3f1779948e5d73da23837ef4f39e285b9d6bd4a029589bbf51e62557b3abd2db

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2022 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PDF File (1) (1).html
Size

22KB
MD5

362c4dad867f3fdf9fe3c4808fa20215
SHA1

2618e47d94b09eda56fb436f614bd74efd7aacd1
SHA256

3f1779948e5d73da23837ef4f39e285b9d6bd4a029589bbf51e62557b3abd2db
SHA512

b4c27f5900b0b220847ab7bf5d8f9b388fd70e6df3e38d33209f572575a2fde9621f7d377d3df26228cdaeb67464e8b37413f0bd1b906f354c942f0f427f35a9
SSDEEP

384:hc0s1A4iX8i/VyvXxBmjiIOJGsfVNEtND6NSuNBto8UHAm9VN8tNPRNvtj8UQtAl:hc5ChsvXxBm3XjPeHjvDZAFGE2R7v

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4264	chrome.exe
4264	chrome.exe
3448	chrome.exe
3448	chrome.exe
3640	chrome.exe
3640	chrome.exe
3444	chrome.exe
3444	chrome.exe
3244	chrome.exe
3244	chrome.exe
2044	chrome.exe
2044	chrome.exe
2076	chrome.exe
2076	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 968	3448	chrome.exe	81
PID 3448 wrote to memory of 968	3448	chrome.exe	81
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4432	3448	chrome.exe	84
PID 3448 wrote to memory of 4264	3448	chrome.exe	85
PID 3448 wrote to memory of 4264	3448	chrome.exe	85
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86
PID 3448 wrote to memory of 3136	3448	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\Admin\AppData\Local\Temp\PDF File (1) (1).html"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99e564f50,0x7ff99e564f60,0x7ff99e564f70
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1640 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4324 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4468 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,7622617762678872698,17726458715983443945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:4572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4400

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads