Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23-12-2024 09:33
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://atsukaa.thrivezest.org/winwidgetshp.mp4
Resource
win10v2004-20241007-en
General
-
Target
https://atsukaa.thrivezest.org/winwidgetshp.mp4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133794200098419358" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe 1872 chrome.exe 1872 chrome.exe 1872 chrome.exe 1872 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe Token: SeShutdownPrivilege 1556 chrome.exe Token: SeCreatePagefilePrivilege 1556 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1556 wrote to memory of 4084 1556 chrome.exe 84 PID 1556 wrote to memory of 4084 1556 chrome.exe 84 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 4600 1556 chrome.exe 85 PID 1556 wrote to memory of 2240 1556 chrome.exe 86 PID 1556 wrote to memory of 2240 1556 chrome.exe 86 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87 PID 1556 wrote to memory of 1860 1556 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://atsukaa.thrivezest.org/winwidgetshp.mp41⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1556 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd715cc40,0x7ffcd715cc4c,0x7ffcd715cc582⤵PID:4084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,13359497201662635912,16113856142563193310,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1852 /prefetch:22⤵PID:4600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1716,i,13359497201662635912,16113856142563193310,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2128 /prefetch:32⤵PID:2240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,13359497201662635912,16113856142563193310,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2548 /prefetch:82⤵PID:1860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,13359497201662635912,16113856142563193310,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:12⤵PID:3460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,13359497201662635912,16113856142563193310,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:2184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4524,i,13359497201662635912,16113856142563193310,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:82⤵PID:3060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4420,i,13359497201662635912,16113856142563193310,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1872
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:60
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2848
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD50bf02f3258dd035fc52f44df4b91a221
SHA109587578a768cf71d32c805d389066c6bc48064e
SHA2566fc5c6955736d7f6d439337c78c08effb81c0a2fd74cf7c29963ff7cdeb215e0
SHA5129270a83869123851f8d64b9fe460dddbc4e2646396dd3ab7950926f003254fcf3b7633e0e42ddd2854d16f5c3beb875df13d6188ba73f08473eb36962a3896b3
-
Filesize
2KB
MD5639bc8f03eb3fd5c4c3edfcd544bd4e5
SHA100b4cc590ef14686b8195741688263f3727a40f3
SHA256ed1f4479788c979748ff0e2ff84f7fc5eb42656cf87bc865bdb12a66423ec421
SHA51272ef00522f54b694b630afefa4009a2c5624bbfdc166df011a60c85de170aab34b8ed543a6b787111fa7e84a791c530c50f7034588b2a53eb0a386051d7be4a7
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD52906c33421c42efc5056bed651774019
SHA1bafa814df3905ef509a0a64c386878a5153bb6a5
SHA25676edf94e5d3012e1b37c432631e18efe705e68b72ceef8109b6f24f320edfe80
SHA512cbcfcbf90a822a49ab940e54bcdb0425f577dea6ac0800af94b3ef9f061cb3d1bce8f7b8e9333956b27876adfb2fd7ac321e9d93569b311c18d888204be39ae4
-
Filesize
9KB
MD542c3fdf7709bfc9555ba197a635dadce
SHA1a8bdd08bff67d28a4fc32e97bb9f05c09c523652
SHA2568d8903ee2ee9d4fc050e3958099c8bfd2cc2d2958a23e0c29203bb56c4df6d80
SHA512ea2e393a9ab2a25f3adb585f1e6f115364b136b49d06eb43e4e5d2205917d12f1c5b06c2c680caec620ea2d6b1f90fe5b78aee2145156f34505b6196bff9d861
-
Filesize
9KB
MD591f0da2c77dd6a3204d8faec153c0540
SHA17693896694d76700082f5c13360f852a119b85b1
SHA25674e42cabc0f8db799045f14835c903590ba6926506810a2bfa925e25ba45f8f5
SHA512b11e1a1104dcaadb3dcbcc28b94755354c4cb09d599ece2a5fe51b038703de2060f53ab19efbcdd23e80bc89c43ee01b7980afac933b21ebb28d4be254f01e41
-
Filesize
9KB
MD5c370eef048d4eafc6c710c9a23f3750e
SHA12428fd99340c6ca0e9f2a73483398d352dc7ce00
SHA2560f7b6dd6efaebad3320783eff782a41cb289eca971c7551bf3919e00b6570c55
SHA512f2dae6fd6d022cbf257e5d11df67c3587623c7b206abc2a91772f40724af856b647a000e3f481b3664eceeba5691c20bdf0a1662c7de3fd6d1838ec890004ddf
-
Filesize
9KB
MD55230a86c7f3fd460ad3b6d3b21108e3e
SHA192605c19a93ae29a736130968372852e5b016ab8
SHA256dd32e91cdf1eb4edf501b11fb88ad8db0af1e84b10b0158f36be396cf83837b5
SHA51221e62803f0d2ec7131919ce5efbc2738053f93f1bde6d1a2397223e7de3297025b5bd87275b0ab1be056ee91feee0371608d50fafb8d7db2796d0dd1386eade1
-
Filesize
9KB
MD5de168d8a570a9dfa71cc1d8feb237245
SHA152376d81a065fdaa92f421a939c26b8dfc43ad5f
SHA25647229e8787dc19b2c0aacb24923f11d4a42405881dd1237e644836fc91907153
SHA5129d5a4d67660d2c20bd804661caad0750e536040a4ed3b772ba1446a9a5321f9163ee90b5d022c865a9bf5767b2d3d1e59cbbb8fa3ad8ed33e079687cace0e843
-
Filesize
9KB
MD503d3fff2b5b4c3210ce0b033b921c9ee
SHA16ed69ecfdb10380a3c8d2c85d757421ef0806089
SHA2567e414249375b140bb271ed65b72391f5b679cbede300e30e47df05659acad184
SHA512e5fb95f12f071a7c44915dccdc9f85229993eeaf158956d2d98c9feaa92d0b9539e049c05adfe640e34b712cb9702fbe119e57115a96e73a2d70c31fe31d475c
-
Filesize
9KB
MD5c7e5efbef7fd658e01fb494c9a948ebe
SHA12ccef81d23726daeb77141a48b87b9cac4e0c381
SHA25609e69d99caa33acde57ccb8772dfcc45378c9edad661ab59167dcb45f4e89aa0
SHA5123ff5b8dc642e68821e85d476ee47877ec704f5648ebda4b1a3fbe75f2197f8f10032290c05f5c8627a0972cad2221e1d21ade5c3eb155bd0d6ce3f6211fdb5f2
-
Filesize
116KB
MD5f8af9a26722132325ec83825b1f78860
SHA14aea8c80af795d19489f83ceb94965d85586ed19
SHA2566cc9b577d142ac080ac6d2089848a97e0c447be3ea034607006bcae70097251f
SHA5129179de98f1855592f3d3270de1252dad33679f8a5cbbd2dc03887b39e88720eb32236a66669989e907a70fc2d14d9af72560df9405d4a3123841e0584fbe70c5
-
Filesize
116KB
MD5d2b51cdd744084fa1b3bec9f05b040d7
SHA15e50928bb68877f769cd37e802c2a962510724c5
SHA256bab5960d59f581eec3d8bf89478ac7a23c0ae09e637e55589eaf11dd3243975b
SHA512b91d2f90f99a8f29cf3f0a0046b49bba412b2ff7bc8d96eb830a6c7706d414a92388d407ff005972646605fb2da73fbb3b7e2a4875265db634bb7bb3717cdd4d