hxxps://hello-world-secure-sound-daac[.]ferdididra[.]workers[.]dev/px/QmdvopPTXZY3PBwyycfPM9P9EahoivFWtcZjvh7RLyLPr3

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hello-world-secure-sound-daac.ferdididra.workers.dev/px/QmdvopPTXZY3PBwyycfPM9P9EahoivFWtcZjvh7RLyLPr3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642670029631886"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2340 chrome.exe
2340 chrome.exe
1528 chrome.exe
1528 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

2340 chrome.exe
2340 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2340 wrote to memory of 4776	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 4776	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 3768	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 4072	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 4072	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe
PID 2340 wrote to memory of 1020	2340	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hello-world-secure-sound-daac.ferdididra.workers.dev/px/QmdvopPTXZY3PBwyycfPM9P9EahoivFWtcZjvh7RLyLPr3
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa00cab58,0x7ffaa00cab68,0x7ffaa00cab78
2⤵
PID:4776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1896,i,13066396125660163175,16663167436760334657,131072 /prefetch:2
2⤵
PID:3768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1896,i,13066396125660163175,16663167436760334657,131072 /prefetch:8
2⤵
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1896,i,13066396125660163175,16663167436760334657,131072 /prefetch:8
2⤵
PID:1020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1896,i,13066396125660163175,16663167436760334657,131072 /prefetch:1
2⤵
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1896,i,13066396125660163175,16663167436760334657,131072 /prefetch:1
2⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1896,i,13066396125660163175,16663167436760334657,131072 /prefetch:8
2⤵
PID:388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1896,i,13066396125660163175,16663167436760334657,131072 /prefetch:8
2⤵
PID:3632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1896,i,13066396125660163175,16663167436760334657,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1528

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1028

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
8223c79dc741d37a1c0c04ea950a7f46

SHA1
78f0558e10d694b713ad4d921f958154d613a88a

SHA256
c9201d2a092b51a68a8fc15a9599601a62013a01d57a77f95761d2e769b5e264

SHA512
6b13ab09e17c0640090ab7935317eca30e1667cf0739dca707076f39b29397bd604a9cb68d7cd8a4f9f24a484b78dfc1849e092da741e82905d04f9dd5db11f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
1ad5a2577e40413af184cd260d7f138d

SHA1
cdeafc339483f3d5fae12e9ad6d3cbf45076c3c8

SHA256
4711ca1d10fcf8157f8751ca62ab07922c99cdf6d7ef137dcb8ad5e05cf2471c

SHA512
cd786cd99d46510317297a49883ce9078187bae8b5ac51d894a58e2f3c2475dba0e09c653a211cf8222a649c8dd9d5e9cdd384a5a48800fe26b2099b9b77d142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
691B

MD5
5cf082497fd7a61ac17719f77621a15c

SHA1
bb0237dc6f37a6e6eb776e2fdd4e351d9823cd58

SHA256
26e2ef95e78f15109b6520a7256beee66c40d744df37aa3754e2024085025f41

SHA512
4b1214cb2eb42f34e1a7fafa1d417c338a73955dfe564fca64dfe900a1fc5d6c35eca02f9cf0f9ef8cfbbd69dfc4cf53615b70cd58d8e03f19b2eb15e3710f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
cff81b80c641959c2ddfd3552c1af644

SHA1
da67b03756980ede79e16e173c68f45537fb2715

SHA256
890ff4f0d9635773a609c05cf23061acbbbe805c1a0178f4a9e2484f9774fbb6

SHA512
6d57dfedaec5057976611e83673f5cfacca3a748418c14dabe89b4deaf666df43f062bfd942dd49b47657683e6056e253edaae82ec94fe2b807fb3ce120a972b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
e71d00f3802851dceb2a16feecde4440

SHA1
ae9b46a9eea01e84fa146fe20e3e75c874be4a66

SHA256
b6cd0076c262729d2d64e7720ff9e795d9796e7e8f15b450833302db1fab3d2c

SHA512
b69548e13ad96dd3572efb81a18a520e8b7aa47440830f37186ba0dd6a2a79318a8255bd2876ca4d11663eb0e4647e1912246c149e5e6c15d73f2965bfdc7687

Download Submit
\??\pipe\crashpad_2340_CENAPXLANNDWPGVV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit