Analysis Overview
Threat Level: Known bad
The file http://t.yesware.com/tt/0ffd1f55c7e6a0ced56d29538e63fa334cce8cd2/340be3fbd5588b7ae8659d398f6ebdbe/6b6b3691935bcccf7dc7e5bf662a5dca/api.getcoding.de/en/ was found to be: Known bad.
Malicious Activity Summary
Looks up external IP address via web service
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-06 19:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-06 19:40
Reported
2024-12-06 19:43
Platform
win10v2004-20241007-en
Max time kernel
163s
Max time network
163s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133779876222146974" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://t.yesware.com/tt/0ffd1f55c7e6a0ced56d29538e63fa334cce8cd2/340be3fbd5588b7ae8659d398f6ebdbe/6b6b3691935bcccf7dc7e5bf662a5dca/api.getcoding.de/en/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff952c4cc40,0x7ff952c4cc4c,0x7ff952c4cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2120,i,12981752875090516239,4692978514893394973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1780,i,12981752875090516239,4692978514893394973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,12981752875090516239,4692978514893394973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3020,i,12981752875090516239,4692978514893394973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3036 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3024,i,12981752875090516239,4692978514893394973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3004,i,12981752875090516239,4692978514893394973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3636 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4600,i,12981752875090516239,4692978514893394973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4360 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3340,i,12981752875090516239,4692978514893394973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3672,i,12981752875090516239,4692978514893394973,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.yesware.com | udp |
| US | 34.239.203.203:80 | t.yesware.com | tcp |
| US | 34.239.203.203:80 | t.yesware.com | tcp |
| US | 34.239.203.203:443 | t.yesware.com | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.203.239.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | api.getcoding.de | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| DE | 89.163.142.48:443 | api.getcoding.de | tcp |
| DE | 89.163.142.48:443 | api.getcoding.de | tcp |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 8.8.8.8:53 | login.blockchain.com | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 104.16.57.69:443 | login.blockchain.com | tcp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.142.163.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.57.16.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lens.google.com | udp |
| GB | 142.250.187.206:443 | lens.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3636_TTAWATAUJJWJTSFK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 18a3462aafc4432bb56768aa71a72171 |
| SHA1 | 17c3fcf54424a499a4ce18cc49bd9351b49e208e |
| SHA256 | 0a0dce505af938fcba526d09cba58d26b18d729a4c508621e06fcec87653f093 |
| SHA512 | a6a1d021334919be560f895fbbe428ff2bdd9c8830e510c1af4053dbeb1625a0e50f25a84745182c13e87d0d167086832c9431754f4a02fdfa68899f1297aeca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1aea4a87c6ff22845df99f47a9d80ea4 |
| SHA1 | 3190e9ed225553a46a378968201e351e78a710e3 |
| SHA256 | e922bef9cfe7023d853b825d3155a611f672a55715bc672358011c45f3e98b68 |
| SHA512 | b7deddb991f172526adaad9a4007f58426419f47b244a7031595cb973d697f5f7dcbe22995bcbfed985536603814e1afface5de8b489ef62b3a7a473d91f771b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c785ac20-1d74-4684-be30-ab743d0359de.tmp
| MD5 | 3f8c72289226e36bea217f8d2f4ce288 |
| SHA1 | 172ac127faf989bd6531f9202e9c8594c7627b8d |
| SHA256 | cdc7db964d5fa789073fa2777bd84d40ea7feeecb1d151fea5edb0abe0ba46dc |
| SHA512 | bbe1f4b5400fd67f9199aedfa8d596a29efb4c2a8d365fab12bdbaf9dee5eeca491dd06c41922394bc5ea567af4901e795be52330faa197e67f4f604e90c6225 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9f501af3e827a0a53db6386c83fe7109 |
| SHA1 | b659e3093c3bf9d03fc5d0488fc2dc0af921c34e |
| SHA256 | d2fac294d1a11852dc32e4c1f7321d13b02b4b3be1a0ce0b7aa574d80be48305 |
| SHA512 | 25624ee7c1ed0d05c113bdcb77241ca1fcd1f6d82fe9e8217ca274b92446cb61bba1d35da459f0abce6f56ae066fc9fb7e62f5c0fdf6e74a3a7542ccaa0a561e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 10307f33f5e5de6cf3355965e45c26a0 |
| SHA1 | ff9aa454906916d96387fa8e44c7c2ce1e1a4bff |
| SHA256 | 46ce5b8a589f12f86aae8c84af2994bd8ff2c8d49cd80948e56f8be5952fb02c |
| SHA512 | 41e80308f065f96325d8cd63c7e6436610bcf772416a3e10dcd92dc648b93128f8acf2ad5386e024833636f0b5d7eee8478aff6d4bc283328c16b2a96ce00553 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a1430b43bae7f3340c33eebcd2f6b4c |
| SHA1 | 39f6e9ac1b139bef72035af94df5d625a80cdcc7 |
| SHA256 | b6d4c5e7bf7a8acfa0d297db24b03caf8768bdb75442f1d6c4728b756e950a14 |
| SHA512 | 79ede9947b3f89d8f77464a064fb918d8a83183dbb0e14eb33ec82284cdd719f8c157b23f7e32d4c20c3cb69b0531f49e26de6a587c2e189bc590816a60055aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d7fac4bf010b1ba8b04ebe38b9cc2655 |
| SHA1 | e3d86cdb6508449fcc37fe839ef2d8d06f44c948 |
| SHA256 | 278e30960d4667c656d5f4dfb9e8fbf6b3144ff50189bce63011db174feba6b0 |
| SHA512 | d9ef94a3d8f0274e69722e545ed4be73cd6c9377572d201a6fb9179bc7659813f323028f21ec9ebb8d9e46089b1fee052ea9f102f7ce47cab0c221bf55a24e5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7bdaea1f597be9cce332d6cac731d9d7 |
| SHA1 | 8254a5258745c9e08ad549e5af42561e81a360aa |
| SHA256 | 46bba7c127c22eb26dcaeb0e0b14761299dc755d00073f4a3684ae833f30b695 |
| SHA512 | 36d67026f7b21930301b871936ee2e38dda5d479fedd26610dacf5e3b0060e98b31bec9e81bf7ada1575683cd8091bb00f7920ef24f9ed57cf50b5289a1c992f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fc81513281146de21a3a89971a7c3303 |
| SHA1 | e6dabd80c6ea1d566738f69ed7936968f714af1e |
| SHA256 | 31ae128eb2bb51f766ffcbf131c4f1ca6ddda67d39f6cc01d1a7068a1acaeaaf |
| SHA512 | 9230320c2b265b8b9ce63f7fd4f107c5efe1b0510e655d34cbcb2962021276f09046f05ffc075de167e402405a17235521ccdfd5119cd71479cbb79d382e9dd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 136df05eacd97a66e055407dcb3bca73 |
| SHA1 | b618d470b47daafa8d68f2438f081fa06e5a4a9e |
| SHA256 | 27c890a380ae6b1888d8dbfdb2f436bc4cf330f0497162802d931f0999f99f7e |
| SHA512 | 4beab13a3830c1d99563d94702dfb9a3490e6bfe8140146fdb8c5db61f8c5de30535269a20b8c6424c48465af8395ed340ab0fca663df3950c408961a1e93e8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a7245995ca9a5353cb03fef057413a71 |
| SHA1 | c19dff996cf5e6e4129e8907eb8ec6e35b74b69f |
| SHA256 | dcf2b07e3317ccf79a20180afb2c0bc1724131dac0065d97b5e4fd50c4eea6ba |
| SHA512 | 24b7a6f592e356318b7f81f81f7ba6f7635c7d9edf4328046d79b2310faff3a0adadbc1fd88e49c8345348466d3447e3c4a68077232db89554e33c1af5b7ff00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 348cf79649087b8045b8b17c851af46e |
| SHA1 | c6763ecfa1076038f465a664d3b41562ea713a27 |
| SHA256 | 078bb109f2349614ddf630476dad4dc0956d03ce97c1461350064ac21a9ff86c |
| SHA512 | 0fba7cd19b2a450f4338bf72dab35353acfc8cf48d56095e27064d2fdc1a1240660b321da2983dcff0407bb1718077d880407272c459637a9be409fda8bbc7e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4894c49dbebb80cdebbf444d6eff8dcf |
| SHA1 | 3855ce3916aa016d201d29ec269bae27455020ec |
| SHA256 | 246c896c55f837d7eafeaa71b4bcad7e832c0a813f52ad10979803def06de587 |
| SHA512 | 1604c7a4d900aa32e3dcf63360e76b5bfe24f2189b6e7d08de3d9ef7c5c81e3ff94baad22645cd856d55396c483713cc085ca5552a87a1ce24075c7ebc7964e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 74dccac35be50b355d2fe45299e325b8 |
| SHA1 | 6bc74ba310ef47c961476868ffaebf2c6a8d03ae |
| SHA256 | 881c7464f44960af856c36c7e047042edfbf7822ca1294eb4fb3fd8717f2c2e0 |
| SHA512 | 5159b5c2468a2d43101bdb066ec791f3613b97c3138b954adabc5fb1265a6667abea715cd00698dbb801ee9809a4bc30eefdec4da1fb03900ba85a8204bf9adc |