Analysis
-
max time kernel
5s -
max time network
86s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08-03-2023 17:00
Static task
static1
Behavioral task
behavioral1
Sample
Important - Statement...html
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
Important - Statement...html
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral3
Sample
Important - Statement...html
Resource
win10v2004-20230220-en
windows10-2004-x64
General
-
Target
Important - Statement...html
-
Size
296B
-
MD5
bf0be77a126395a20ea29b359dba7fcc
-
SHA1
0a4f7ffc0be18419658526d60d49743bc41c51d3
-
SHA256
9ea3037433b2ca1b6fb08b38355f1851d5ba3db76613e3fcf76e834dcd247661
-
SHA512
fbda5e53f412141b004517a7f28a7decf1c017dc0baf93e5e86fa06c591e5923fd4a224ab33cfd1db581b7480af0caae91b9325a8a5546c3c86daee595700763
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1756 chrome.exe 1756 chrome.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeShutdownPrivilege 1756 chrome.exe Token: SeShutdownPrivilege 1756 chrome.exe Token: SeShutdownPrivilege 1756 chrome.exe Token: SeShutdownPrivilege 1756 chrome.exe Token: SeShutdownPrivilege 1756 chrome.exe Token: SeShutdownPrivilege 1756 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe 1756 chrome.exe -
Suspicious use of WriteProcessMemory 29 IoCs
description pid Process procid_target PID 1756 wrote to memory of 2044 1756 chrome.exe 28 PID 1756 wrote to memory of 2044 1756 chrome.exe 28 PID 1756 wrote to memory of 2044 1756 chrome.exe 28 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30 PID 1756 wrote to memory of 1472 1756 chrome.exe 30
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\Important - Statement...html"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1756 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6fb9758,0x7fef6fb9768,0x7fef6fb97782⤵PID:2044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1132,i,392775905782040315,14924305334381949623,131072 /prefetch:22⤵PID:1472
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:692
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7b9f083c-74a5-4099-8a02-676fc3a4d6fd.tmp
Filesize4KB
MD5ec948ce1dd1a41879bf8ddd8f0886d26
SHA1f061d9637650a1dc284a312a83d8b03a090ec869
SHA2564cb080c3a0a0ff4a75708f26c774cb17fd5798f9cbb76523ba2fa215f48a13af
SHA512cfb72daa5337a6178c41e878c6ce8d75b8543249a93104377b0e3ebb951f0602652e025d134c74f1850475bf5e1092bcf259369128b13193202378a7d9315940
-
Filesize
4KB
MD5585a185666fb8dbe789455b333c50b34
SHA1e956a1310a33a95a6945c54f81981615b7c27150
SHA256d1b9883d439d4ba399336b4665677431719fd6ea8484c1f536f94966a2976b74
SHA51243d248cddc93fabb16741f9e03e6d6641b106b1c791cced31d86750466d84e8c70e47b6c274b0f7c29e1f49d014454ddf0a07242fe0e3daac7c2253fb29ccdf1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c731e31a-c582-4bd5-a164-8f52fc8ae5c0.tmp
Filesize4KB
MD5880a47126266f34b7a60700dc909fa5a
SHA13346978b0c00b5a777b477ed4721533b44ff3e86
SHA2565eb47413787f74267de0bd005fc61c9f876f9f619e1ead77cb1f4b38fe8ecb92
SHA51289f1c1aebb22cc27ffcce107ef3b6e8609fc3f20dbe49ce3ce84c29a8bb89de3ae6b530308438053afcbb4154fcd6860d262b6dfc13a545d8ee956d06b7e044c