Analysis
-
max time kernel
89s -
max time network
66s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
19/11/2024, 15:16
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://diamondurl.com/js/vision360.js
Resource
win10v2004-20241007-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
https://diamondurl.com/js/vision360.js
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765029953065463" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3680 chrome.exe 3680 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3680 chrome.exe 3680 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe Token: SeShutdownPrivilege 3680 chrome.exe Token: SeCreatePagefilePrivilege 3680 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe 3680 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3680 wrote to memory of 2448 3680 chrome.exe 84 PID 3680 wrote to memory of 2448 3680 chrome.exe 84 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 216 3680 chrome.exe 85 PID 3680 wrote to memory of 4300 3680 chrome.exe 86 PID 3680 wrote to memory of 4300 3680 chrome.exe 86 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87 PID 3680 wrote to memory of 3628 3680 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://diamondurl.com/js/vision360.js1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3680 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f16fcc40,0x7ff8f16fcc4c,0x7ff8f16fcc582⤵PID:2448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,9477727660284954833,6393965568835001225,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:22⤵PID:216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,9477727660284954833,6393965568835001225,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2080 /prefetch:32⤵PID:4300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,9477727660284954833,6393965568835001225,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2256 /prefetch:82⤵PID:3628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,9477727660284954833,6393965568835001225,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:12⤵PID:4876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,9477727660284954833,6393965568835001225,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:4908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,9477727660284954833,6393965568835001225,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:82⤵PID:4564
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2832
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2180
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD516c0e39293d5b0944d85f368788e0181
SHA162d8a37d3e22702a8a30b4242a0d2bef18d30355
SHA2563e5c7e33c197b83b17fbb9defde9cc87f7f24236ce371ba5a19b17d81c767feb
SHA5121d1bd3a06a1eee6a98d9005b787af6c2d398b11bf5ffeea0542a45649cfd0ef058da469bb33bd1c60cc773df9203cb4d1916d3418f627fedf0dcbc62ab32e4b7
-
Filesize
1KB
MD5db82e97b06263dcb70048c6e152a2b19
SHA1b74db912c9fa693a1836b3ce789627f7f4e58dcd
SHA2569b01d4094dadf44e5ed11306d29d242be8af75727fff97168401d679b57775e0
SHA51294a5e139f97c1ea00a035ee3cdc695dea849f64bc86f51493f6581d41b60782f2a1c815b3acb1dc7b5ea9feea70df1890378fffc3e46c56e4a0a66b6be4876dc
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD541579935de398cfeba3a930718aba412
SHA15c8c690cd6a620e1a5826c943264331a541b3375
SHA256a8c5c761383fa0bdecc7c90e38ed58edf65919d27418fee7a1d6d074e4f837d6
SHA512fd47af350fd49f7b59c8981c6a33621bbd8af34430edc4079b6739bd500f999eb3c2ebc54907e0bc6fd5d5540429da77b422adecf8a2b3be6c71c302b2c2f812
-
Filesize
9KB
MD50533e7e89355958b2d44c2f4de3ca67b
SHA1d5a9dfc02e49463dd709f747ee0964706c393cd7
SHA2562c71a26cd56bf335c1d91b21dfd5229e574a04b8d36ad392b58aa0036a91f611
SHA512654bc97b140c38df65bdcf9ef73fb83f4c2b81bc43be758a32cec9f1cfcd96cc06ac02f017fea406a251179639adea0183ce0d387432435d0629f704737519a2
-
Filesize
9KB
MD5f5491cdade9062161bf1be4c3f1b646c
SHA1bafc2ef57ebbc65fd4ce55e74fd5fe2a0c2aeeb8
SHA2569cd0db08c49d7206c82812beb17a9bbb6eb8bc572dc94a9ef954b5fad42fe9e5
SHA5120b8026072697036ce8717301a02b13d758ed9cecd61848f6aad230b1e816cbc8ec6f83d2a7a031a266b6c83aa5b097197bf6f828c9ef9f3f805083d4fba08224
-
Filesize
9KB
MD5b15dc5fd07b29c916e46eb8dc981d846
SHA1e8ab818620c591a374e96167685a04ed5d8d8102
SHA256bc7b10578de38d64b56f661bd060b47700b4abcdb5c402239e47a4076107a4c7
SHA51283f277627922daf1f8c43a2370ead2645f63198e409f920d43bba191dbcf26614ae081096f701e709c1e6cc49c292d13b9655b4f918e59588a9299a4a7d44c41
-
Filesize
116KB
MD50a4bc3382b3f10657b16efcd174fd418
SHA1ad07f59217d64935865813f7e48fc95f39a288f3
SHA25699b6be4397388ae3939b48105cbb008b79f1972d0bcc717160d753f2e8f7e6f4
SHA5127e8b3dd4ff4156913ffb3a3c0c36b94fda3e27fa5b093ede1dedf887311d6bb5f53a6cad88f8b27efe56ae972931428d45909834268138e97da0d26902d90265
-
Filesize
116KB
MD52a1dc1646f1bf598c105c27fc26bb00a
SHA10d8334748d6a9a491938cef0bbc6b5e088ef2d13
SHA256c7c930fb7b0371457e07d820ec753e3da31667b5fd23c0981370b8bcc3694e30
SHA512413174728c2dd2440e6bfcb70cc31f4b71459758cd83f5c3620db39219d139fe3523034c627b271e6cc60671937f8f3c7d5d3add29896ee4045519c9b81ba41a