87c919d355c4e3173213d6bbcf5cdaa15bdd9c985466677b0285dc07b4acfd56

Resubmissions

21/03/2023, 00:36

230321-ax825aaa2y 1

20/03/2023, 15:10

230320-skab5sea96 1

Analysis

max time kernel
57s
max time network
58s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
21/03/2023, 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Usco119 Due Account Friday ‮‮‮fdp.html
Size

27KB
MD5

50e83bddf8f86583e89a5b4355d07d82
SHA1

8a68f2f64b0deb0427a866ef2a91a4008e13967f
SHA256

87c919d355c4e3173213d6bbcf5cdaa15bdd9c985466677b0285dc07b4acfd56
SHA512

50579d77fae2ec345a63371420415060a69dc041b96a7b9ae67887167b6eb51f6774fa2c36921e2855d1eef49052e07ea97b79648b00d41e0c348e293a30139e
SSDEEP

96:vEUY5ukhXEZM50L1LMx+L1gyMf6LRyMgYLrkLKLRALuN5yE7TQZzgMk7LykLvLEe:cdVXALkLKLRJNT7TQZw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238362197385645"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2516	2408	chrome.exe	66
PID 2408 wrote to memory of 2516	2408	chrome.exe	66
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4420	2408	chrome.exe	69
PID 2408 wrote to memory of 4224	2408	chrome.exe	68
PID 2408 wrote to memory of 4224	2408	chrome.exe	68
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70
PID 2408 wrote to memory of 4684	2408	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\Usco119 Due Account Friday ‮‮‮fdp.html"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff824059758,0x7ff824059768,0x7ff824059778
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1736,i,12702934635452407426,2989117768747627488,131072 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1736,i,12702934635452407426,2989117768747627488,131072 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1896 --field-trial-handle=1736,i,12702934635452407426,2989117768747627488,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1736,i,12702934635452407426,2989117768747627488,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1736,i,12702934635452407426,2989117768747627488,131072 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1736,i,12702934635452407426,2989117768747627488,131072 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1736,i,12702934635452407426,2989117768747627488,131072 /prefetch:8
  2⤵
  PID:4792

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b0421ae0-56b5-482e-817b-b36d4803b141.tmp

Filesize
873B

MD5
e6afad20933b0e2e2a48fc0e574b33cc

SHA1
893b250cfb51e41a9bb64c63fb230bf1f34092e1

SHA256
2d5786144bc3e771c8d79eeadb26a76fc22db0827a229dd65380ec4f26e088c7

SHA512
6b099fbb5d7cc07a0eb789f4fd164cacb56ab557b71ad517c38ae7b0382b79a4e51d1246dfbaaeda4b7a299fd47e0227e6b7e875af7ca08d61ddd96ce4fabb85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f33e848400905e8920d639eab4b1a6bf

SHA1
1c033a37e76fe1847d89406b83d1ca29175f877c

SHA256
83aa859917c9a7eadae8c551471a93dc7cf6b5e20df43db0b201178507b9c824

SHA512
6008246649b47ba4c4967af8638c1261c45129e5f777bcace7cad7a9bbd648b82aee6b7f4fa29fd5503b0b805dfe719d9f1a2854abbade05e0ab5fd893692b9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7c27e5c383337c0611fff3b231cf3615

SHA1
3ca783e508c27dc420b0442e2af7e75f0b10ed80

SHA256
055eb0506b561f682a46b4daaad899056e9b4b6a28725a489c5d9515f5a6f2ba

SHA512
33d27322e8705ff4fd32477c09fc4702bbcea1adf309e5cfdaa534d95c0de45dfe080075ceae4a28e0de67f57a30f9b7d7e27f5a50cc0f7715c74d0612bd38eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
f37f702510d37e62360aad8fa9b37b82

SHA1
a040df62b0f8ef984cc28a4ff9a7ea5f8fe81efb

SHA256
841df5cee14d4be0bbded36b60d68fc79d60673258d193ba5abecc861183d121

SHA512
c8980109a64d815dcb03616e466db2a0e312fbefb434efb02823bce399f5fb73129fd44215ee2b6877e02bd72992abfff47aba4d4cfccbaf2cabc94b8a98df39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit