Analysis Overview
Threat Level: Known bad
The file https://disputedcontentillegalcontent.vercel.app/page/ was found to be: Known bad.
Malicious Activity Summary
Looks up external IP address via web service
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-15 13:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-15 13:36
Reported
2024-10-15 13:41
Platform
win10v2004-20241007-en
Max time kernel
299s
Max time network
278s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.db-ip.com | N/A | N/A |
| N/A | api.db-ip.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133734729895501666" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://disputedcontentillegalcontent.vercel.app/page/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb596bcc40,0x7ffb596bcc4c,0x7ffb596bcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1540,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1532 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2380 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4508,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4796,i,13571697913736145730,4235113466332892658,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | disputedcontentillegalcontent.vercel.app | udp |
| US | 76.76.21.142:443 | disputedcontentillegalcontent.vercel.app | tcp |
| US | 76.76.21.142:443 | disputedcontentillegalcontent.vercel.app | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.169.74:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | api.db-ip.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| US | 104.26.5.15:443 | api.db-ip.com | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.5.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4700_GNYGBAXVDIXHRMOC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 24107ec594aedcf6bd89ef2eb049bb1a |
| SHA1 | b5f5ee0ad352b652a3e12cfc239d6c4032d9dc21 |
| SHA256 | a90661a6d2f633b9c8a5a4feb435b983d1ff788536764ea2c92854d1f4165714 |
| SHA512 | 85716fe5e8fb7239378cc4fda891b41afb403665415cf934c7487ac87151cd7d4f1605da3c80a27d1853b448066b1072db332994a6e8e72ce6669176262d5187 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 10e98773e13efed87f63bbaba42bcbab |
| SHA1 | 1a359592fb268b1b43f69fbf2b322bf265cbec3e |
| SHA256 | 28dbd3a4db59a16f69b6345845dd00dfbc6c403b7d53cd459124f62943c3f9d1 |
| SHA512 | d32c8373138f9cc51dce91cbdec5a9ce2d7aeba54cae41a76e64e411d74fb07f707e46a1d1670ba7f89692df335c55be6eed2d2b0c6732fa2dc7f16894406f8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f890be3787181dc406b27efdee6ab077 |
| SHA1 | 5852afa4f0aff93ad25c7d06b50c19a5f1736c58 |
| SHA256 | 6098e273c59accd053e1f5fbd960b1cc3656b473cb232ba260b8af863c2b5b0c |
| SHA512 | ad0e73a39ad3108df2e627429397f0a4c064c217631e423798e2786bc9442eec0b188b1b3b46ac60f47100e04b25e7a07df448ca89c8cc954033177a0bf60aed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1fa88d6a810108dae76422fa9f590ae5 |
| SHA1 | 3c313b47f3551bf27b55184b685b7ab3e910eb63 |
| SHA256 | a858c947fe259e238a6e7b6e4ed27c6f21d9ebabdd6740df08c3b0c0eddb654c |
| SHA512 | 660f0e1b88b6d73a0a58b7a33825444ccdc024d74ae0a04eadee786f9d403e06a06c61a0d8bcdf8c046a737ee658afd186ab44a89626ad00e38ad1bda9c14f80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b53ed3cb72afdb2607ac73a0bd416ecb |
| SHA1 | 7deaeaf43389139a5bef057c3601b170fcaadef9 |
| SHA256 | 0bdc6bfbe4f415c53691b4d7e6b33c77e74e1d687913548a716fc487be6e5a08 |
| SHA512 | 13dcb6675787bf205290d7b6e815c4539c2a0eecbad9dbfcb5c03826930d8aca0b1dd4cb11178e27fa5bf73bb4e331eebb3d633175397bf7b850aebddd55d69f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5c158a6462e331a2bb9a44ac2567d3f7 |
| SHA1 | 73e3fa787b74b49218cbab9abb33e5287706d695 |
| SHA256 | ef8c1a38707cb2bf631f68e4ea3641adc1ef28a3f2be3bd5c4a4e71480597f08 |
| SHA512 | 320e335caecbd51d53d36c43c1eab438371e5bca5281f8046af5945112bbb4cbd4525e598bbb2d66876ea54688e766547e7993d4514bbc32ad95c7f18fe3281a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 180389b9883fac1f65af918cc71cd401 |
| SHA1 | 7bf73653d7cb2541e66e8ec705543178c4dcac48 |
| SHA256 | c6cd63393e43ffdfd89ed66b7d83caf4d74cca1ceb392a170c0411c37dabe989 |
| SHA512 | c7c676925adb9c404224f1da155217f94a038856637cae416612c78f34181e2b9ba1fb1bccf10680b832be22f949f379b752c3ec10f3778be70e6a721a855ea6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e6f25c48d9480b735888a1431e71f777 |
| SHA1 | aa6bb581a32a6d56e9c207ec9f98dfd356087f4a |
| SHA256 | 8170679fd76f9fd1a49fc39d041d66ab2da1ca5e6b04be7deb064167a3335861 |
| SHA512 | d7a3e46094c5e9b7bbdc2ce48bfee9c72b5db218fb299c8351f76870bb3d946206eb5ca991130c303825ec1e19f7861edbc07b5b0636c0fe7e564e96a809749b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 343d8f10e461f868971dc6c2f0c10867 |
| SHA1 | 6de62cc39c26afe359551a12dd0a38880f5eba63 |
| SHA256 | 3860773dcf8472be9c020b7f5200f79fde3e3d5979ac65815308d21795c2061f |
| SHA512 | 31c276fba0680df5f5efe33ade3bffcc0ae13ae9d2869f19880273bb11d6d23175bb0fad3f9bfa4ba47c0fe28237ac16c553bec08ba6cb5743bdf39550a3ff63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 04c53c1aa0c3035883c0541150fe19bb |
| SHA1 | bd62fbe1c4e0b21732659310ffdde450fa970e15 |
| SHA256 | cc7104ec1e7a223fd4ea30ee9f30eefcf757d078530524642856d6ddffe43b10 |
| SHA512 | f17190b55dd7cc7a6c23df69a1261697d605e9bece911d72f0b9173167ae4ecd1cf289136fe7e4764728296a7c55c793c7abcec7fa6d4e65d668272ea4c820dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1e7060f6f582b6f9ce15f2375ce39f2f |
| SHA1 | a13800edb2dcbd9c51449c7e5c5702db9e38e35c |
| SHA256 | 6eab7d9fd1984e19f3376d593358bc8102b72aa5a51ff3b9aa61a2226f86cd62 |
| SHA512 | 42413572a96b566fce8f98c4cac8a1582b35eb6f8516e397961b74d008d7e05e93297bfb3a2ae54ec2496fbc4554fb59a569921a606732dfce6a1327c5aa0204 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dfcbec882444489f822e0924892f154a |
| SHA1 | 3c06757ef2e58ffc4029b7913d07bedf82209fa2 |
| SHA256 | 6bace8ef300de52b502cd87efe39c58dd2237b2797e83cc93d20fdde7f3eb20b |
| SHA512 | 25ef3e16cd88349734357fb2666e1add0277e450d1171a7ac54a0e5cbe0ea1126919a552574e972fc0022b84234fb7dc3b9d317239c7cbd61afe1ee186880263 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c1807fe6aa844a375d8864df90f2d6bd |
| SHA1 | 71b298e57755ceaa69eb29a361d8d4af50f53774 |
| SHA256 | d62aead62e4c3618ccded9d8cb66f50f5f783a9b092056f4b126e114094c74b0 |
| SHA512 | 1ae4646f326ae2df0aaa183ba9f32f6cb21b97e34976de39320f8d4c85a001654266e191ec1ee3c1df60be9014365522b0e310584981dd6a0707a37342c66fec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f049064293a560fb7d8fa3857dc19bb8 |
| SHA1 | 6c12a0bd0bc16dde4dabae2684378ab428c22bcd |
| SHA256 | 5f61c1c17971149de5deeadfa0644c325f2216aeb109042376cb26472a39e7c2 |
| SHA512 | 66f0b1cf947a146152b9594ee41511ee4b334193f67f89b10703acc2b0a26f0f6fb309868fca7743a22b720ce623fe5ee29c0899f92aecf0e23acc332fbc2b2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 526a5ef6b3b8048720c946eb93e8c141 |
| SHA1 | fe50beb449b4088dc3e0699cfc0ada98a5ddd008 |
| SHA256 | 2803f8b5417ad8e3224d19081a3eddbe327e44c0c2c25e1e3e6e0bb97d979090 |
| SHA512 | e84584304b4bdfbe1913d4658d3b2af1a37d6da7b2fd407280d0d3dcb5649647e49586942c2ff8663f6e25d5b90607e31e7cd7773a37aec6de42fdf6a58373b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 11d243be15d6c8f9f5417cf40ac389e1 |
| SHA1 | 77c87d3bc1e68f4749f04523022cf7f812560f9f |
| SHA256 | 1a601c185d152e59b235093ca17ae2745e03b7010e5241860eafac579ceb99dc |
| SHA512 | 9ea12f81f87fa213f14a6797aab01dff5edb18c00332d85449fffafbc3d8ced55f8fac76bc946ac7743bdecad49d4aa81e175278247d844c6c319298a1fe644c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 22cfb28a6e8f38805a6c2cdf206fc10f |
| SHA1 | dd7cbe0a342177de35a24199c3a9c494ee046abc |
| SHA256 | 7f8fd23e8829456b5478ba46ca8018a0db2d4758093650e4d65c2477491cd764 |
| SHA512 | 941974719e6c5c4aff8230c611b6d61905e052c91e519f2f875641a0eb63a9753dc27a59df810b6e19841f232c440aa1a00c6aafffabaefda4d57bcb321280be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | efa15053102cd2bbecc6e7380c92ca17 |
| SHA1 | f2f1c1725a06b03aff51d99668ff5b22619df375 |
| SHA256 | f38be46a39e6d4a4897e50e35ff7c91cfa149c6ef1b1b77e9a79d75e21b41d50 |
| SHA512 | 60aacbe6b77bbbe36fb6607f6a9a38b8853a4511471d29ff8294b4cdffc889cf05006845c234faad2eeb7167530abcb94f558330b38fc84aad83ecbe0994a839 |