872c2d4357d29481bb1ab4af7c8d324078b34bcad2238cb228d57053fabd648c

General

Target

Play_Now ⏮️ ▶️ ⏭️ Aaron.lum_3pM.html
Size

1.3MB
MD5

d37728e4e5997f40bc322c81e5b95151
SHA1

27768d019b86d2106f0a74f8fb3ec4cf06d39274
SHA256

872c2d4357d29481bb1ab4af7c8d324078b34bcad2238cb228d57053fabd648c
SHA512

251bc0a66d3bf492c5109983c1bd81b6c9611eb3ae534d314f5be7d98ff6ecb176a83d41eb7fac74a8822f2b411e39749e3ad5638c9efaef8785904bfc12e1e7
SSDEEP

1536:2gfpDeDEPwi6q9ndSw1flc96F2XLz0RsNJdXFCd/d/91mZxS6QComqPzYBVKJaR7:o

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133243721318068055"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3224 chrome.exe
3224 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3224 chrome.exe
3224 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe
Token: SeShutdownPrivilege	3224	chrome.exe
Token: SeCreatePagefilePrivilege	3224	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe
3224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3224 wrote to memory of 5068	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 5068	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 4164	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 552	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 552	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe
PID 3224 wrote to memory of 1376	3224	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\Play_Now ⏮️ ▶️ ⏭️ Aaron.lum_3pM.html"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf86d9758,0x7ffdf86d9768,0x7ffdf86d9778
2⤵
PID:5068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:2
2⤵
PID:4164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:8
2⤵
PID:552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:8
2⤵
PID:1376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3244 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:1
2⤵
PID:1932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3232 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:1
2⤵
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:8
2⤵
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:8
2⤵
PID:3200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1840,i,12273229901426567629,3959237992986270928,131072 /prefetch:8
2⤵
PID:4372

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4712

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
ee8c9da81c7494a22f210381645e9802

SHA1
22f0b629a792383d690a1d1fa845ae6b4c67fd69

SHA256
f805b74d7e497ebd3a1a0c86ec7340f586431d8f9a625c90e80353c96a3111df

SHA512
81fa57125999b922d0c6f66e736bc42eea1499a89359e4b6e0ba033fb9f0daa5b5633f762fad505f20691be7d10aa7925654b7d972963df7b92cd188c69ccc41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
56cbb28c6957fd6fa76df72d9e6be6ed

SHA1
8194dbcfb1150d34079975005394661048f7ddf7

SHA256
212dfd255b00f400b0ef9daadfa3b567673dff0efef47fe962424fa9d64771d4

SHA512
bf41fa46b2f22f5cdf5c5b2b6b2abd6338f673b1dab4bfaa2d1cc40af095974d206815711251251f2bca1567976490a62a860a9a725b07964d06e1a0cd897a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e8a02f4d68bdff386bc10a19b2d2f63e

SHA1
4320e52c89751c59ec46bb770cc2acdfaac8af74

SHA256
d0455059ae71325a96b97bd114883a9917fef9499f86cbca65b4f9455079a9ec

SHA512
0df1689486087715a7c0e37d50049185c81c6ea1656f53fea9dfa182175b9985caaa262fea75fdc12f11b7dfcacad5727e6bcb7bcbf1645cde23b31433f4ec11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
48b1eb6b2bd9e66e8a58fafad7675a3b

SHA1
2461495e53edee1c26fb9c46655a84b94eac2f62

SHA256
6b5a55db6ce47f06aaf2bd1db5b55ae2253865fd1aba9d4655cb034e4fa6f451

SHA512
a3ee71585646f280f998d3c57eb7d14908fbd0c95410b25efedb04a3310a21dd89022c382c67de10d99987276c38d1d9eba2e5b1398c29d3aeda19d376b480be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
181732febad9f2f5ac5d3bb46202ee3b

SHA1
6f981d5f424342142655bf14601e8ccd96da6a89

SHA256
00c19fdc3bcc7ae21437a2084194458c959b60ff299b923aa2958ba8b2b8bb0f

SHA512
528fc990c855e1328051d50cbb11b0dda0e60a8c49dc626861170065f63fd0a24af0bee176e05d68d40838df49b14db70c360ece7ed488ba36a10fa2145bffc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
05133c4c17e726df8569b6fde5e2f215

SHA1
eb1588b44bb0f93aeedcfa5a456aa962f3b45d94

SHA256
2bd473241281693183978a7fd0ba5fd2139d6d8d82afd12eaf43cf5d57fd7413

SHA512
7df128e707256beefd81d04b542ed2cfd76ff506108f364cd1c499c98e6c749db91c288cf0fc016f8ded308b5e3a308b2d45a44c5142e3348c11430a79e07d83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3224_GAFOIHNMYJFZEDRF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads