hxxps://hbs-cleaning[.]nl/r

Resubmissions

30-06-2024 20:06

240630-yvex9stfnc 10

30-06-2024 20:01

240630-yrs1qatere 10

Analysis

max time kernel
2s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hbs-cleaning.nl/r

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

chrome.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of FindShellTrayWindow 17 IoCs

Processes:

chrome.exe

pid	process
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

chrome.exe

pid	process
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1536 wrote to memory of 1708	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1708	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4768	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 3464	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 3464	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 4828	1536	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hbs-cleaning.nl/r
1⤵
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e2ab58,0x7fff76e2ab68,0x7fff76e2ab78
2⤵
PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1564,i,8078424135735930691,11630936429800571310,131072 /prefetch:2
2⤵
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1564,i,8078424135735930691,11630936429800571310,131072 /prefetch:8
2⤵
PID:3464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1564,i,8078424135735930691,11630936429800571310,131072 /prefetch:8
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1564,i,8078424135735930691,11630936429800571310,131072 /prefetch:1
2⤵
PID:4460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1564,i,8078424135735930691,11630936429800571310,131072 /prefetch:1
2⤵
PID:3096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4104 --field-trial-handle=1564,i,8078424135735930691,11630936429800571310,131072 /prefetch:1
2⤵
PID:4392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1564,i,8078424135735930691,11630936429800571310,131072 /prefetch:8
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1564,i,8078424135735930691,11630936429800571310,131072 /prefetch:8
2⤵
PID:3556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4544 --field-trial-handle=1564,i,8078424135735930691,11630936429800571310,131072 /prefetch:1
2⤵
PID:4084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3196 --field-trial-handle=1564,i,8078424135735930691,11630936429800571310,131072 /prefetch:1
2⤵
PID:1400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1564,i,8078424135735930691,11630936429800571310,131072 /prefetch:2
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3444

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:3564

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
e0c1db6e23d01020767036ca82b48c11

SHA1
30314af5eefe49f2b6279e422f39c9198f829506

SHA256
3d8c0afa4f4d12ef8fd520ec5e931d15505610575961697b407abbc370b087e5

SHA512
8968cec8fc4cf6235b223ff6b54c89a6412b1ebd3f5ccd9bb51413e8fbd945172f6c166754a38c4375ad1f7481de13fe21420345531e0f430cb3116f2aebba25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
d2f2c6e35fb4ca7f87e84d16809ba839

SHA1
3ce6f81ae04cf252c8eaf16984b8cd39b5011841

SHA256
ab2c5cf4e8b39393021c87975c35607653add517ccc52fa065ce5cb8ce85e17f

SHA512
8250846ac0bead617922ab952d8f1d8e9f54d77601a9a74f1c065b382ba2d9040679abf85f10a40f2f29812838743665337e3f3074f0b3b0205eed57b55acbc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
a42c5d434c24d9be23f22b1444ba02a3

SHA1
b5fca9395f7869375cc88fd67c2d05bad4f45908

SHA256
0b032f99270620fbf9f01951f820510d5535462495758ae063be1ef378f58f32

SHA512
a251a8cf96eb354fe363c272fa0cadc3c0196c464280a9d1fed9b471f682935012b6f09ad6a5e9963bd26587d5ea718e69921303c87b7f7e11417c351aa98261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
e8b8501c9205b290f1bcd1ff681ea59d

SHA1
03bd60f8c93af54e6bb22e0077b3b0c874f94172

SHA256
0f9cc26163b60387a7d675a54cd9c9c631a535ab7b17436ba8cfd24223d54d9e

SHA512
c58553874504b52bb57908cbc591b6c546da3322491a0cf4d889252d09f263ff22fe1063d65767f36d6fb8fa793d2e3894bfb12e35b3b5ab9550ef53fed05264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
95fbbc816fe0f481a7c594df2136383d

SHA1
e95f8bd673649ac9eeea148f571d343047b39468

SHA256
8f50195512ed462c7e1f17ab1c29a6d535f1e635213bce15dc9a2cebaa97c04f

SHA512
c4ed918028afe8ddf7884192ddc226ebcbe868a6b626b81825c3b513a597047cfbbddbf0627b5baf3cd0a62656648698106c3e01dbb8078133af87f4dbfca4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
33a30d913a4bcf73844ec680472f5659

SHA1
03509f90322fbf160b6b75e7de2fd2a619cbb9f5

SHA256
6da67e3a545fafd7d5e581f552c30efcdbad66c8d58a0d6a83b18c6a991314d2

SHA512
8f8447caf826cb857f9136adf224b22b9eb89e12818a9f1936a5ddb1776da0845164fd88ff5fce4f29640b620d104dbeaef7ad077d9e10d6c03654cfacddb7d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d556a77ef43b6667c8eba0728f6c5ac7

SHA1
1c56b3d8fb062f3bb6bda80df388b2ec227282e6

SHA256
eea305f72348b37202d7e086ed7caeff8ea58469dee036626eb13abe07db94b3

SHA512
656c8a6cfa6bc6deb7ddcd1d8ff29a56ba3295a20966e7ba9428f46a156f330c2e30798b27d42419ef1f907d6a8cc3a7bffc5cf001e54247fe27ed05675ce56e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6b31e944730d353460c31aba08c03514

SHA1
ef037d25b6199c09b4a64ad28753f9945e402801

SHA256
2962b60d6a812f3857757309964636686c36e7bb6ca5e8d4e88102c4e9131d3c

SHA512
1400b8a806947af04d27ff1936c00c91e485ce1755da33094f11ce7698cc02d53ef99b809c43de69cd6972f91dfbf7aa8d8f7149e2e6e85eb480d4738308e327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a709a9a509d9d0043a87978197283ad6

SHA1
734d4d8888b4f657f0517d9599af23a4285cd560

SHA256
18d423377b51350a4f068333878c70bad7b1edab3829a56fbf7b72030ac9a24f

SHA512
4f82e714cbb3819891cf2210b457bd5b4afd81281a1ba854b85333c68ed98649aeaddc1fc2032bf2446651ffae664a8783dcd2094a851c90cd3074dea65d712d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d66f79e90867326977d2d4b6fb3adece

SHA1
41db43f15c8d7ebcf207f488cabe3808809f8eb9

SHA256
40e8c5b367d1b0fb7d8c7fd73665f420242b53157f8b556db7f8763cbf6945e4

SHA512
080a89d1b7770aae325c7bfceaf40b9926f2e10fc1dcf8bfdf2618aadf406d3b131d0b887b0b91b5c568f5b9832cba7d152dda1a72368c93fd4275c9542eed91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
9620af0d12c59bdce37c556fccf2db82

SHA1
7a02fd8746e0551099f684d4c7601a0dacb76643

SHA256
8fdd14809fd1ddb27e1fc577214a2bf8dfdcdd2cb5d820267c7fe7ff60610e13

SHA512
11b3aa10327717f91fa1d47b48bbb0528e91e0988707010e16118ef3d5af777db6a60d37b9fae9c7f77313f78866abdb72f58d6cc13141243aad7c9200193ca8

Download Submit
\??\pipe\crashpad_1536_IUGMQCAEIPCEYOQE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3564-226-0x00000238EE040000-0x00000238EE050000-memory.dmp

Filesize
64KB

Download
memory/3564-210-0x00000238EDF40000-0x00000238EDF50000-memory.dmp

Filesize
64KB

Download
memory/3564-242-0x00000238F6360000-0x00000238F6361000-memory.dmp

Filesize
4KB

Download
memory/3564-246-0x00000238F64A0000-0x00000238F64A1000-memory.dmp

Filesize
4KB

Download
memory/3564-245-0x00000238F6390000-0x00000238F6391000-memory.dmp

Filesize
4KB

Download
memory/3564-244-0x00000238F6390000-0x00000238F6391000-memory.dmp

Filesize
4KB

Download