Analysis

  • max time kernel
    45s
  • max time network
    46s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-09-2024 17:00

General

  • Target

    https://u.to/d2TkIA

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u.to/d2TkIA
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4224
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbfd95cc40,0x7ffbfd95cc4c,0x7ffbfd95cc58
      2⤵
        PID:232
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,12659445166585132029,12901736060463540675,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1944 /prefetch:2
        2⤵
          PID:2204
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1636,i,12659445166585132029,12901736060463540675,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3
          2⤵
            PID:3168
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,12659445166585132029,12901736060463540675,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:8
            2⤵
              PID:3360
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,12659445166585132029,12901736060463540675,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
              2⤵
                PID:4796
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,12659445166585132029,12901736060463540675,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
                2⤵
                  PID:1916
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3680,i,12659445166585132029,12901736060463540675,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4524 /prefetch:1
                  2⤵
                    PID:3424
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3140,i,12659445166585132029,12901736060463540675,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:1
                    2⤵
                      PID:5076
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4364,i,12659445166585132029,12901736060463540675,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3660 /prefetch:8
                      2⤵
                        PID:3856
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4552,i,12659445166585132029,12901736060463540675,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3660 /prefetch:1
                        2⤵
                          PID:4888
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4524,i,12659445166585132029,12901736060463540675,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4692 /prefetch:1
                          2⤵
                            PID:2056
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3384,i,12659445166585132029,12901736060463540675,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:1
                            2⤵
                              PID:2516
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3156,i,12659445166585132029,12901736060463540675,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5064 /prefetch:1
                              2⤵
                                PID:1840
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4668,i,12659445166585132029,12901736060463540675,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4444 /prefetch:8
                                2⤵
                                  PID:5076
                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                1⤵
                                  PID:4700
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                  1⤵
                                    PID:1204
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4464,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:8
                                    1⤵
                                      PID:4876

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                      Filesize

                                      649B

                                      MD5

                                      704cf2da6b5802648c247a439403d6c3

                                      SHA1

                                      10eb76ae1f9cfd283d35602a2abd5559453b4f3f

                                      SHA256

                                      4f7aaabbccb93001d38bea034330e5fa30245ffa52e7693d2a010b877407f58c

                                      SHA512

                                      3507fe3fb258382151f89f740c21512de11dcbe6c0addb78cd891a5a72fc1a5ef0f40fc9278916eab1abb28bff401ad1a56c5cda5aa6d57058efc565efec0a16

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

                                      Filesize

                                      213KB

                                      MD5

                                      f942900ff0a10f251d338c612c456948

                                      SHA1

                                      4a283d3c8f3dc491e43c430d97c3489ee7a3d320

                                      SHA256

                                      38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

                                      SHA512

                                      9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      858B

                                      MD5

                                      3d8124285d1eb5bfe24bcece38933cb1

                                      SHA1

                                      fb0c342728ef47bdef015f42ba232b4170f3b6e7

                                      SHA256

                                      69996e6e33e3cd8684c3513873124adf04a5f7b1bbd8f703848d324bbbebded2

                                      SHA512

                                      eca490e4c1222ca7b7f137f0dc156674ca788fe029a64625646954fbef7d1829582b475fd4942bd52bead5072d015779e63f75f6710beb4ad492eced4c47499d

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      6c5d24fe925b19dca2f63547421507e7

                                      SHA1

                                      3f9431194e365ff83e8fe2e2e53e2ec67b820130

                                      SHA256

                                      76477cc047f113f765be4a0e059c197f83279629cb76cae1f44ae62fc21edf69

                                      SHA512

                                      6dc8c80352a92d143994c8be9183aa843ec246c777b866dfb1a5fd4185a1bddd87d1d1253eec887b18001d4ec4a7715af04c0b53d50e3f733bca075170475bba

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      9KB

                                      MD5

                                      41e2aa8ff2fb6553aadb44cc94f99b37

                                      SHA1

                                      6c0721b22026666a0fa1016ff0f5d81842b592c9

                                      SHA256

                                      5fea73ed28d6939d820713df20408976b8864f9aa26eb7b4a49c3d9b209a372c

                                      SHA512

                                      13ceba062bd1b520181f9b1e4b7638ab5c808e19965e84dd64978a46e183087d6d2c2e5fb2372d941de40e98dc7b89ee275a1906144272b76d7fc4f7d7d489e5

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      10KB

                                      MD5

                                      f69fc22c98c4d0372913ef6c5f36231f

                                      SHA1

                                      61165e6fb89d125c7b217c9476ed93a07d9ae2b7

                                      SHA256

                                      0f536c6c6a3db8ca803986c225d1597702f3e154d76f1a543262ef0aca35334c

                                      SHA512

                                      8932746e0fc43abad16d26c2520733c48b96685340eafa58e1da37dc2432e9b6a162740df1b55ff45e30b7a5aed6f33c33427e05dbd4be8cdab4dc8ca1acb5dc

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                      Filesize

                                      96B

                                      MD5

                                      9fe14b9c0425ce8f26093661e0b3868c

                                      SHA1

                                      4bc00b10b2d68e713c221301ee8901d76a42d61f

                                      SHA256

                                      2b66ea814c0ad6b67eb2134d170dc9e14d44a227a92a629d6f82006fcc6c3c94

                                      SHA512

                                      669eb512d55c76b81dcc47e59282e75691a351f085b9d3689e4815d3018d5ea25e1e780715de8923a8596be9215fc28212559f3db04a459fb3a0f694097ed498

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      99KB

                                      MD5

                                      6738a6ff384b57d64ed3741b415a1039

                                      SHA1

                                      b7522ab17a6c1d030ce3cd30a3499d488da8b29a

                                      SHA256

                                      d02b3e41b707c78c0247c907a57ce527da3a97c1b0b65089683e430b0bf19858

                                      SHA512

                                      8eade65d83a77773ba991e00fd14f0ab814e1f88ec6897a09a29869da62bc3aad0e11fe4c768a78d0371943d8e5c530388c9b9317c3c616593547277060d4c29

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      99KB

                                      MD5

                                      e7682a5d7d1832d5539974ff85af09b4

                                      SHA1

                                      3b93020230f3b6bdd3c51c03f3dbee3308f92169

                                      SHA256

                                      020bcff1d8b97e6172ed55f5717d375c1d4ccfbff57382b559b79f9d8bd8c516

                                      SHA512

                                      cc7b17246481f54f487dd5fafb37dc3d4bc450f8c62c01ca77f0ca332e3673e95b6444cfdbcd152ac61043906a9e236773f5d1474c343f48b91838293ab16fa2