Analysis

  • max time kernel
    300s
  • max time network
    281s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 00:25

General

  • Target

    https://disputedcontentillegalcontent.vercel.app/page/

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://disputedcontentillegalcontent.vercel.app/page/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3312
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd56cdcc40,0x7ffd56cdcc4c,0x7ffd56cdcc58
      2⤵
        PID:460
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,9219542700694133098,13172933015872749207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:2
        2⤵
          PID:3432
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,9219542700694133098,13172933015872749207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2260 /prefetch:3
          2⤵
            PID:388
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,9219542700694133098,13172933015872749207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2576 /prefetch:8
            2⤵
              PID:4488
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,9219542700694133098,13172933015872749207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
              2⤵
                PID:3860
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,9219542700694133098,13172933015872749207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
                2⤵
                  PID:3344
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,9219542700694133098,13172933015872749207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:8
                  2⤵
                    PID:2320
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4816,i,9219542700694133098,13172933015872749207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1424
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=724,i,9219542700694133098,13172933015872749207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:1
                    2⤵
                      PID:2388
                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                    1⤵
                      PID:2116
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                      1⤵
                        PID:3984

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                        Filesize

                        649B

                        MD5

                        706b709814725b807eb87b14697f5862

                        SHA1

                        0b9c23cf99af2bce23f538e7fd77fc4da4b9853e

                        SHA256

                        fb796c310eeb40da94d3b20eb6c5a968667a2991d2d4ab1a9594b7b04659b9ea

                        SHA512

                        a90603a35b790fff883ad77b00072d6bbe76a98a749974b328dc9b8bb81a4a0a06a89f034425fdb94dd6f696824d285c7be6314a9f3c2afac83958693a48cb85

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        120B

                        MD5

                        ea29533b6b563254e276591617f20fc3

                        SHA1

                        0a85639b596a6075487a5df54b835613409e5085

                        SHA256

                        94080354dba691fd24e61098b50fb3fb200a9e9bd1537429f535d6e8d0a82c08

                        SHA512

                        15ba8edc06766632ceb9a367a5b7d394d279588978b7111fe9c76cce00f7ed80464ecb86ad12daf56954375ba8b5625c49b85b7404070a1dff0fecbbba26ac2e

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        3KB

                        MD5

                        651bbea57c15c11506109db706dd5e89

                        SHA1

                        9588c13e6e72cd5f2a3adb0edc3be3c78969f467

                        SHA256

                        d96a51462643811698993aee34891a8ba89373b6a244ab406670e0d5e0e8720d

                        SHA512

                        69942e578a59a6c033d2c4223e7b4bfb0facef16ba55dba47e56af052a01e696913e092f09aebc7a5c5d7d3a2487ad381e28414a7483e7688b34ddaa2bbacd5b

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        3KB

                        MD5

                        e88b5983d587b2a3c7208391f6221e48

                        SHA1

                        efc84ea734d554e2e441880148d63deb66c5582b

                        SHA256

                        29c110bcacbaee76a819efb08301cae517fa9254f1944db515d27d908a05bb24

                        SHA512

                        865b9261a546ac0d6600f4cff47dcc85f74432a129a9dea29e305cda05c20142feedc21eb4bd29b2bce7e2ee58ff9aa38a0cfc46a09652afd90c4564952eaef2

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                        Filesize

                        2B

                        MD5

                        d751713988987e9331980363e24189ce

                        SHA1

                        97d170e1550eee4afc0af065b78cda302a97674c

                        SHA256

                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                        SHA512

                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        523B

                        MD5

                        650cac8095fecb8f85150a5b297d75ac

                        SHA1

                        1b4b9a43f4ec0b7e14d5dd9353309e4153e94ed4

                        SHA256

                        27f00a98443a99b0e2793bb7f955956cea6a722552cee4bbc94623c4694c26b4

                        SHA512

                        d5d5fca6e57a4da18cd0ece0b1e976725f9648773b430ab2215fd14ad6fbd01be689bb0f95df9aebc9567e170fc4aca71a2666124ba0efccee211012b787471b

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        4db4544f938051edaa09ee11a9e28f46

                        SHA1

                        4a148ca3a1fb83b265d2f28a2d33d762a5f3e345

                        SHA256

                        a45f4ef94d98c075c16f734f8f01c53c54612ec34812631f0905e244a5aefd97

                        SHA512

                        30edc954bf7154f51e84a4633ee65c954f7e7c8222a748aab26bb8834105f0c7a8e6cade75535b32204e6e6ba5e830f65cb42a53f4cc0a9670a74d7bd214ae8a

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        e746869c1b9afe425b7d011eb3d7eb3a

                        SHA1

                        a8f2459dc5b1b7291821c26a69923f024279f2e3

                        SHA256

                        a4fbccd1afb52a2e8c7dab648a849ff7bf60a36f5f2346c71b1b8b4fea0be708

                        SHA512

                        98d7abd81e298d9eaec8cfd27cc3c9cccd824a51fa4183d7c2d7ce859903c68163c371b88e39fc56269075c6f31e0603b9a6a35e365abb702f9bd5f6605c76fa

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        3f106cba9124bbf36f720941b7fe9122

                        SHA1

                        e2a79ba41c57a12ebf3b6b787d5a756bf2c0eb3f

                        SHA256

                        292af437fc95887a9fefb5e1d85e0c169b88da53bc44cd10ea825826f03d5ac0

                        SHA512

                        a92d9b3d49d3240c52873827cc17f449d235dcecff083b58db99cae3f5344c60f19e93823b77eac07117ef0ff6c7df2b39857d731732f5bcd9d4fe5c25a0b9b5

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        2004789b90882f1eef5e820916a7a283

                        SHA1

                        8efbf626c30069e589a5790987c9798cfeaf4089

                        SHA256

                        3e05692ebb8f3b35d6e9491f358d861e62f18c8ec22efa4720f5e23a7c064f9f

                        SHA512

                        5ea44c444f65e106ccb8740f788ab497e9dd880c4ce1baddf40def4ca0d36dd613377ad6fe187bb6e40c235f604af7b1eab7e6579560bc630d028f8a3edfc169

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        13KB

                        MD5

                        e3d3d7ce8000b2388ae7f7c32bf1c0d5

                        SHA1

                        8c2ecf74cdf66304bb51a83e16622e0680b64601

                        SHA256

                        b69dab49d8dd7610e5906f124e11bbdbeb777de057eb2da35633fcf1b23cfc4e

                        SHA512

                        31dba809a6ec538173628635f7c1344fc9d8a762cfb117af10eb36adb37494bf64c2a6ed4695f732a79272597699d5f00dbc2756c1ff425887e513f4e422e076

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        c76e190e93e1ae433e0fe14f8641a1a9

                        SHA1

                        25c5cee17c2ab81bd2cfdba126fee9ecbb4564ac

                        SHA256

                        6eee3b9eed52d01e7817bad866872bcc0038e206f34b08860c68fc770cc564e3

                        SHA512

                        453bf5a68c71330b8df1d2598de05ebe4f80e961479b63890d27d48f121655601ee8c8542f5187215b7979611267e0b2e14d945d93a672af3fe385afb8df7cbf

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        13KB

                        MD5

                        f19735aac84da0d0c9ac5da40440299b

                        SHA1

                        061b1945306da64858edab148928be8d01c3791f

                        SHA256

                        92b75ba04c1e3a8dd789e6e6b6a2ed54746391f013b2a8e779e74c9a8f6a8214

                        SHA512

                        fabf5c07f78ff3202aaaa832e53957fdee7e47826f04a1bff503a3644acfee7cefcc716cb88836d4dee2fd0dc8b2f2c80a2724db4091582fe5478929c83ecc3b

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        af0b9de5c7a4e018c64f026914bac380

                        SHA1

                        88e82eb9a94c8ac251fd55e1d87b0ac09e997806

                        SHA256

                        045fcfb2bc6e727a0e1efd70a5a5e60079b343d442aca9dc4577ae1282625008

                        SHA512

                        9ee4030bd755d277d3c4f0e5bc7605fb7132ab29dd7f803bd6e827662fe795d17682f84cbfbda05a71ae19e0844d4fcbe4983ce1893629792f3bf3aaac105c17

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        12KB

                        MD5

                        e63f9bb6e8056535c07f21c61fc30c89

                        SHA1

                        3b532efef087851679288369cc1b04a41b9af908

                        SHA256

                        36a23116419351ed936d75348820b04833be8ab9ab4f99eaef7a1888fa0ee235

                        SHA512

                        210dd8e1fefe99352646ccf7777b8681ee89c71ce27af9869916e417816adad7a32c453536d324998f90388417492e63d1609d65767f9170aaff20fd5e627943

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        3342cb48efbec4b10f150a2d3491b68e

                        SHA1

                        a54295f08f89450c392a73fb54028d7ec8f62ae4

                        SHA256

                        e08c71a156a9597cd2d9c812c02e272085b45c909de7414de97ddad35505013e

                        SHA512

                        ff55bd73bd9f0848496acacbafdd530980c4d8808e4da600b9b6e1fdf8fee19970f5cb740cd1429aed5a0b694b0adc1b6baa58e46710fbe7da97a2cb27da2b3b

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        b2980dacda3c42a1866beebc8197b861

                        SHA1

                        2ab9483a09403d894646f1723c0d1f8abf09635b

                        SHA256

                        e7c62e9e0371046cb9ccc99918226d4dae2899aec69665af320d45b8c4cd11a1

                        SHA512

                        f6232cf575dfa23d4aebab28eadeb73e127c14f8813d502f679055d12515b07e7434d5b3b9b2dc2716b40ac40a33e8a155fc741da6758cbe9c0a846621dcb8a3

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        12KB

                        MD5

                        161916b3d1e50dc5bfc1418de44e1ada

                        SHA1

                        5c5b69a7a0fc213f45907137568b4b97bdc308f3

                        SHA256

                        1c7fdca7d7c6ea87e773729571fdf85dd5c8f099f6dead13455d70b84281501e

                        SHA512

                        82f900f293195c543f79fd9b9345361f223b2017381d2eff49e604c0dcea33cc320a48d98e1c5fdc6de7d2ca7d1757cd09f1df79ef2d8517cbd79c6160eafa7b

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        ff9d1982ef98687e240c82dad28775a4

                        SHA1

                        78c2cebf0f9aa177fd5edf178044d96b1015b0f1

                        SHA256

                        e30a156614a6159713f2c98b409de28fd5c9d8e1e978f703f602e67959054895

                        SHA512

                        9c09de73a6d7638bb4630606ee3b043500355280a77e426c8c9aeb0e2a89695bfde90ebdde90688d0fd4b86f6412f7fbb2b6912990f91f114f2dc3526a568804

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        9f81e56230820fbbba43ac359bee0878

                        SHA1

                        253580c8cd7228654aef16f811cc628db78c7ee4

                        SHA256

                        b6dc16abd190e4962a3e73611681f20ca89db978005b6945dafa84b411a6007e

                        SHA512

                        17cb819bc0c1f1c8d72fc498b1ff760f624d55544087139e7ea2c3ad7f2ace3d99f1b46d78d04d60827768c9d3acadf28d9a093ddf245340ecb2df99827d7c1e

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        116KB

                        MD5

                        6f0e0409fb86fd9de1a39259b1351100

                        SHA1

                        0652bc1528932a3552b10ac065d6c4e7d2d66908

                        SHA256

                        6f480e1571b88ad411bacfe2897e9750412e8a2f0ba6332d6a76b5f70bad0e17

                        SHA512

                        deef9275b92c43fc02cb3413a050d2dc8e9c9844e68989bd313da528fb629813e15f1e58f267749df6169152d10e62acb16f423a13d28a04ac5100be1cf9ec05

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        116KB

                        MD5

                        e8acdd93a59b8424055ffab86bec1599

                        SHA1

                        3a470bc5aff2d4218f14e70b137ae74ebd5afa9b

                        SHA256

                        9521f56896bf09099ec1f21e75dc5fc2ec7ac4bcd9fa12f76e1d0429bab107ec

                        SHA512

                        db6556d4e88a7afdcb5b28031d533fb94b3a652f07f9af70e3080900847ae7554da55d8f3bb1d189231fbfee0cc40ec429a82e916092fe16911f2fdd124a4e76

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                        Filesize

                        2B

                        MD5

                        f3b25701fe362ec84616a93a45ce9998

                        SHA1

                        d62636d8caec13f04e28442a0a6fa1afeb024bbb

                        SHA256

                        b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                        SHA512

                        98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                      • \??\pipe\crashpad_3312_CZNOUROUJADXVQOJ

                        MD5

                        d41d8cd98f00b204e9800998ecf8427e

                        SHA1

                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                        SHA256

                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                        SHA512

                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e