Analysis
-
max time kernel
63s -
max time network
65s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
16-10-2024 21:59
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://policyrequestmoderationalert.vercel.app/page
Resource
win10v2004-20241007-en
General
-
Target
https://policyrequestmoderationalert.vercel.app/page
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 29 api.db-ip.com 30 api.db-ip.com -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133735895942105944" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 3892 chrome.exe 3892 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 3892 chrome.exe 3892 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe Token: SeShutdownPrivilege 3892 chrome.exe Token: SeCreatePagefilePrivilege 3892 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe 3892 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3892 wrote to memory of 2088 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 2088 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 1456 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4736 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4736 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe PID 3892 wrote to memory of 4744 3892 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://policyrequestmoderationalert.vercel.app/page1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3892 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc01e7cc40,0x7ffc01e7cc4c,0x7ffc01e7cc582⤵PID:2088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,3104883315511155299,13358026716954554798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1860 /prefetch:22⤵PID:1456
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,3104883315511155299,13358026716954554798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2192 /prefetch:32⤵PID:4736
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,3104883315511155299,13358026716954554798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2240 /prefetch:82⤵PID:4744
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,3104883315511155299,13358026716954554798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:12⤵PID:2496
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,3104883315511155299,13358026716954554798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:1464
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4604,i,3104883315511155299,13358026716954554798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:82⤵PID:2132
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3416
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:928
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD52a953f50fc90aa24fd688de760cedaef
SHA105ec60685a5071a2e482a14dd5457182a8143879
SHA256e0c51079351f3d54035512be47454bac8709d37795d3e3c364b98a6b32753263
SHA512bdcaca179d623638afd1531f4f5e3f93172d825af5019240bd8c954b08ea617f90382ebf2782a46f84ffc82750a5ed21448ba9be5ee97ca77768187efcf1f66c
-
Filesize
120B
MD5d5b04c14277632c27067a8e0e20614b5
SHA151f9d6a7c5dad11bf5b7a80f68d66c849d67ee6f
SHA2569fb4a47fd6d4ab021072230269f0033e52727e4fe1adb889767a2b6561aad84f
SHA512d1c0f524d699fec13994a31db5f3d0191a47bd87bb13aefb0cb40d1624c5cf8acd01112b0780145a6db15d1fabec5fae8ff17fde3e5d2227c6134a0585f1b1c8
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
523B
MD59218b7514ad4ad2925ec23e61f2562e6
SHA136f4f53c74b6dd497e24d76d1f93470a8cdda6d4
SHA256d06c83930646f14dc400eeb84547bc2f2c5b6cafad58709970787f9767eb8dbd
SHA51283cdff63c7296af4921e7dcf567c1ab6b3d5836114347d21aef3feffb7027b1d846b3d9de90e3e2a5933e24c835bd89e6614c63509abc7dfcf7ba45cc39d2e5f
-
Filesize
9KB
MD5f3f16be1eac8e1bf9d09c1547d62067c
SHA16bbd55fd5c4d61a6569090e6c58e2fda3048ced6
SHA25627728ed5654ec65aff62c0cd33669d137099ef9589169ab9483608957ffb140e
SHA512214b952a10a6c4b385579ea3332c8b8679b6842bf7c0859fd66059fbd0e82e8037f456c7648f767dcb82b0514689952abdc4df1a0a008af02f042a026617f216
-
Filesize
9KB
MD5fdbadf135f9008022707315bc7e55797
SHA18d9bf21d7a1bf8debac15cbae08e5e7d56af92a5
SHA256714313ede83bf62b63f304aca5b30c901de409a582eefd63409120018cd080da
SHA51291a16df45f285d404ee9971abfd70694214072ed4b46f66f27a9a6908b95e102306b6e3e0239a54eb68d67863c27f4cd8ab5565b7d36cbd780ce389dac5d17ab
-
Filesize
9KB
MD59620713ff88cd2648f1e602821729441
SHA1710eac72be16f3de5ee4e2baea062386791edced
SHA25639b7d958aae399c689be3d6f595e356ee63752b258448aed08abb8fdd93528a9
SHA512da788ffc8e3cd22f06f6e65a1d0811972e8f01c22984eef64409877c7d9fdc35d839637115c881df450aab5eb5facea59df74cd1eee54841cd7c196965776a80
-
Filesize
9KB
MD5abd0e6f75eff9336f2c1db14d170bf84
SHA1e8595abd152e9ec36db2010b17f5747a6ff5d324
SHA2563a61337833ed11ac4cf39e43a8c6ab16db8394b48d78391d531886038d66b0f8
SHA51264d8904b9398a8898168ebb4bdeff5f6320d2464488c31a8413621a26607c92103d6f9607759329326895a643c0b5f25fd7b04f03ed39ca82b26dbfdcba7ac55
-
Filesize
116KB
MD58a3d2452378cc8a96c4ea79d8fedcf19
SHA16e21343647b8b7f11b29daba9a11843c97f45ec7
SHA256b3f572c6f0fa4016ce466d57e794d6985cc54db1d5a9466567fdaf61f6edaca1
SHA51283d46480db54fd46686ff9ee7804aa0764d00cce06482d9e5092317a991d88af03478663d44d614b65067ec817cf466beb640449b0ccbdf01b84149ff78b1e57
-
Filesize
116KB
MD5281acc9c7894daf8c5c19870a7bdd2b9
SHA12ecb7abb65b1ef9997e67d4f945b1d875091b7c0
SHA256ce6bc72549918f7ba66706ccc0cb02be5322baefd9a5931dfde05a0b039ac4b5
SHA51280fe3e2e0a67eb8fde47bc305cb01b9d19f78e5caf696f122ae12a547437a37910c5b265bdf1c1ffa437b6e3ec3676ca8eb3c5b643614cf5fc50cf464d202b1a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e