872c2d4357d29481bb1ab4af7c8d324078b34bcad2238cb228d57053fabd648c

Resubmissions

27/03/2023, 04:28

230327-e3x92adf6s 5

27/03/2023, 04:27

230327-e25mqabf58 5

27/03/2023, 04:23

230327-ezv1habf49 5

Analysis

max time kernel
65s
max time network
68s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2023, 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Play_Now ⏮️ ▶️ ⏭️ Aaron.lum_3pM.html
Size

1.3MB
MD5

d37728e4e5997f40bc322c81e5b95151
SHA1

27768d019b86d2106f0a74f8fb3ec4cf06d39274
SHA256

872c2d4357d29481bb1ab4af7c8d324078b34bcad2238cb228d57053fabd648c
SHA512

251bc0a66d3bf492c5109983c1bd81b6c9611eb3ae534d314f5be7d98ff6ecb176a83d41eb7fac74a8822f2b411e39749e3ad5638c9efaef8785904bfc12e1e7
SSDEEP

1536:2gfpDeDEPwi6q9ndSw1flc96F2XLz0RsNJdXFCd/d/91mZxS6QComqPzYBVKJaR7:o

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133243720539609189"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4180	chrome.exe
4180	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4180	chrome.exe
4180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 1328	4180	chrome.exe	81
PID 4180 wrote to memory of 1328	4180	chrome.exe	81
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 2276	4180	chrome.exe	82
PID 4180 wrote to memory of 4888	4180	chrome.exe	83
PID 4180 wrote to memory of 4888	4180	chrome.exe	83
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84
PID 4180 wrote to memory of 4688	4180	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\Play_Now ⏮️ ▶️ ⏭️ Aaron.lum_3pM.html"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd177b9758,0x7ffd177b9768,0x7ffd177b9778
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1832,i,14622713795937707480,905826895352653066,131072 /prefetch:2
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1832,i,14622713795937707480,905826895352653066,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1832,i,14622713795937707480,905826895352653066,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1832,i,14622713795937707480,905826895352653066,131072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1832,i,14622713795937707480,905826895352653066,131072 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1832,i,14622713795937707480,905826895352653066,131072 /prefetch:8
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5220 --field-trial-handle=1832,i,14622713795937707480,905826895352653066,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1832,i,14622713795937707480,905826895352653066,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1832,i,14622713795937707480,905826895352653066,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1832,i,14622713795937707480,905826895352653066,131072 /prefetch:8
  2⤵
  PID:1916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3780

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
158d49684d4e5bf9ded8c877548a8d26

SHA1
ea54059463ec77cf69977b4496f8b3d18832d655

SHA256
fda88035993638dd2ec0bdd3966c480011bbe33c98a686ce4340982bbddf2b19

SHA512
adf9991f6609caff02139374f646edd87d5cb0ba8e8f84a91585c2887a20df8a6a547e33de2d6b56598a699514e595b17615f2589579b138ad1db5c53fe70245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c88e4538fe3a6046439411cb017db3c5

SHA1
a9c7e6bd542783ae65e00cd60713f3bf23062a55

SHA256
d7a7225d422fe3cf0b0f650d8522aa4e6b0c0b9e48e17424d15fa361afc66b9d

SHA512
5902f09514f63b004c3ee10551448e0a42841edac59417e484fb1ddc8c9364807c3f979e0c6767878350b0be9200d90ebf89dd45ebc5f021551f533c683454f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5bd53b5cdba8058c807062e10200a32f

SHA1
0d4ada86298004cfb09ba79141ebca847be1a1c7

SHA256
fe2db12e97137646d9530a79ca202879f972aa3af4f2be905a4e651066c731a3

SHA512
7e8290bba0864795b4783be6b27da7694380354bb29672cac5e5fe412cd8f96ca4d0032d630166536613e6c3c51db6575a7bd180e2f9ae40178e970598ffb676

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
110707e276c15e8f17f646a7d8e9a470

SHA1
8173ccdfdd7a8392f93d9bfc782c6689983f12cd

SHA256
296171e1a1e86b2f854fdcd0d2fdf560d0347593a4777ded07eab34bc278d91b

SHA512
89121c14ec99d96d706c5557c711777ff0dc5307d86d80acdde39efd9870167397fc7a179b859ceb549dedd18c3ff68afa9b8fce0411b3a1eead69a4a50f3e5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
417d7abb09db8110cdf0e1475a49b972

SHA1
b2b6f6ae3046698d9794b33acc3e6fae5a82cc5a

SHA256
7f2da1488190e4a346a840c09ab634134fefbbb839f8f6fed35d92f783140435

SHA512
588ba504bd41f060bcb9b7254fa5839f3c8d1fe1a7e22dbb38c66aa7e46c30805ace8970461574f7c3fed1b3ceed526202c5951cd1242f6470bf9da0ce874548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
a47c4b465a538b421b07f858f911da39

SHA1
06a2629c2327c7853c49fabe4d434c7ed6bc64a8

SHA256
3e80cb6cd5a722b484b97650a97f36873e061d35d4e7d97a3bc3ec4fee3a4c02

SHA512
351e51b2fa434451d40153eb41fbe9dd5a9d47f23794323844c8855505542581bbf5506376b738b9589e488e12ad172d7857179f7022cccd70463351837cbbf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit