52775666bb521892f5601417d68a0c33406f99c5edde0f97e5fb824178bb49a5

Analysis

max time kernel
31s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 01:37

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

free-robux-hack.js
Size

75KB
MD5

ad29224ac11ac501f5d902ba658a29f6
SHA1

4255ff646ed43de4670c66875c50df4a8a968cc2
SHA256

52775666bb521892f5601417d68a0c33406f99c5edde0f97e5fb824178bb49a5
SHA512

ad29e0988637382fe7415f7402e2edd519e1f0259d1220e3428197c88a057cc83742b5be75829c34a80b0cea4246d76daef9db1d47327eb8088dae6e6cddb01c
SSDEEP

768:V3KdXRHTLH+xb2n+93UfMlsqAsxOqOPJopbUaHpUXAd60Yt1PboTRTYyKUUx:V3KjL3+FUfMlsqAsxaXAdFYrMTYy1Ux

Score

3^/10

discovery execution

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684186875297320"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
976	chrome.exe
976	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe
Token: SeShutdownPrivilege	976	chrome.exe
Token: SeCreatePagefilePrivilege	976	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe
976	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 4844	976	chrome.exe	97
PID 976 wrote to memory of 4844	976	chrome.exe	97
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 3392	976	chrome.exe	98
PID 976 wrote to memory of 1948	976	chrome.exe	99
PID 976 wrote to memory of 1948	976	chrome.exe	99
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100
PID 976 wrote to memory of 3500	976	chrome.exe	100

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\free-robux-hack.js
1⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffabc2ccc40,0x7ffabc2ccc4c,0x7ffabc2ccc58
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,7928885929750755927,6340761272268464680,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,7928885929750755927,6340761272268464680,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,7928885929750755927,6340761272268464680,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,7928885929750755927,6340761272268464680,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3400,i,7928885929750755927,6340761272268464680,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3692,i,7928885929750755927,6340761272268464680,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,7928885929750755927,6340761272268464680,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4472,i,7928885929750755927,6340761272268464680,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4976,i,7928885929750755927,6340761272268464680,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:4916

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4820

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
217f2881262b11d8cc9f65cdd65d9286

SHA1
5dd6ecfd55309deb680be0f70a49d5b3dbc54941

SHA256
b2b256347dd0383901d00cd333b55257decb9a61ef8db1410f6f22fada882b53

SHA512
1bf3b9023bf5add6d775ab6d28c662e094338692c6d8f2d626ccb6fafbd8aa42a2bd56d3fdd942ca6341b722b0caa678b03e5ffd02dd2f682772507678be229b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit