4dcb275aa82d6284463e4535ae5d75bf149bf7d74fa62687fda591b26db2a343

General

Target

Voicemail Audio Transcription.html
Size

824B
MD5

cb96d18478bcedf2117d56b2d35e8c0e
SHA1

bddf41f4b1db1adbdd3e3612d098a0edab5d0a4b
SHA256

4dcb275aa82d6284463e4535ae5d75bf149bf7d74fa62687fda591b26db2a343
SHA512

88014f68f28dbd8c565191d2d426047bfaaf90887cedeeb2a21c1228693690cf27e08128df3055cd0f5739e78d80f96a9a4f4c3b48c3b83fe3b85b95580bdcc2

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238392344585310"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3172 chrome.exe
3172 chrome.exe
1576 chrome.exe
1576 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3172 chrome.exe
3172 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3172 wrote to memory of 2808	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2808	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 4480	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 1556	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 1556	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2240	3172	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\Voicemail Audio Transcription.html"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe06d59758,0x7ffe06d59768,0x7ffe06d59778
2⤵
PID:2808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1788,i,13587863893810345394,5194865461166523529,131072 /prefetch:2
2⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1788,i,13587863893810345394,5194865461166523529,131072 /prefetch:8
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1788,i,13587863893810345394,5194865461166523529,131072 /prefetch:8
2⤵
PID:2240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1788,i,13587863893810345394,5194865461166523529,131072 /prefetch:1
2⤵
PID:736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1788,i,13587863893810345394,5194865461166523529,131072 /prefetch:1
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1788,i,13587863893810345394,5194865461166523529,131072 /prefetch:8
2⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1788,i,13587863893810345394,5194865461166523529,131072 /prefetch:8
2⤵
PID:972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1788,i,13587863893810345394,5194865461166523529,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1576

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4400

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
d394390366e4c61ae306920c12c1ff4c

SHA1
6dff9c48dc2e8f7dd8f147781bd57c71e7170591

SHA256
467cd3468fc081d6e483cefaa579fcadbc5ba760ff28a2c84f0680c61f5bda8d

SHA512
a3a614f74b641b64142787f53233f094a59b8df9aa30ea964bd9c42af3b077add13e6f8f09aca6c3d95e30aba2deb73c66d33636363fcb747d3f60a038d49eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
06a8371ef14c623676910659b2ad2d90

SHA1
755151328f67c26490c6e53a24a607e435675fec

SHA256
4aba20afa99e8424c107f436330c9dddbd3059993afb393484b09a5f1f98c717

SHA512
ef12c175868a3fcdbd1bc557e3052382a894bcd9ecf3060d9dd5672b3a06d22a2eb5d53578ce11cb2c36f14fcfa80b7cbb37f466790622a1cda23cc020c32b35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
bf97f232a1857a51a354ddddbfa4ea18

SHA1
2ca141f96b8e6e00ff72459c4a8792ec3a6dc19c

SHA256
f7dca60a9cf018ccd864562b45fa692136977423599342fb1a01dff0c91564b8

SHA512
f31b12100fbe25e96505fba69d97ac00e9c64db3aacf593d06b57207f85ea9c6430327a462abbff2c1aa4dd6bdbbf81123266faadf5228b4cc4d0aad4b5bfd4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
696aadf28575f9eed38547f698cb5967

SHA1
00e8477aa03ed0566eb5e1d855b055b2398a83e4

SHA256
3cfefbe7b7579539d13c35294e16d656b0207144d65dad170a251edb0937a98b

SHA512
f71502320f1053e5ac7fd9bf2df6ad9029a8fccab9e73e4425398f8b292507b3233965c305eb666ade49753905beaffb1a12af794d054966414994081c49418c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
a0d30477ba1d373938c25aaae283d4e2

SHA1
9f23947b313f88a18101512d899a1e399ad9a127

SHA256
666c06280a605d11a9c19a2caa228fbe26188848c76a326202d609cc53981be4

SHA512
85bf4d6882e91048fa67dcdef120ab46bc949b59cbc51c4a54c940544d9bd58118fe544c62125adf05b2651bcf430229d9450f39b1685a026b353cd552026ffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
2d1c64aea2f0d29fdb1282cae9994cc7

SHA1
b3a19e2d7c70484ac2fc56adb80dfa078c1500a2

SHA256
d1fcacf04d5ff2aa6526f167523d0569c5c68038a14a629543658456b27dfa4f

SHA512
7ab18a139f75bcb96c0b58b289c8dba1a62c97beae624396833d53bd5ebf31f78ac5feaf3261b07f6b3af2865c66a96b2dc3d5d6dc5fdee2355e4ecabbcacec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3172_CIXIDBRLPNJHDMZJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads