hxxps://applesuport[.]me/cij/l2y6

Analysis

max time kernel
149s
max time network
149s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
18/08/2024, 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://applesuport.me/cij/l2y6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684147150578657"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1888	chrome.exe
1888	chrome.exe
3184	chrome.exe
3184	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1888	chrome.exe
1888	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 4356	1888	chrome.exe	73
PID 1888 wrote to memory of 4356	1888	chrome.exe	73
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 1560	1888	chrome.exe	75
PID 1888 wrote to memory of 4400	1888	chrome.exe	76
PID 1888 wrote to memory of 4400	1888	chrome.exe	76
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77
PID 1888 wrote to memory of 396	1888	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://applesuport.me/cij/l2y6
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff933499758,0x7ff933499768,0x7ff933499778
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=288 --field-trial-handle=1756,i,17507089516608867780,4433139002254393791,131072 /prefetch:2
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1756,i,17507089516608867780,4433139002254393791,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 --field-trial-handle=1756,i,17507089516608867780,4433139002254393791,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1756,i,17507089516608867780,4433139002254393791,131072 /prefetch:1
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1756,i,17507089516608867780,4433139002254393791,131072 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1756,i,17507089516608867780,4433139002254393791,131072 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 --field-trial-handle=1756,i,17507089516608867780,4433139002254393791,131072 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4684 --field-trial-handle=1756,i,17507089516608867780,4433139002254393791,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7ee6bd53-eb89-43ab-9b1c-f7608b561643.tmp

Filesize
6KB

MD5
726d738d098ae48461202de90bbaa50e

SHA1
4034d7b133df9b598a6dc97ed7dc00a9e31270df

SHA256
4b8e145be1e873bc639a0a030d18537bedfafe0f2ef7657a58316671f8cdf593

SHA512
2a2a79a84de2f25db599485ba68cbeef2a6e1dfd359fc3a034c83d4c1690876527a35a0a658a49eec96f00cb5d96c3e4d81814b2f50506056ed0ee63b3dc1512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
75d771f3a44f7f84a72d1ac245dd5938

SHA1
27d08b7217c9b8c127d3161dab5f81484e40eb82

SHA256
4bc7840ba63c04a4e011efb2986ca94bcf6778052b66202fd4e0f2018b38f60e

SHA512
56433823c25512e6aa59bc040a8f37a7ec8a8f1af927bbb78673d3d209b35ba1663c9a82e66e4e6f7f6341590e47f2bef5fbded52912337b94eae8363f564c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a84f4f145c743c939f673f5082b7670b

SHA1
ac1cb2e5a01f0dc229f195d526f3094cd15d32a8

SHA256
564ec584176b31a906923f3efb2ef93d3e1ce50242fd45633f54c0131afd171c

SHA512
dcb3bb012eb168cc60559ea3b32c2531669081a0a3c75b43559ab9cb75447b49ecf45de95310bc76cf4544e49f894dc7af942ce46135dc3ca2641b5be813c246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5b5e5571b663cc729689ece2c4bc467a

SHA1
1848589c65a5baf4e548123dcd8951d5e6222dc8

SHA256
722d3c0965d6a1c201cd5ede9ec2f9dfc69f3e0911b2be5ee2bba30f6dc97bab

SHA512
1c6f1a9fb0d7f68895bf1c9e7ac3d18161facebeed17cc7d77bac6fbc52baa77a5b9a8c4324369f2d31383eb99af378466b89333ed7a6fdcd8ff96192cf5bde5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1f391c17369a1a459e91e093710495d4

SHA1
fa1f3dafd71cf69cec97e6b523ba359fbda97146

SHA256
18b29cbc00535f287bd9ba8c53bdd231a37288026b5c4d24898223f08d461cae

SHA512
1fcfaccb57bf780f4b68456a83d0eb708c2c70cf606defb63ca4bb0640851063718141cd18529d401ff2a5511a8d147a9cc37b2bfb2f50624248bbda89d0402b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
1f92838ef16e2681bd91c2abddf20359

SHA1
34f11b75f9ee1f730560a800798c3e4ab1c79512

SHA256
bdb881f41d597af373cb82b11caf9c16a24fd6b5c3f4da5e43436b3358ed1229

SHA512
5486fcb6f897c249e5137f02dd88b78671de638c2267e4063ed8fd2bcce8f6221ec0d9800862e7ffd5e22b1f32bc52ea077049dbb47f78f9edb09b7dcfaa5e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit