3a462a47d3bcfc291ca94be23fe64c26c3a8cf90546754a29e6e731b865ca6c2

Resubmissions

31/01/2023, 13:39

230131-qyahysad71 1

31/01/2023, 13:22

230131-qmgswsad4x 1

Analysis

max time kernel
139s
max time network
152s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
31/01/2023, 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xxxxxxVAT-Statement.pdf.js
Size

1KB
MD5

ef6dae7a65e8837ef9bf7af5907837ce
SHA1

bad595d0e6742c715b53661ce7bc6ce4aff394e9
SHA256

3a462a47d3bcfc291ca94be23fe64c26c3a8cf90546754a29e6e731b865ca6c2
SHA512

09e9f79a4614cd70f3a95286be4b243ee3588b4dcb39b7d32a7901508fdae98e5fad86334e22f1b063311a42f4984b47567d16e46e1e326192bc49c63b6701b4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1676	chrome.exe
596	chrome.exe
596	chrome.exe
2592	chrome.exe
596	chrome.exe
596	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 596 wrote to memory of 1180	596	chrome.exe	29
PID 596 wrote to memory of 1180	596	chrome.exe	29
PID 596 wrote to memory of 1180	596	chrome.exe	29
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 936	596	chrome.exe	30
PID 596 wrote to memory of 1676	596	chrome.exe	31
PID 596 wrote to memory of 1676	596	chrome.exe	31
PID 596 wrote to memory of 1676	596	chrome.exe	31
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32
PID 596 wrote to memory of 1792	596	chrome.exe	32

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\xxxxxxVAT-Statement.pdf.js
1⤵
PID:832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef62e4f50,0x7fef62e4f60,0x7fef62e4f70
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1080 /prefetch:2
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1828 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3144 /prefetch:2
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3636 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3876 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3980 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4068 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=948 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=544 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1944 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1060,249353519971772901,4462534850168056081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2592

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads