872c2d4357d29481bb1ab4af7c8d324078b34bcad2238cb228d57053fabd648c

Resubmissions

27/03/2023, 04:28

230327-e3x92adf6s 5

27/03/2023, 04:27

230327-e25mqabf58 5

27/03/2023, 04:23

230327-ezv1habf49 5

Analysis

max time kernel
12s
max time network
62s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
27/03/2023, 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Play_Now ⏮️ ▶️ ⏭️ Aaron.lum_3pM.html
Size

1.3MB
MD5

d37728e4e5997f40bc322c81e5b95151
SHA1

27768d019b86d2106f0a74f8fb3ec4cf06d39274
SHA256

872c2d4357d29481bb1ab4af7c8d324078b34bcad2238cb228d57053fabd648c
SHA512

251bc0a66d3bf492c5109983c1bd81b6c9611eb3ae534d314f5be7d98ff6ecb176a83d41eb7fac74a8822f2b411e39749e3ad5638c9efaef8785904bfc12e1e7
SSDEEP

1536:2gfpDeDEPwi6q9ndSw1flc96F2XLz0RsNJdXFCd/d/91mZxS6QComqPzYBVKJaR7:o

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 1728	1084	chrome.exe	28
PID 1084 wrote to memory of 1728	1084	chrome.exe	28
PID 1084 wrote to memory of 1728	1084	chrome.exe	28
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1332	1084	chrome.exe	30
PID 1084 wrote to memory of 1260	1084	chrome.exe	31
PID 1084 wrote to memory of 1260	1084	chrome.exe	31
PID 1084 wrote to memory of 1260	1084	chrome.exe	31
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32
PID 1084 wrote to memory of 672	1084	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\Play_Now ⏮️ ▶️ ⏭️ Aaron.lum_3pM.html"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6879758,0x7fef6879768,0x7fef6879778
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=996 --field-trial-handle=1256,i,12611162769120578215,2938224051451545577,131072 /prefetch:2
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1256,i,12611162769120578215,2938224051451545577,131072 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1256,i,12611162769120578215,2938224051451545577,131072 /prefetch:8
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1256,i,12611162769120578215,2938224051451545577,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2216 --field-trial-handle=1256,i,12611162769120578215,2938224051451545577,131072 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1196 --field-trial-handle=1256,i,12611162769120578215,2938224051451545577,131072 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1152 --field-trial-handle=1256,i,12611162769120578215,2938224051451545577,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2568 --field-trial-handle=1256,i,12611162769120578215,2938224051451545577,131072 /prefetch:1
  2⤵
  PID:2932

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1708

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6befd2b2d91f11814f9a8d529d83cdb9

SHA1
19e06aa930777326b9c723b0e24b6d486d0e4f24

SHA256
f71f8c144d34920e5aa9d5810ba5f3d7f124f0606c21d4abe87c1c4f5c2e2371

SHA512
9dd0117f60b07a12a0aea4b4492a853f6b59b75ec8e893882fac5b615c27ff9e8644750bb2ad3847521ef37772969d0c593354da122d1fa5f47fed9a8baa338c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1616b3b683010db25bf073c1a6bde915

SHA1
38e01b490ec00d1af8eee30aba4b43b3ff99deb5

SHA256
1a5c6f2bd5786059f2de01fa1a7e283d48c330aa45fbe5f57701f83b9f60b7fc

SHA512
3bc11478bc5c95af5c72378ace9c4ae2823dc963f9facc15c599db00c51344f6089bf8115822c06d5b6472e7f878b557412e3502bc8d7cf879d47f4ff0181559

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c4d63dcbab676be4e7361f90d17c129

SHA1
4534a657ebdc9ffceecbf541226b4940bcb84915

SHA256
3b8b7bf04c51ffad76da3b168c01e702c369b59c3763cbbc3a1d951ed983b3a4

SHA512
a215ab8ae8e09307986ba10611726bb8555eb63ef9363f2042cc2de72571e4f6c24e9653a6f9bab74b2fb0e722019c9d7d946a40ad7661b92fb5265c32d24ec9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c4d63dcbab676be4e7361f90d17c129

SHA1
4534a657ebdc9ffceecbf541226b4940bcb84915

SHA256
3b8b7bf04c51ffad76da3b168c01e702c369b59c3763cbbc3a1d951ed983b3a4

SHA512
a215ab8ae8e09307986ba10611726bb8555eb63ef9363f2042cc2de72571e4f6c24e9653a6f9bab74b2fb0e722019c9d7d946a40ad7661b92fb5265c32d24ec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
5c6b83c454e782fe88da408d44688f5c

SHA1
90f5c0d1f88a37e069cd9afe6858f7eb80cf6e85

SHA256
92c766ce2b69334e17490c2177fbccaa4bc507b03906fd8ae7c462ed8ac280ba

SHA512
6da173f550a6521496e77311e8213eedf16908d447da92b31a9df3ab9e34414c1893cc8d100b52f446ed7b3618629cd5d1dca6ab1a51657494dac250da503cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e467cb22-d946-406c-9d72-07c716f8d8e4.tmp

Filesize
4KB

MD5
f4a22629672f6c0d77a742057bb44f8d

SHA1
d054d004cbdb63dc338245fecfa9f0df586ca4fe

SHA256
14235295b4eae55e0cb8247ee59bc7d1777217a31515558a9ca8640426e0c13a

SHA512
a2c59a6d2a67902a592aa86607c74c882a0c8af8645b8b4a6a4867b287bef495e9311f44d4a469538d2b617b4cdc63457dded33adfe611b696ddeb74aa126371

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3D56.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit