Analysis
-
max time kernel
88s -
max time network
86s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09-12-2024 14:21
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://Pushkoin.com
Resource
win10v2004-20241007-en
General
-
Target
http://Pushkoin.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133782276893729518" chrome.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe Token: SeShutdownPrivilege 4608 chrome.exe Token: SeCreatePagefilePrivilege 4608 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe 4608 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4608 wrote to memory of 4940 4608 chrome.exe 83 PID 4608 wrote to memory of 4940 4608 chrome.exe 83 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 3088 4608 chrome.exe 84 PID 4608 wrote to memory of 2296 4608 chrome.exe 85 PID 4608 wrote to memory of 2296 4608 chrome.exe 85 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86 PID 4608 wrote to memory of 2152 4608 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Pushkoin.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4608 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xd4,0x110,0x7ffe661fcc40,0x7ffe661fcc4c,0x7ffe661fcc582⤵PID:4940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,14970937247817006797,10238761134349129799,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1864 /prefetch:22⤵PID:3088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,14970937247817006797,10238761134349129799,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:32⤵PID:2296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,14970937247817006797,10238761134349129799,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2272 /prefetch:82⤵PID:2152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,14970937247817006797,10238761134349129799,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3068 /prefetch:12⤵PID:636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,14970937247817006797,10238761134349129799,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:12⤵PID:968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,14970937247817006797,10238761134349129799,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3704 /prefetch:12⤵PID:2184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4364,i,14970937247817006797,10238761134349129799,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:82⤵PID:4248
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1604
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2500
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5234be89b087e01a68b9b2de129719eed
SHA1219209a8c0ffb12daf81a3b2c76945ac593f07b6
SHA256d9edab30914a8a38641e61820588dcbe99491f6b1ad7900aec9e0edcaf814ffb
SHA512117ec68bec183cadfd395c86f4202283ff9e25baf7a80129e749f6b2c66ccea19fba1f01bfa3c4ff77024da697234d886732953ced40ece6a29adf50189d47d8
-
Filesize
408B
MD5049dec6984bcbade24be5e1ab54baaf6
SHA16ecaefb28926820a606e2cb575fb4194c10a9fbe
SHA2562e2481f881b3dfc3df482939361641164f0a6c35c6dcc82c36a10ad144b2ba4d
SHA512ea7187aa6aaebd44a8d583036a70925062fcb612951792189a952a86e53bc4e49c3804ebadfc999c1ce514dc84aa5e8cd96cf175b7bc5ec8acd99141e43d4df4
-
Filesize
2KB
MD5ad7e9190e18e19ce3de8af21261c9bde
SHA18a413957850798f1905450a580827a1d05f018f6
SHA25686f053c495f45f14240740a54a915844485205d4a40b6fe762d698b0e326a0a7
SHA512c3f013c1d388bfe86aa972b5eae6dc11bd6064ed2f2f948d5bcf96e3123bd9073f2a421e4e05af2a4a245b950882c0a95c1e7482def97010894e8d771891a2ed
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
524B
MD5ee2c1f123f002af439eb5edc69a09c59
SHA1b86de053e512528bce6eaee75fd9eadca253ef47
SHA2564214b814a34b3720100cd80e179dc5a564e0ce568d514d9ab2740adb5fe7b075
SHA512fb2341962cb7ad879bb70d2e90166cbe0c86b2398e44f63e85e2bad7afb34d3835d35c11fdd636fddc9347ed949ccbd833a4f8e0efd626c8eed82b7ffcb814eb
-
Filesize
9KB
MD56144645aeafc0ca68ff6e74096d348ca
SHA19e20f8124986e0aaa8fa51cb6e72e661bbee8152
SHA2569e7e72ed80c102df65fe95cd4c4d45d6f6f3f7f58073c48fd6c81c74ebd26aa0
SHA5122bc1859fe8d304fb75665cba8ec08f8d4981f84136af713889b879331a1bf186194342c4e474de7ec52c1556fee804555655f3cf82dede3ab0cdccce4f7c2237
-
Filesize
9KB
MD559f10fd06aa3788a1f39eda182a0e14d
SHA1e25329017ec06934594f31344fe8ee53e9becc67
SHA25663054a45e7f2ea7a0e59f39918af495da270ef1e35064e4b574b38b2d39c4474
SHA5122979dc26d407fa681abbc17f8d6e94e3f295a3a5b7e959d3e6b755b118a0ad5ebcd8f1ea217e393f3b6c9ff097e789be081656deb1e8aa1a8b2f82e15d7c47f7
-
Filesize
9KB
MD5582377b5189c72a59e72d5f118473152
SHA1c166f7f4f8699e648849193ec21fee3b41d64b4a
SHA2562395c75388e02844c7e62653dfaf46db919ac7fd832204e724c0bb37eb338ed7
SHA512d167a413e452bcfee80280318dd9a36506343399ae8ac1e7cce4fa8f48aebe714c51e2c2d1c9864931b0192ce34bd319e3d5e23d8ba146dc2024f507a6e1c639
-
Filesize
9KB
MD55ebd2e6fbaff3130a382dc9ff3323895
SHA16e1bb445fb59b73f95ed2ff6cee12c01d47c0111
SHA256c455d808b15e1776ecc134a7e0eb6bcf4057ef814c26f52731762cbeb15ed77d
SHA512d83885fb87f3397135780e4f3fe464d1575eda2145e7e3bafb5271730b0fc3312b6fda96f85f7949c328f18c47ac811d2a875704e682afac441b85da1db20724
-
Filesize
9KB
MD5a8e2c74d758f151454134359c8e32b94
SHA147c58f40db4fa2653a0732b01c2deb2420412449
SHA2561603f589bb50fabce38900952b14ca296af5c3b2183023467300dc59d4fde105
SHA512f4bb3a5e4f753c01a897d355b3a131014f0e731eb7d1bbfa0d1551fe6e6413c51d591e1210d000c4278c4e1635435ec830abcaaa39a552fa0b093221c4437689
-
Filesize
9KB
MD588d4c93bcd2b102ab126096d3dc9b960
SHA1af96c47cbc7b2a33a33a3c2d73c24e2bad864c8f
SHA25671a53e4fbd6d94162e15639f79ba644f1f5d848d310c3e480b5244a540909c32
SHA5127f7d74a52f0022c9c2e35a22802b8b38f99ccf4d1957df5226a4da6ab92388e584db78366ca54ee4626c18573ffcf1a2cd3e0d3bc39a773fc2e5bd90fb987208
-
Filesize
116KB
MD51e10dff8614f75437df428d69eac3338
SHA164982d962c975d09cff5b116d232205c029c25d7
SHA256852d284560b5123ff2bf644663f701edaf7fdb3fabecf33a27368e5fa9d1f17a
SHA512fb3e7d89d9d8b7debdf42bb3000264fa781e72655443279414b51c017421d10c95f528485795712706c833373c18186715350d36f591a55e82b9b122a30dc09b
-
Filesize
116KB
MD5499ecce67bd883b22fdc23dcf7d00997
SHA18ced53db9c3f7de314868e1469562a371864a49e
SHA256ff75fd61cec3f1ef7bb3fc82bb95ccbc8978a8e3e4fdb2548108b38895c52392
SHA512ac06c06dedb3ed6adb2528be2c6e79cd1193932370074961b9dc49b561e4bf27b7174700fe401cb4eb64cea64bcf13054e2fc8f198b5584139baf94300cec715