hxxps://rb[.]gy/l89y3s#test@test[.]com

Analysis

max time kernel
0s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rb.gy/l89y3s#[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

chrome.exe

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4088 wrote to memory of 920	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 920	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 2732	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3320	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3320	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe
PID 4088 wrote to memory of 3140	4088	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://rb.gy/l89y3s#[email protected]
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff852f1ab58,0x7ff852f1ab68,0x7ff852f1ab78
2⤵
PID:920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1876,i,5639390896971373522,14050286793409570604,131072 /prefetch:2
2⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1876,i,5639390896971373522,14050286793409570604,131072 /prefetch:8
2⤵
PID:3320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1876,i,5639390896971373522,14050286793409570604,131072 /prefetch:8
2⤵
PID:3140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1876,i,5639390896971373522,14050286793409570604,131072 /prefetch:1
2⤵
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1876,i,5639390896971373522,14050286793409570604,131072 /prefetch:1
2⤵
PID:3636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1876,i,5639390896971373522,14050286793409570604,131072 /prefetch:8
2⤵
PID:4760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1876,i,5639390896971373522,14050286793409570604,131072 /prefetch:8
2⤵
PID:60

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=736 --field-trial-handle=1876,i,5639390896971373522,14050286793409570604,131072 /prefetch:2
2⤵
PID:5032

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4296,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=3756 /prefetch:8
1⤵
PID:2904

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
9df799e54c0e550fc65d0ee563ceefe8

SHA1
2e4eea2d47fa647226c932e9fc49c8cb3beae2cd

SHA256
7eee2db1e3c23dc0e8c1bd51bd340a217314c32f5326c408ebbb57ee3f912517

SHA512
2132d1c83f7b7343295fd8d75b5bf2490995a6bc4cdc697b407bdc458eecc6b4792c99bd464edae7047b2114c1de14a4cfd63696599e22aa57d5ad24ae8c6436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
522B

MD5
0c79124a4c340440b8a78385eac87b06

SHA1
4a4f53dde71e04df5954b34e3d667257131fa898

SHA256
aeed68538f8be882eb15ff7589ecc33abd938f8fc7d7b84305296480470336c9

SHA512
328d77a8e63ec910f4808d518aaa7d681b703fbc4400768fca9e8d73a360c102d1f3d176ff3d5b8c59791974301e1f1b9e85e48557877666a71964911a757693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1be8a71e597bca10b0251301a401501e

SHA1
b95839d615420d53002f148cc698394feec82bed

SHA256
63cf7a5dcaf0947cacdfc0c06f83592a1e3dd0d010b98ed7f9b9603b87fde8e0

SHA512
f663cbdee75125d84cf9b3f29f78ef495c7979f8a81dc1e4381485b3109fcabf9e2c260e6f9d0d019d8e9f446fcf6f006196010689582d8eb097705831c39725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
e0b2f26ed1dfde3ede783450fff70747

SHA1
53767f1346b5951e8ac9d1edc7115813781cf2fc

SHA256
9b523794ddf9a8b05a6d9a358699a69107d4e71cc582aaa02d20c84173789211

SHA512
e2f7cb80f83e661a984ac6dbd5681c021ce7ca23b739291e8d7db5ee30fdad97c44877ee9d7ec0981a9dba4cd3e42a43fc3c84005cb1086f3387cff814903daf

Download Submit
\??\pipe\crashpad_4088_COOLSVXTPCJJRSKZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit