669659e61e29abb34be1f849d1

SHA1
3051f0ec06eb048c9e4e72b34f97dabc3e41d9aa

SHA256
14418480c04604b917f77bb0fd10432d0426dcc9efac027004a793ff417ec0e3

SHA512
525448a93b5d09c598b02f1f97e8f9c7a5e8cc7144fc6029a698b201d397c2306884898ecce08da2485affeaea32c37efbab622c1f78f3dcd7f4edb8b964ccc8

Download Submit