9617a4b8ef763693f57cf30a3b8ab5b9c699e0e365cb22c6c51e2ed7b0fe4d33

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2023, 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-2.html
Size

19KB
MD5

c87bb1b0da6cbc47abfd511fe5f3d83b
SHA1

fceffcdb6e85d97e0e11800a926ca6a1088bcfc3
SHA256

b0088797381416f8efd2dcefc1051759826c9c05f3ccfc3cc8ee7594c7925244
SHA512

5aaa5473ef541555fe73ddd324bf5f074c7739f780a10e91287b396ad274d8179423732f981c16498864e987042307b9bb41cfe8041ff29f1966c3a0b80ec2ca
SSDEEP

192:Q+qJwaJSDsU4UAEVRhO7mt62Jjt8XYbnEO0aQpbUEqPIbVEbSIFbla64u99b6a2b:qJweSDsFAlNSI+X4fze9j2DYSV8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239783855276265"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
260	chrome.exe
260	chrome.exe
1776	chrome.exe
1776	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
260	chrome.exe
260	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe
Token: SeShutdownPrivilege	260	chrome.exe
Token: SeCreatePagefilePrivilege	260	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe
260	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 260 wrote to memory of 212	260	chrome.exe	85
PID 260 wrote to memory of 212	260	chrome.exe	85
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 3980	260	chrome.exe	86
PID 260 wrote to memory of 404	260	chrome.exe	87
PID 260 wrote to memory of 404	260	chrome.exe	87
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88
PID 260 wrote to memory of 3972	260	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\email-html-2.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe6139758,0x7fffe6139768,0x7fffe6139778
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1808,i,10752639806746644137,9214166269202944728,131072 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1808,i,10752639806746644137,9214166269202944728,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1808,i,10752639806746644137,9214166269202944728,131072 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1808,i,10752639806746644137,9214166269202944728,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1808,i,10752639806746644137,9214166269202944728,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1808,i,10752639806746644137,9214166269202944728,131072 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1808,i,10752639806746644137,9214166269202944728,131072 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 --field-trial-handle=1808,i,10752639806746644137,9214166269202944728,131072 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4544 --field-trial-handle=1808,i,10752639806746644137,9214166269202944728,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1484

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3eee9353db30b556d4e64df69b42ee52

SHA1
335a25d5cf56d1bca9536591fad2a03d903fb0a1

SHA256
da861f350cbe6062a79572484f22a1eb80156ed367e22f4b0cc5b8747ff68311

SHA512
2dff1477bbb69c93f39680dc9c2d543dea9313dd72c6fe40b55910e2d565975b3f17d24a7d77b8c4875165b8d6e4d5bff4268b2061204ee7740707f6664ab758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
b82733880a5f7b34e156fa859d76f3fe

SHA1
0a9da89bf78687042a3fc288dac0c278186a968f

SHA256
d0c645cbc04a17fba8351ef31c8b2a27562b680b37218ff40a2dfa6f9c240e80

SHA512
f1944e9386ac4640c4e75d77c3f96ce52b0c99ddc71fd8fd9d9ff4ce14203a092e8fbdb023b306ca70bca438ece973fb184c21ffb6b1c704fcf3074e7f3f2a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cc0d2fc80b2452f217296c05a3fb450a

SHA1
64a734f45938a100c78533806eacdb32c53f62ad

SHA256
708184219dfca483dcfa941b01848967293ef94fa528d9f2326edaab27ada170

SHA512
803efb873178b9dfdc69dd000044fcc8f1ec12cc6fd1a037e814d2ff1191ce002ae2ac51526bcd6ad9f2957f0e8134911e5fb34610904d79ab60ece42ef308b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5cb28dd1014777e7a982e6f9217620c3

SHA1
3086fd6141a0639c63b261f21a8d23d94a3e8a1d

SHA256
0e7b487ceaf7b6490b86228eac08d3200a6d2cd27af0c3343f690ff99c72f48a

SHA512
f5f9c36e4428199b80c39fe6daa794a914968cc522f531d6664d13d798cd7e90258edd01208d399515fbf92584d8326b9bab34e7511440b1a403101a337e651c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dfa63d14b20c4ea55eee89cdf7d41dfb

SHA1
fdf1c03e96a8ef7a1e5b799f21ad88d2d265c7e6

SHA256
6b175a93f7d2981cc7382d95b2e6faf539518c9d87211331314b0604582253e2

SHA512
cfef2d28b45a8c9e57ca098b63a72bdacab5a58a3107032ef6af394930681a4caca1e7d078e9bbcc720181c6a068960c644174f478d4d07202a9bfcacb2556bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
8e5d58314139e00e2a1365c817a65b8f

SHA1
b5adb90c5580188ba96f2286a6a2f3f19c08dd30

SHA256
8cb53f2a11bb093623fc77cbec81788f384eb8971648ba00549ee699cc4ebe7c

SHA512
4d4e1f8a58bb13bbf7b6b0360570c8cfa338b31288efae5fa652b36bd68b8ced6235365bdfbea81b51d260c84f40da772dc32b29858515952f97ee5887301063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit