hxxps://klalv61789[.]eleteriod[.]com/2kolp70011/#dGVzdEBnbWFpbC5jb20=

Analysis

max time kernel
0s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://klalv61789.eleteriod.com/2kolp70011/#dGVzdEBnbWFpbC5jb20=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

chrome.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe
Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

chrome.exe

pid process

2464 chrome.exe
2464 chrome.exe
2464 chrome.exe
2464 chrome.exe
2464 chrome.exe
2464 chrome.exe
Suspicious use of SendNotifyMessage 5 IoCs

Processes:

chrome.exe

pid process

2464 chrome.exe
2464 chrome.exe
2464 chrome.exe
2464 chrome.exe
2464 chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

pid	process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

pid	process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2464 wrote to memory of 2736	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2736	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4072	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4004	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 4004	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe
PID 2464 wrote to memory of 2280	2464	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://klalv61789.eleteriod.com/2kolp70011/#dGVzdEBnbWFpbC5jb20=
1⤵
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff852f1ab58,0x7ff852f1ab68,0x7ff852f1ab78
2⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1904,i,15197630938468557222,2333950919941820420,131072 /prefetch:2
2⤵
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1904,i,15197630938468557222,2333950919941820420,131072 /prefetch:8
2⤵
PID:4004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1904,i,15197630938468557222,2333950919941820420,131072 /prefetch:8
2⤵
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1904,i,15197630938468557222,2333950919941820420,131072 /prefetch:1
2⤵
PID:924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1904,i,15197630938468557222,2333950919941820420,131072 /prefetch:1
2⤵
PID:1280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4092 --field-trial-handle=1904,i,15197630938468557222,2333950919941820420,131072 /prefetch:1
2⤵
PID:636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4476 --field-trial-handle=1904,i,15197630938468557222,2333950919941820420,131072 /prefetch:1
2⤵
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4852 --field-trial-handle=1904,i,15197630938468557222,2333950919941820420,131072 /prefetch:1
2⤵
PID:3108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1904,i,15197630938468557222,2333950919941820420,131072 /prefetch:8
2⤵
PID:400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 --field-trial-handle=1904,i,15197630938468557222,2333950919941820420,131072 /prefetch:8
2⤵
PID:1128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1904,i,15197630938468557222,2333950919941820420,131072 /prefetch:2
2⤵
PID:1820

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4320,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=1420 /prefetch:8
1⤵
PID:4812

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
648B

MD5
c99029ea81617463c7d9ef9079f886c2

SHA1
c34fa09c94f7ebf73471c020e0134009444868a5

SHA256
a7db7cc27fe84c480d22faad026b8c70c472509d907ff7f0b38a0893e4c90cbc

SHA512
3acf4d2e88025eb54dd9873761ab7f5be2973d66306a0a03c661ed8108eed90455e0b53991f35c82dce428615055e0677f64c1271f8643007d7d45624ea52e77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\13c032b4-14b8-4df1-be62-82d7ec1582a1.tmp
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
d9f6fbe5ef6c99432bf992154ed621e8

SHA1
018307260c0dfd924e5f36dd03c44f5aabde0f7d

SHA256
9d1393270e3916c78bf0272c5bae54e8b0b735b08e81ef2e3daff63bb5e53aac

SHA512
268a15d304000ffc9289da6bbd6260093b7acc9f42f96dce33f7f31ceb3fa2c1c4100b0be13a901faf8dc408069aefdd7361f24904edee8fa925821065489b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
a2b3854b8db277697dd9ca993b4aed15

SHA1
31b3603cead6a2045e7d9b56e36cb7a8c3b53307

SHA256
bfae41837663b8e0d95e6d07877577562c0dab595fe62d10b9cb0796d86d0317

SHA512
489b071413b99dcf0593ac979b2b97e80df07e762a2f7293c28fd0176b03666689f629bc8ce5389d78972b64387340705997ca71d75bc1793165fbb27d373b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
df32d64de8ce3f4951e3ba9c30dc4770

SHA1
3bdb6438b82a15e5797a8e32d69fbd9ab48c5177

SHA256
e22c9552c16dfc2d35af93f5394637c83b05f9cd4b526e3bd40c0e7022e0fd6f

SHA512
cb1f38e7449423cde7cc1ecbbe80c0832759881377343f7e42e12b39982468a773b05d9a6f9887f908bbeaece89bcd12b1ef2c28aca6e8abc8b22f4055630e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1023B

MD5
b1a637e33d62b2fdd46eed2a930d490d

SHA1
e1cc8b4b0cf82f975224817c4e4b0c2f4716e227

SHA256
e33c43fd2c7258b5286cc21e80b612df3c5b002c882b3b7be7bc8300cc97125a

SHA512
dd1edb0a223e9d7a69e8db0ef2653b5c7859598cdf137e6526e87fcc95f13698664010235f0044317785b0557ac38def71eef72abeb8e9366df47292b1421453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
023cce7a5e6ee28684cd64b1d160aba0

SHA1
886bb61136e4f64d7985363fa45a769dbb400948

SHA256
26ce6b52d81b16b6ef2b48a7d883fceb6df1b665a485744e8212ba8b661b5fa5

SHA512
5e32fbeea2f2240508c63b82292493603d0057f0425436e3d0876d9fd1c0b84b58c53a63dcc00d60bcdb4d3f891bbf82e02f70c5b0a5e0936f8d612f19671b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
12f33ab59f1ad9c7291d9f21a94f16d2

SHA1
71b914059bf08a70fec42197136e9af6a617a477

SHA256
c58074be3b8091f5eba4ae91d8035a83d1ffbea6bd8e8520e23f76d840db1f34

SHA512
ea6a143c3362109586fc9eebf4560658ffad5e46966aa3019fda0936b73d2cac18e46a777b5a2affea5bf4892f95ad9e8232868d1682dd3231efddb01e8ea873

Download Submit
\??\pipe\crashpad_2464_XMLVDBADOMMLWGRH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit