c75a501f400a931acf6561dd51e828b3b7109b9b1ed2df67d71daf10a6551eb4

Analysis

max time kernel
79s
max time network
81s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
12/01/2023, 09:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Mon_09_Jan_2023_20_21_20_cloud_link.html
Size

302B
MD5

ad0cadf82e7c75f1f6ec8c0e07dd213b
SHA1

8e626b17b875d594188d9655b985478a521198b4
SHA256

c75a501f400a931acf6561dd51e828b3b7109b9b1ed2df67d71daf10a6551eb4
SHA512

0ffd773627e9bc9c1e689f74e4d7ff38e547bb0068fffbccd980f48fbb22a3e23768cee3252dfbfa89ec1b55b57173440b63bd34527bf77754ad5a62c6fb9dd3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
2500	chrome.exe
2500	chrome.exe
1364	chrome.exe
1364	chrome.exe
5052	chrome.exe
5052	chrome.exe
4708	chrome.exe
4708	chrome.exe
4728	chrome.exe
4728	chrome.exe
4652	chrome.exe
4652	chrome.exe
4820	chrome.exe
4820	chrome.exe
2500	chrome.exe
2500	chrome.exe
1788	chrome.exe
1788	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2516	2500	chrome.exe	66
PID 2500 wrote to memory of 2516	2500	chrome.exe	66
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4140	2500	chrome.exe	68
PID 2500 wrote to memory of 4716	2500	chrome.exe	69
PID 2500 wrote to memory of 4716	2500	chrome.exe	69
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70
PID 2500 wrote to memory of 2292	2500	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Users\Admin\AppData\Local\Temp\Mon_09_Jan_2023_20_21_20_cloud_link.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffce6154f50,0x7ffce6154f60,0x7ffce6154f70
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1608 /prefetch:2
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4208 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3200 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,1626918024927269752,5097489245458322655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:1136

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads