Analysis
-
max time kernel
50s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 21:39
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://172.21.124.113:80/
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
https://172.21.124.113:80/
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
https://172.21.124.113:80/
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
https://172.21.124.113:80/
Resource
win11-20241007-en
General
-
Target
https://172.21.124.113:80/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756620089827251" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2528 chrome.exe 2528 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe Token: SeShutdownPrivilege 2528 chrome.exe Token: SeCreatePagefilePrivilege 2528 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe 2528 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2528 wrote to memory of 3288 2528 chrome.exe 83 PID 2528 wrote to memory of 3288 2528 chrome.exe 83 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 1432 2528 chrome.exe 84 PID 2528 wrote to memory of 4520 2528 chrome.exe 85 PID 2528 wrote to memory of 4520 2528 chrome.exe 85 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86 PID 2528 wrote to memory of 540 2528 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://172.21.124.113:80/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffac088cc40,0x7ffac088cc4c,0x7ffac088cc582⤵PID:3288
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,15180130757595928819,6304115158661292093,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2028 /prefetch:22⤵PID:1432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,15180130757595928819,6304115158661292093,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2080 /prefetch:32⤵PID:4520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,15180130757595928819,6304115158661292093,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2272 /prefetch:82⤵PID:540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,15180130757595928819,6304115158661292093,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:12⤵PID:2080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,15180130757595928819,6304115158661292093,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:3040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4340,i,15180130757595928819,6304115158661292093,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:82⤵PID:220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4648,i,15180130757595928819,6304115158661292093,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4444 /prefetch:12⤵PID:3200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4412,i,15180130757595928819,6304115158661292093,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:2712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4824,i,15180130757595928819,6304115158661292093,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:2108
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3404
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4908
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5da7cd19cfc9771028ee96ffcb3bef161
SHA1b973d445b46995febab82deb4899b13f737429e7
SHA2569600f541c103a0bc4c0fe4ccbdbfa0775217ae85303c1376a7fc78283bf79bdd
SHA512faaab8de8e83108ebf25ed26da9a176fa7269222ffdfdd5963f0a77251696279c5b471282b33680baff58a1faf9a9c3583815431916ce74006318675f79b5af7
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD5f926912ec9bf0c8ece45c457f1b06ec7
SHA117ce6a9969c60845d717b8acafcf01ca7ba011da
SHA256d90716fb3341de182b0d36bb207b4d3a9b0b065ff01fe70b0ed90c4a34c680e1
SHA512ed953f49b6aca94f4e868048a54f2111ff4610fc343b52abdc5cd77d4649228cd42e04dd803291d0d479ceba8a1fe3c53e3f25ecd90dd362d05173021bbf2dc7
-
Filesize
9KB
MD5e0a56c520e18fb9cf30bd5d6f993dae3
SHA16c75b5042e43bc620de31cff8dd922cb27f122f7
SHA256cd4ec8ef596810e855a8405c8db4d6bc7cd62c2bdc3312e2ba98fc51415b08ad
SHA512a7bf2b478b928679bc064b1f5c7d8e42cdb93334f79fd49fd01e3a3c4922d7e6361c7a9ede74de5c59c18f515ac9cbc2b53030d242a21994326f8797b2bdc92d
-
Filesize
9KB
MD53b7bd34071b287cecb2c8239e70c4935
SHA1f851542176c405c1fd45852a6dcea40d6cbcd3cb
SHA2565fd46a7522535b3a84738206adb14ce617f31fb3317003230ddfde93c6b7e2ee
SHA5125e618d3b0966171ca018496dc94c633e84ae1da240ed5ebcf14fab57bf15b216dfc90cc753144ff6689aecf262810c7a299298577cbcd4e76d46c139aa3dc66a
-
Filesize
116KB
MD5650b9ba2bde06e98e780feefa94fbce5
SHA1f74e522751f9bd112891dd01139516f792be407e
SHA2566997821cecff9ca7f0012400e1964607fefa9def92d635d802c1e6aee2231ac1
SHA512f7a6dd7afa2a59c4e6dd8f550fee7329b5d570c617abe87540918e559d6d86eadb1746a18f07e0d57a8e54e86d8072c7362ccb454815ce697c32a8771aabe438
-
Filesize
116KB
MD5d914bdffd50327c7837879d8d40626f0
SHA1a925c5216d26fc7e1ea51f5aab133152362ef95e
SHA2566e74e06f879ebf51d59a9d877628bb4742da1067b1e35dc29fddd790ccf6518c
SHA51274f7e045f521ffcc13af4d300604936700cd8f6a1d5f7d088baeaac7a9cf29c500eae19574cb4c03d952ec29d498d81b0ff329d4736621cc9afc3b43626b2ebc