65f96d192515368e1d455d38faa55b5701376dc4c63f56f52a76940fed91416b

General

Target

Mabou-Payment-1VYPWGISJWAI.htm
Size

2KB
MD5

04a91daaa78d4fcfe1f3215a9dec2fc5
SHA1

55be8311da72184316ece1cf616109add763d6ab
SHA256

15498a70c4f0d58c077460ca58a1adaf17442f5d012da91988325a1420ede92e
SHA512

d172ca46157b554cfdf9cd9356e2c4c457dc2bb21c84312ff84b21cf6c9eab0c728c4ce893634cc0b393847e7a2b2c94750d5c17c124d3a5da1937f0cab75115

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133245509204296999"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3360 chrome.exe
3360 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3360 chrome.exe
3360 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe
Token: SeShutdownPrivilege	3360	chrome.exe
Token: SeCreatePagefilePrivilege	3360	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe
3360	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3360 wrote to memory of 4552	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 4552	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3248	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3900	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 3900	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe
PID 3360 wrote to memory of 2828	3360	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\Mabou-Payment-1VYPWGISJWAI.htm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd62c99758,0x7ffd62c99768,0x7ffd62c99778
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,5694419406574976011,10496551041471516254,131072 /prefetch:2
2⤵
PID:3248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,5694419406574976011,10496551041471516254,131072 /prefetch:8
2⤵
PID:3900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1812,i,5694419406574976011,10496551041471516254,131072 /prefetch:8
2⤵
PID:2828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1812,i,5694419406574976011,10496551041471516254,131072 /prefetch:1
2⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1812,i,5694419406574976011,10496551041471516254,131072 /prefetch:1
2⤵
PID:3844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1812,i,5694419406574976011,10496551041471516254,131072 /prefetch:8
2⤵
PID:4656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1812,i,5694419406574976011,10496551041471516254,131072 /prefetch:8
2⤵
PID:4408

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:448

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
2307bc6ad7febf43e8187ce546d37612

SHA1
040e3289a6c747720f76dccb0d1a0dd563272841

SHA256
2837ba730d90abe34f97ad34e2487dc892930d0e825ef78c3234c7cfcca9d242

SHA512
a9eda11bf86e9e011729af9b03eb223aabb189fd9181567551f1fc2bc55580fed7117a307ac9cd9c497704119ec277226848ed1213e413c422b5a49027f2fdbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
03ce38767d8ec0d57ce9e39c5695bb34

SHA1
05db2856824ae0f1ebe621bf731e527b8658c7a3

SHA256
90c35f6dbb5d4cb2c050b7d71cd2609fab9b3dd4df450fc5ff42316645b312fc

SHA512
f7e7c9871f1c821ac228d208bb4c00c13a05ad3f5b530fd56bd60b3771ca0ff1d36fb5972e9463a44b0a448e42bf97eeaf33b56cfac2a0b4543ee0f62a191a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a234c5e4b3216e2cd22a24669c87fb97

SHA1
87056eebff6e50cd2c4ae6862812eca5ab49e784

SHA256
44450c7724724a0ab5c38dd40abf39f0aa4e4f71ae1bf2c5fa29d7ab1c639994

SHA512
000d33cd38fd847c591d4a994513af0d1e4367b0da96c3d85487bcd68ed8a5b28b54793526ab5e52d8348eade6e9e93154f3b43c12a0c98eb5791650aac402c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
965002b9313b30e2cbc4cc7b956add53

SHA1
01510adbb567b9e39dfc46477455c5897c612651

SHA256
ba62b332fcecddbc9421119b1d60eda6f3b790bea4d562aa5269113131178557

SHA512
1a027da3fbe7ed6db2dd77e0f9320be8633ac6d24fa76866e95e351d3944dae22987823c19efb5b18349d22ce79114343fd295515cd08ceaabed330da424be8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3360_YGSRRFSYTYBLMPLM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads