hxxps://cxwvcvwt[.]r[.]eu-north-1[.]awstrack[.]me/L0/https[:]%2F%2Ffestyle[.]visibleone[.]pro%2Fr[.]php%3Fid=004PRrCwNrU4Hw9wT0GVS5gYOTbPuNsgP/1/01100195c9d4b919-8e234aab-1120-4f5c-a073-a923e4353877-000000/lomAaWgLd576rr5XD2LU4IRERfA=203

Analysis

max time kernel
21s
max time network
21s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
25/03/2025, 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cxwvcvwt.r.eu-north-1.awstrack.me/L0/https:%2F%2Ffestyle.visibleone.pro%2Fr.php%3Fid=004PRrCwNrU4Hw9wT0GVS5gYOTbPuNsgP/1/01100195c9d4b919-8e234aab-1120-4f5c-a073-a923e4353877-000000/lomAaWgLd576rr5XD2LU4IRERfA=203

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873752704039162"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4524	chrome.exe
4524	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe
Token: SeShutdownPrivilege	4524	chrome.exe
Token: SeCreatePagefilePrivilege	4524	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe
4524	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 2356	4524	chrome.exe	78
PID 4524 wrote to memory of 2356	4524	chrome.exe	78
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 3160	4524	chrome.exe	80
PID 4524 wrote to memory of 3160	4524	chrome.exe	80
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 5900	4524	chrome.exe	79
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81
PID 4524 wrote to memory of 2764	4524	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cxwvcvwt.r.eu-north-1.awstrack.me/L0/https:%2F%2Ffestyle.visibleone.pro%2Fr.php%3Fid=004PRrCwNrU4Hw9wT0GVS5gYOTbPuNsgP/1/01100195c9d4b919-8e234aab-1120-4f5c-a073-a923e4353877-000000/lomAaWgLd576rr5XD2LU4IRERfA=203
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e9c0dcf8,0x7ff9e9c0dd04,0x7ff9e9c0dd10
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2124,i,9335705336966682648,1773474034270967786,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2064,i,9335705336966682648,1773474034270967786,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1836 /prefetch:11
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,9335705336966682648,1773474034270967786,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2500 /prefetch:13
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,9335705336966682648,1773474034270967786,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,9335705336966682648,1773474034270967786,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4184,i,9335705336966682648,1773474034270967786,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4240 /prefetch:9
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4548,i,9335705336966682648,1773474034270967786,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5164,i,9335705336966682648,1773474034270967786,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5172 /prefetch:14
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5388,i,9335705336966682648,1773474034270967786,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2064

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4868

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1f6fb90f31cfb1a8686ec631c19030a0

SHA1
c86969c17b4ca26a17ccd592757aa8ccd22cc188

SHA256
e085124bea9b8c9ea642cc3fdad984db3ab3566f909fa179ebc4f8749aa406c7

SHA512
bace9460651f893908591519cb489b4c0de868952c150452ce8a42d133de27d2994b898d88caae8f3ed78ac71d56d19dfc1448e44e3a80baf657a149b7e64dab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e6fd75c568f2dc8e80cfe93fbdd8d54f

SHA1
75b53e136b6bad3a9c64b9eb0bc1f60d810773c4

SHA256
a1375c32fff176061eccfdc5558bdf295a2a471dc50ceedacc2f70ed4445ce9a

SHA512
c1dc7ca6b4f747fb92e11ca152c1908168cd4899ab7f7e9d55186509d624c6b55ee03e4e4449f3616c53605c3059978e4c58eebfbd71f32ccbdbad1f76583d72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0c4ee74392bcb9c2651fb89da5d6ea38

SHA1
3b0c059f0763113bc1f02ff5dcbc7ab421b9bb30

SHA256
271186f51c93e49b8e397d63570f77ed64355ad873c825457f56c4be696da869

SHA512
0c69717b1882b08f112a904faf5b582497a6ba83dceeb00e15c8522c1557dc55e25ee27713984c27e49a24c9d84606c6cb4edd41168ee16587e07a3402257080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0a533ea291afa45ff1b40d3b2267cf15

SHA1
b4cfdc93f79eca881bcb2fdba7ce7687f4b7affb

SHA256
ba303297a08a3156ddc733bb0b4e7ee549b6b4b682ceabf51b9bc77d4e4ffdca

SHA512
42d36517caac57a3da8eb65748c8bf1d32cdc12894477e8098e3f1f041f375b092acd0866d43f35439f417c8b5fd9f20fe6fe0e660af447527f91dac2dd74ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579c7e.TMP

Filesize
48B

MD5
44f3b8f696028edcd710e5734e60a035

SHA1
87da51aa981fbb3d5a9794aa182b5744eeb72e98

SHA256
cf0af1ce8b5db1b1d5d6012066a310d8bac17e70b58f324650ff510a5fab315e

SHA512
f721e36cc16598bf3a82e090c813e07e532fb6afd1db64ea92bfdd7fce8f8c9360ba608b62ce7fa46e6824459c47d6c58e2f6e1b26a5776bb9a3f7f5cb2e8aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
8c6335fc06b161a92407cd36c08fa782

SHA1
2566cd63101f386449e457b2447b6d2167fc750c

SHA256
b0811c087d3ce686575ff9e84a39b837a49e5691c91700b4b646e3112cecb76c

SHA512
6f0ce30f726f2423755d31842c09f22b2b167a89b2dfb88f6c3f21913e167ee250ed51d058c8c5ea1c4ace7b9723a6b8a1d7d6f623fa710763923c8a8f5bba48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
5dd59852b88098f725805038fe677784

SHA1
8db4fc444acfed28d43af5fbb70d2d58383fb459

SHA256
e21543ae29d4221863803f9b45d3ce85b6864574aa95e341a85f7ef0ee52d724

SHA512
d042e1ff662e6700da07498aa0ae2a1f6fb89c2132bba4793cc7aac6da8235391e1a614fef64e49141dea9aa5741f2484847beb8c290266aa05e5fa78a35151d

Download Submit