Analysis

  • max time kernel
    299s
  • max time network
    278s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-10-2024 13:36

General

  • Target

    https://disputedcontentillegalcontent.vercel.app/page/

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://disputedcontentillegalcontent.vercel.app/page/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4700
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb596bcc40,0x7ffb596bcc4c,0x7ffb596bcc58
      2⤵
        PID:4256
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1540,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1532 /prefetch:2
        2⤵
          PID:4400
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
            PID:3528
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2380 /prefetch:8
            2⤵
              PID:848
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
              2⤵
                PID:2216
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
                2⤵
                  PID:4956
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4508,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:8
                  2⤵
                    PID:760
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4796,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3960
                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                  1⤵
                    PID:4792
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                    1⤵
                      PID:2004

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                      Filesize

                      649B

                      MD5

                      24107ec594aedcf6bd89ef2eb049bb1a

                      SHA1

                      b5f5ee0ad352b652a3e12cfc239d6c4032d9dc21

                      SHA256

                      a90661a6d2f633b9c8a5a4feb435b983d1ff788536764ea2c92854d1f4165714

                      SHA512

                      85716fe5e8fb7239378cc4fda891b41afb403665415cf934c7487ac87151cd7d4f1605da3c80a27d1853b448066b1072db332994a6e8e72ce6669176262d5187

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                      Filesize

                      120B

                      MD5

                      5c158a6462e331a2bb9a44ac2567d3f7

                      SHA1

                      73e3fa787b74b49218cbab9abb33e5287706d695

                      SHA256

                      ef8c1a38707cb2bf631f68e4ea3641adc1ef28a3f2be3bd5c4a4e71480597f08

                      SHA512

                      320e335caecbd51d53d36c43c1eab438371e5bca5281f8046af5945112bbb4cbd4525e598bbb2d66876ea54688e766547e7993d4514bbc32ad95c7f18fe3281a

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      3KB

                      MD5

                      1e7060f6f582b6f9ce15f2375ce39f2f

                      SHA1

                      a13800edb2dcbd9c51449c7e5c5702db9e38e35c

                      SHA256

                      6eab7d9fd1984e19f3376d593358bc8102b72aa5a51ff3b9aa61a2226f86cd62

                      SHA512

                      42413572a96b566fce8f98c4cac8a1582b35eb6f8516e397961b74d008d7e05e93297bfb3a2ae54ec2496fbc4554fb59a569921a606732dfce6a1327c5aa0204

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                      Filesize

                      2B

                      MD5

                      d751713988987e9331980363e24189ce

                      SHA1

                      97d170e1550eee4afc0af065b78cda302a97674c

                      SHA256

                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                      SHA512

                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                      Filesize

                      523B

                      MD5

                      1fa88d6a810108dae76422fa9f590ae5

                      SHA1

                      3c313b47f3551bf27b55184b685b7ab3e910eb63

                      SHA256

                      a858c947fe259e238a6e7b6e4ed27c6f21d9ebabdd6740df08c3b0c0eddb654c

                      SHA512

                      660f0e1b88b6d73a0a58b7a33825444ccdc024d74ae0a04eadee786f9d403e06a06c61a0d8bcdf8c046a737ee658afd186ab44a89626ad00e38ad1bda9c14f80

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      f890be3787181dc406b27efdee6ab077

                      SHA1

                      5852afa4f0aff93ad25c7d06b50c19a5f1736c58

                      SHA256

                      6098e273c59accd053e1f5fbd960b1cc3656b473cb232ba260b8af863c2b5b0c

                      SHA512

                      ad0e73a39ad3108df2e627429397f0a4c064c217631e423798e2786bc9442eec0b188b1b3b46ac60f47100e04b25e7a07df448ca89c8cc954033177a0bf60aed

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      343d8f10e461f868971dc6c2f0c10867

                      SHA1

                      6de62cc39c26afe359551a12dd0a38880f5eba63

                      SHA256

                      3860773dcf8472be9c020b7f5200f79fde3e3d5979ac65815308d21795c2061f

                      SHA512

                      31c276fba0680df5f5efe33ade3bffcc0ae13ae9d2869f19880273bb11d6d23175bb0fad3f9bfa4ba47c0fe28237ac16c553bec08ba6cb5743bdf39550a3ff63

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      f049064293a560fb7d8fa3857dc19bb8

                      SHA1

                      6c12a0bd0bc16dde4dabae2684378ab428c22bcd

                      SHA256

                      5f61c1c17971149de5deeadfa0644c325f2216aeb109042376cb26472a39e7c2

                      SHA512

                      66f0b1cf947a146152b9594ee41511ee4b334193f67f89b10703acc2b0a26f0f6fb309868fca7743a22b720ce623fe5ee29c0899f92aecf0e23acc332fbc2b2a

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      180389b9883fac1f65af918cc71cd401

                      SHA1

                      7bf73653d7cb2541e66e8ec705543178c4dcac48

                      SHA256

                      c6cd63393e43ffdfd89ed66b7d83caf4d74cca1ceb392a170c0411c37dabe989

                      SHA512

                      c7c676925adb9c404224f1da155217f94a038856637cae416612c78f34181e2b9ba1fb1bccf10680b832be22f949f379b752c3ec10f3778be70e6a721a855ea6

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      526a5ef6b3b8048720c946eb93e8c141

                      SHA1

                      fe50beb449b4088dc3e0699cfc0ada98a5ddd008

                      SHA256

                      2803f8b5417ad8e3224d19081a3eddbe327e44c0c2c25e1e3e6e0bb97d979090

                      SHA512

                      e84584304b4bdfbe1913d4658d3b2af1a37d6da7b2fd407280d0d3dcb5649647e49586942c2ff8663f6e25d5b90607e31e7cd7773a37aec6de42fdf6a58373b9

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      11d243be15d6c8f9f5417cf40ac389e1

                      SHA1

                      77c87d3bc1e68f4749f04523022cf7f812560f9f

                      SHA256

                      1a601c185d152e59b235093ca17ae2745e03b7010e5241860eafac579ceb99dc

                      SHA512

                      9ea12f81f87fa213f14a6797aab01dff5edb18c00332d85449fffafbc3d8ced55f8fac76bc946ac7743bdecad49d4aa81e175278247d844c6c319298a1fe644c

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      22cfb28a6e8f38805a6c2cdf206fc10f

                      SHA1

                      dd7cbe0a342177de35a24199c3a9c494ee046abc

                      SHA256

                      7f8fd23e8829456b5478ba46ca8018a0db2d4758093650e4d65c2477491cd764

                      SHA512

                      941974719e6c5c4aff8230c611b6d61905e052c91e519f2f875641a0eb63a9753dc27a59df810b6e19841f232c440aa1a00c6aafffabaefda4d57bcb321280be

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      efa15053102cd2bbecc6e7380c92ca17

                      SHA1

                      f2f1c1725a06b03aff51d99668ff5b22619df375

                      SHA256

                      f38be46a39e6d4a4897e50e35ff7c91cfa149c6ef1b1b77e9a79d75e21b41d50

                      SHA512

                      60aacbe6b77bbbe36fb6607f6a9a38b8853a4511471d29ff8294b4cdffc889cf05006845c234faad2eeb7167530abcb94f558330b38fc84aad83ecbe0994a839

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      dfcbec882444489f822e0924892f154a

                      SHA1

                      3c06757ef2e58ffc4029b7913d07bedf82209fa2

                      SHA256

                      6bace8ef300de52b502cd87efe39c58dd2237b2797e83cc93d20fdde7f3eb20b

                      SHA512

                      25ef3e16cd88349734357fb2666e1add0277e450d1171a7ac54a0e5cbe0ea1126919a552574e972fc0022b84234fb7dc3b9d317239c7cbd61afe1ee186880263

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      c1807fe6aa844a375d8864df90f2d6bd

                      SHA1

                      71b298e57755ceaa69eb29a361d8d4af50f53774

                      SHA256

                      d62aead62e4c3618ccded9d8cb66f50f5f783a9b092056f4b126e114094c74b0

                      SHA512

                      1ae4646f326ae2df0aaa183ba9f32f6cb21b97e34976de39320f8d4c85a001654266e191ec1ee3c1df60be9014365522b0e310584981dd6a0707a37342c66fec

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      04c53c1aa0c3035883c0541150fe19bb

                      SHA1

                      bd62fbe1c4e0b21732659310ffdde450fa970e15

                      SHA256

                      cc7104ec1e7a223fd4ea30ee9f30eefcf757d078530524642856d6ddffe43b10

                      SHA512

                      f17190b55dd7cc7a6c23df69a1261697d605e9bece911d72f0b9173167ae4ecd1cf289136fe7e4764728296a7c55c793c7abcec7fa6d4e65d668272ea4c820dd

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      b53ed3cb72afdb2607ac73a0bd416ecb

                      SHA1

                      7deaeaf43389139a5bef057c3601b170fcaadef9

                      SHA256

                      0bdc6bfbe4f415c53691b4d7e6b33c77e74e1d687913548a716fc487be6e5a08

                      SHA512

                      13dcb6675787bf205290d7b6e815c4539c2a0eecbad9dbfcb5c03826930d8aca0b1dd4cb11178e27fa5bf73bb4e331eebb3d633175397bf7b850aebddd55d69f

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      116KB

                      MD5

                      10e98773e13efed87f63bbaba42bcbab

                      SHA1

                      1a359592fb268b1b43f69fbf2b322bf265cbec3e

                      SHA256

                      28dbd3a4db59a16f69b6345845dd00dfbc6c403b7d53cd459124f62943c3f9d1

                      SHA512

                      d32c8373138f9cc51dce91cbdec5a9ce2d7aeba54cae41a76e64e411d74fb07f707e46a1d1670ba7f89692df335c55be6eed2d2b0c6732fa2dc7f16894406f8f

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      116KB

                      MD5

                      e6f25c48d9480b735888a1431e71f777

                      SHA1

                      aa6bb581a32a6d56e9c207ec9f98dfd356087f4a

                      SHA256

                      8170679fd76f9fd1a49fc39d041d66ab2da1ca5e6b04be7deb064167a3335861

                      SHA512

                      d7a3e46094c5e9b7bbdc2ce48bfee9c72b5db218fb299c8351f76870bb3d946206eb5ca991130c303825ec1e19f7861edbc07b5b0636c0fe7e564e96a809749b

                    • \??\pipe\crashpad_4700_GNYGBAXVDIXHRMOC

                      MD5

                      d41d8cd98f00b204e9800998ecf8427e

                      SHA1

                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                      SHA256

                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                      SHA512

                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e