hxxps://amatgil[.]cat/robux_generator

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
14/09/2024, 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://amatgil.cat/robux_generator

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133708063306296887"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
3660	chrome.exe
3660	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 4296	2148	chrome.exe	72
PID 2148 wrote to memory of 4296	2148	chrome.exe	72
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 1420	2148	chrome.exe	74
PID 2148 wrote to memory of 2640	2148	chrome.exe	75
PID 2148 wrote to memory of 2640	2148	chrome.exe	75
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76
PID 2148 wrote to memory of 2956	2148	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://amatgil.cat/robux_generator
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdf8649758,0x7ffdf8649768,0x7ffdf8649778
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1800,i,1649270347841171096,2766451161608887469,131072 /prefetch:2
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1800,i,1649270347841171096,2766451161608887469,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1800,i,1649270347841171096,2766451161608887469,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1800,i,1649270347841171096,2766451161608887469,131072 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1800,i,1649270347841171096,2766451161608887469,131072 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1800,i,1649270347841171096,2766451161608887469,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1800,i,1649270347841171096,2766451161608887469,131072 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1800,i,1649270347841171096,2766451161608887469,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1800,i,1649270347841171096,2766451161608887469,131072 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2344 --field-trial-handle=1800,i,1649270347841171096,2766451161608887469,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3660

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
8501e1eb85bc947f5614dd2cc997710a

SHA1
1ad1389282e3062f66446cd5e0704b62d38ab3f5

SHA256
d1282c58cdd68fef7bf747af33902b0ce0c498c7e3d9f06a699e7f6bae7794ab

SHA512
512c7c5a0f17603be05080e859ad98b1e6248810ca902c12ea3c1cb440b0313dcb4c2f7b8987a0290aa393994784b400f05484f2ae32773e4493a95697bae5a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
954B

MD5
72c13ee99e6276d1f106539edc99454d

SHA1
1c57c1ccfc0fece77ed518ae3db6a4e7881cd7b5

SHA256
b96e95b24baebd3aee91907a45b775698784f7299c5ac93ccaa646668d328520

SHA512
f154657487e03fd30b610d332f21e5c537d034f6ba4bf97bae13a4ff6b56b252a8783f6787df9270385a21bd889bbe0d7eeef7c91d08a5263de387a5ec992f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c99667c6f8dd8d7337a6367d5755e59a

SHA1
5ad17a16c5917289b4a647ad5c8d14a12c7e0d91

SHA256
bd19833b65eb9229414b583a5db23c413462e1ba5e9154b0315fe2318beae798

SHA512
2b5ad9499c45836f77a6065ed3e2a65aa7ca2f38cb1d8555a2ad07635d497bfb80b69e25952952b0b87177fc72b79a8b7f9396e0ebc38b161f34461e59b6bd06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
a584098c3f27652cb6c755aa8c956c57

SHA1
49b3ec4cd0e17a3aa8286f3e532abca75364acfa

SHA256
cb18cd21602d391bd2bd551827bfb7dc0f6af05612e8be847fb6e33561c0713c

SHA512
2a5d972a9170431c11fe74276fbb8563c58b656711e7450467187bfe135d00ed639eebdc3a3a9fec11d731c1ae9133b214ee874c40b86e070c2581ede3831781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
184KB

MD5
3ad519a2b25be3b458351f2de8c37340

SHA1
d933ae24e80d31d38c17e568eae8a0037dd3bbf4

SHA256
b229b6f1242b7f81fb8acc1d0ee545cd1581b38f46281b40e2c829c199395e96

SHA512
33f148904ab1839b0b8fa9d30ad8e393fe1b4e0d81cc69991c9b872cdccafbeb5a928079fb78f7d4d417400cebcd42cafee9f6c56e9252afd382261bacbbda80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
c758547edbe5d536c91bf485cc0d83d6

SHA1
156aff951c347ae959ad53a1222ee8372c9e4d2f

SHA256
ea3a0950d5078ec4f35968b6901c0b9d35969ca208557871bf9632995b22a897

SHA512
f3562b807c017c06b9988f8b9f292aeea7c43dbebdb259b16b47385db0b9531aea7db2e07ba8234e8dfd3072f993a301a79f1d2c44b331badd70afb0590a42b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
3cacdea2b30fcc13c549e681dbe79254

SHA1
01ec33a4de8012e8f626c9a7b5e1b754c5dc3521

SHA256
7774bcdc418c8acaa4459810835cd13439046666cc1ce46dd309bd6e962b677b

SHA512
8484c616a87d8101d744235a455dbbd2afb28c6097056c44621bca59c637091cee3c5472278695de1ef0266ee391dc294783baf3d7327bfbad3fd2ff51a9004a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit