Analysis
-
max time kernel
35s -
max time network
29s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
19-12-2024 13:43
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://is.gd/pR5RgK
Resource
win11-20241007-en
General
-
Target
https://is.gd/pR5RgK
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133790894277214932" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1700 chrome.exe 1700 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe Token: SeShutdownPrivilege 1700 chrome.exe Token: SeCreatePagefilePrivilege 1700 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe 1700 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1700 wrote to memory of 2244 1700 chrome.exe 77 PID 1700 wrote to memory of 2244 1700 chrome.exe 77 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 416 1700 chrome.exe 78 PID 1700 wrote to memory of 4752 1700 chrome.exe 79 PID 1700 wrote to memory of 4752 1700 chrome.exe 79 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80 PID 1700 wrote to memory of 792 1700 chrome.exe 80
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://is.gd/pR5RgK1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdfc1cc40,0x7fffdfc1cc4c,0x7fffdfc1cc582⤵PID:2244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,11558642250647573425,11192253021339537925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1856 /prefetch:22⤵PID:416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,11558642250647573425,11192253021339537925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:32⤵PID:4752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,11558642250647573425,11192253021339537925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2368 /prefetch:82⤵PID:792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,11558642250647573425,11192253021339537925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:12⤵PID:3540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,11558642250647573425,11192253021339537925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:12⤵PID:1324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3620,i,11558642250647573425,11192253021339537925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:82⤵PID:244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4520,i,11558642250647573425,11192253021339537925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:3780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4812,i,11558642250647573425,11192253021339537925,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:12⤵PID:4788
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1136
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2904
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD57086cd59344bf675f8f7f190553358d8
SHA19766467df98aabeb0c2f4481fe762832a6af2874
SHA25691ca11ad349bdec1c549b3f44bdc047aab5ce6ad21ccdfa40a91a276dad870ad
SHA512a36c0b953a1324c4a33c66856920ac99cd09a9395bb3e630d5b85d912e536d499995227621112826de9d21b48c0b52c29452f6f44163b40c30469a1bf3a6ca7a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5459d5937b17830dfe3f4f7684d01fe85
SHA1ec245e19b040112248796da3eae3a44f55491cfb
SHA2566820c30488174e15ee38e5d4b38897c99e77b5158a510b888a0f5c6b6d57944a
SHA51272ab5a9455904cd03af43d34b4ae0ebbd8b0e7b97e13ddd02cf4a42c8a02d4bba0a575728327c316c5ca2b5e1bbd11817b76b768e762c8ec4c5735bf7718f1a7
-
Filesize
1KB
MD547bc7fcd8c944f19d284d46088821277
SHA1a7c997cf0a6d0ac6615bafd2f20e93bb4ac1decb
SHA256f4679b07f4137164b82fb8792eccb0f42bf4aaa2968581b924cee2579735cbe1
SHA51270cc5db5c8e65c08f800eb2c08bb7163517f77381868d9418464a583f4bbf0b434810b5b2ed8f890e774671d16d15de4800865794630e8b251e8213c35a17c0f
-
Filesize
9KB
MD554d75ccfec75f3504ecf50ceeafc033b
SHA10e737aeca90da54145e44f959ffc78ccea98b5b4
SHA25611443307de22a4f95a0448d12f45d0dc26da648a92f0d005452b73626ef6b7a1
SHA5123444f5743e56fa63ed42eddd2ce12df88e3802712861a7611ef2d983cc579dd0f92cd0df0abc04f4bef4e03adee844e3f7b12b82f10eefd24ae7844d012fefab
-
Filesize
9KB
MD5c12844499dd8c1d76e50a396184ea0c9
SHA1ed3fe87a70cc2793203ce6f1f97bedecf2ebde42
SHA256cdecdf3e916380521c719306643d7396f972c7e39d6d293b5184f77c402b7641
SHA512172fcef326aeb3c190970f523d75366862b85d74178a28c8e3f6dcaa8c24769dcae2757d7e2fbe55aa966a4b4b270170865d718b19f72cce75aa99cc6dee2a8d
-
Filesize
9KB
MD522a58afe42e3a9fe2e7bbbda5195067b
SHA17d0c03c29456dbd987a66ccfe5abc61048deded2
SHA256f34bf71e92955708668a0a7f87386a51f35e88f35931a7fc125e5c90fba247b0
SHA512ed0a5daea294395e67a24aa977e905e6aeaf6175896858b60a72028a62b7fd73709fc28a8ae6e92ffef5e74636e29be17e553336f7386389bc8cb231e5f16abb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD599d16bb495dd314a538f45e76cc6b538
SHA1f1c566c7afc6dcdbd5874d13e63df3710e148690
SHA25646e6866db0dee1773ace9c54d7a3db542711fe7b94b49dc5c326420f882ceaac
SHA512a59cac7655914164ad5803bcac846568442a001ef066cf84669af7f5483d47fb99fc28d2b3ac9998e69b94207d9d16853fbe6cbd2996f8183dfde89c2bc3e093
-
Filesize
228KB
MD51bf77bcb2b5f0e92fda0e6e428ecba1b
SHA167dd042354aa58aadce3f0887732234f41996933
SHA25692d6f2c1625c99b941eea2c21f42308cff4293b146cf10ed6b9734bf5f650440
SHA5126a96c64002e493e3452b29780e4e5f95255e5c7c42982fd9805382325b8631baa87f0811e43f8d09021dc003bcf3c236ef9db3e047df0ed08c0c98c9f226f84e