Analysis
-
max time kernel
33s -
max time network
34s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
22/08/2024, 20:45
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://ccbjhkyutz1.com/
Resource
win10v2004-20240802-en
windows10-2004-x64
10 signatures
300 seconds
General
-
Target
http://ccbjhkyutz1.com/
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688331359396671" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{196F05B1-5205-4AC7-8B51-CA853AFEE368} chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1132 chrome.exe 1132 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: 33 3272 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3272 AUDIODG.EXE Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe Token: SeShutdownPrivilege 1132 chrome.exe Token: SeCreatePagefilePrivilege 1132 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe 1132 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1132 wrote to memory of 2888 1132 chrome.exe 83 PID 1132 wrote to memory of 2888 1132 chrome.exe 83 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 3204 1132 chrome.exe 84 PID 1132 wrote to memory of 4800 1132 chrome.exe 85 PID 1132 wrote to memory of 4800 1132 chrome.exe 85 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86 PID 1132 wrote to memory of 4024 1132 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://ccbjhkyutz1.com/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1132 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9da78cc40,0x7ff9da78cc4c,0x7ff9da78cc582⤵PID:2888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,13222266243723164345,9432490341795134114,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:22⤵PID:3204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,13222266243723164345,9432490341795134114,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:32⤵PID:4800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,13222266243723164345,9432490341795134114,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2424 /prefetch:82⤵PID:4024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,13222266243723164345,9432490341795134114,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3060 /prefetch:12⤵PID:3244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,13222266243723164345,9432490341795134114,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,13222266243723164345,9432490341795134114,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3644 /prefetch:12⤵PID:1716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4472,i,13222266243723164345,9432490341795134114,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4364 /prefetch:12⤵PID:1836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,13222266243723164345,9432490341795134114,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4756 /prefetch:82⤵PID:2932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5104,i,13222266243723164345,9432490341795134114,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5044 /prefetch:12⤵PID:3316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5212,i,13222266243723164345,9432490341795134114,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:2772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5452,i,13222266243723164345,9432490341795134114,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5448 /prefetch:82⤵PID:2484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5432,i,13222266243723164345,9432490341795134114,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5412 /prefetch:82⤵
- Modifies registry class
PID:1584
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3004
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2716
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f4 0x4a81⤵
- Suspicious use of AdjustPrivilegeToken
PID:3272
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD52bd1e370be0aa10431cd12891629447e
SHA14f61a1449a8e8df6cb282516a88d5d606d7f5534
SHA256e87988080322bc6f1cc641d5b6e52383c94631f4b4ebc1f4d9aa39e785876f83
SHA5121c5186a44f6401e0b93529c4bc8edd1aabe2310f07eb6dc23ad9b42d7acc05db2a2642b8532995c3a35049e2f0183f2e64d7c5f6c00b7785eb6315ca6c9e0ac8
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5078e65d9fd696ef4eeaaa3557131a4d7
SHA1b12a2458f37b709bffbb7cdcb9b50b9206e295b9
SHA256883d41862b7e65a6f24fe541cb42e0b748e4da59db75227c7c28453a49e82427
SHA512dea92ad17e6b9409e8cfb8db88bb54eafcbc202acc7e01dd4a61af40dc5eda27003d9b8fdd9121736116e4beb0f57121c961814113c54c1b2379b6c9f522cab3
-
Filesize
856B
MD5a1561356dd1a745dd9e46082c3bc6ccc
SHA1fab82eb499b0cc3a217643e372bc016db7ead56b
SHA25671df62fa7519231b044eef8141f5cc5feb132866d087c2b0a6db0e219e68b23b
SHA512839bea42e6c5fce5aa62749c72df7e05b09b4c8c505dc4e6d5dd4e176038163fdc29ed6091eee42ee7cc53aaf86939d577c28e2bf4f3b22fc7daacb5390211a1
-
Filesize
9KB
MD5ac1989f93d53fc19f6ec74cd2e9516e9
SHA108b036a27cdad1b44564c7b279f794d6773d86cb
SHA25620d2d1fa48ffa5b7dbf5082bc12ffc9ebd45b7d54873dbdd489049fe377a5a62
SHA5124599b16cee384eeb0911d16d86aaea173254ff86963b90255ac4f3bd61eb3c9b36cded347f6dfb2ccdcdb7f9e0415167dcdb598d3b17c46dd55d6be2b00b8865
-
Filesize
9KB
MD5c4e67926db62a36702977b9690872824
SHA1000e0b079ae19af322fd6a2110bb322fe403e8ae
SHA25645ccca3f2cd71cf8205fd62a704d0a49066b0300e3fb015f3cbd11eb0649ff59
SHA51277bb317a409d0584b7910470a92a87ca41edcc9567dd2964ba059be44c0d4e4ae03df929208eb80c541795cddef78f0d99699a314375f3e9390690c3b89638dd
-
Filesize
99KB
MD5212687d00b250d5866a53523368f1d1b
SHA16349c3e679c94af9e5926de9d13b2a325fffc15c
SHA25642095db796a066122fa2b6b034f658d8cafd07638503ce83fa54d4e6be9eb8f9
SHA51268406f9079e9b9e30ea0ddd6d097529d7b803a9be831f6a2fccf20f76401de7da6cb808bb71abd88b90d289a5c3a460b7dab7645db9753553e4b0a0988841449