hxxps://gplinks[.]co/tf2bN

Analysis

max time kernel
36s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 02:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://gplinks.co/tf2bN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133690260883725709"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 4556	1924	chrome.exe	85
PID 1924 wrote to memory of 4556	1924	chrome.exe	85
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 2348	1924	chrome.exe	86
PID 1924 wrote to memory of 3220	1924	chrome.exe	87
PID 1924 wrote to memory of 3220	1924	chrome.exe	87
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88
PID 1924 wrote to memory of 1132	1924	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gplinks.co/tf2bN
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa2e8fcc40,0x7ffa2e8fcc4c,0x7ffa2e8fcc58
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2080,i,3750030842076925902,9470039734186121587,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1800,i,3750030842076925902,9470039734186121587,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,3750030842076925902,9470039734186121587,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2316 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,3750030842076925902,9470039734186121587,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,3750030842076925902,9470039734186121587,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,3750030842076925902,9470039734186121587,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,3750030842076925902,9470039734186121587,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4328 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4328,i,3750030842076925902,9470039734186121587,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4676,i,3750030842076925902,9470039734186121587,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2608

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2324

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
898829ff31e15a4aa669a4a20ea48cb0

SHA1
d7fb32648bc6303a9ab1ed789b6b197abc59f4fd

SHA256
d842317e79116fe819dcb3e0147cb6356a21c719457e8c24ed4e0cfcf18de12b

SHA512
aeca585e5e650ac15e40058f641b93c8b7a7687533595fc650911a476910c2a59813d408e45295768bb02f0727afd784863427de10ee924e90b4b4fb86f33566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2b7fe0292787badb9e7683dccbcb0de8

SHA1
344021fe4a4091133b426a9b9f2ccc057f48e418

SHA256
d4b57d86e181a7824fbe8b34b7d581849278505ae9d77e5bf2f245aad9e984d5

SHA512
4e6433a5086190f5c9d237156f600618cb652d2342e286241c67794eb0a3ee8ccf4729cdb3f9e512740fa54d2a740f1194559fc93d611cc48561eaa484b6134f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
09aa639d3ce6ea6697d8433081aaa985

SHA1
47e1a151f1486e2bd2e2fa4423418039fcac34a9

SHA256
75bffba8cac1862b18267fa0daef5ca0d04ae679cfc77f34911c95514c9f844f

SHA512
f4b904150cef3b2601b256f05b6f51d756588688cd2ce0fea1e2b47dce5395be52aed510194f2d20925e21c17071e898727e557d4dd0715e522623e3f18dec06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
faa3456a8e3fb64a76eb740ac41f1868

SHA1
97f4377f98e63ecf6ff8ec5928fe3f9943422b24

SHA256
dcf6553a40a5b77ab088c66f2a15a13b964cbe315996fdcaa7f118e6a5dd5944

SHA512
9a395238e0eff1a2aa2276f0ac574b384a91f39b18e5430407e5cc386d23081648dfd923d8171977ca377722d26ee62a0e03574bab8cc34b4591bc917f164672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7d4b4507371c78b7a9040a1d527d0d2

SHA1
179e5196767dd3c766d71e2ac1dc926698df1a59

SHA256
2cd3e8a2a84054b987821865bb9e69062f3c11ddec3828191bd476e987fa44f9

SHA512
64be4f3bfe30a64984a03037dbdfead101addd80975a8f020efe915fc06149fdcfe907abe7853fafc36b83c7a23523325deeccdf19ced95bb88f5d6ca1672b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6a2832a52a91062fd29dc288a8487e77

SHA1
1480b4a4982a070d636be3eeadcff0f52ca689c4

SHA256
5da6312aefc9fe6b8bbc365a6b25fa35a34e5db0f9b769bbc10a67aaf83e0331

SHA512
8f9d972af9260cccd4b6aaa277f155585da4bace7306a721deae45efe438d28d29152df5cd6fe19c12f77183fb6f05500590595931b8842052e57959f509e572

Download Submit