35a6b99081577741b313a27964cb9c990316a7f8b9cc793aa3dfba1c38847f3e

Analysis

max time kernel
59s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2023, 05:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Mailbox..html
Size

4KB
MD5

4ddeb3b6310b218cf247ffe32ac80b68
SHA1

d26db56312ec45b68855d6bc4885be394c5fb3cd
SHA256

35a6b99081577741b313a27964cb9c990316a7f8b9cc793aa3dfba1c38847f3e
SHA512

7debd57649933cd153a64cc414ffa4b8b2e21c218d38fb5596101f22a873d6252929e1faea3cfe506993778b77a6aaa17179c0d0f78bf17c7381688d02576545
SSDEEP

96:tBRzXGGgG2F850fVpwXFy1mfJd4kEt660FLngJPS8:tLzgG2F850fk0sPkCM3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133263648056346767"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
628	chrome.exe
628	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
628	chrome.exe
628	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe
Token: SeShutdownPrivilege	628	chrome.exe
Token: SeCreatePagefilePrivilege	628	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe
628	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 4816	628	chrome.exe	85
PID 628 wrote to memory of 4816	628	chrome.exe	85
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 4728	628	chrome.exe	86
PID 628 wrote to memory of 2912	628	chrome.exe	87
PID 628 wrote to memory of 2912	628	chrome.exe	87
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88
PID 628 wrote to memory of 1292	628	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\Mailbox..html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcae799758,0x7ffcae799768,0x7ffcae799778
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1820,i,14185532598448519026,12309870830007591202,131072 /prefetch:2
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1820,i,14185532598448519026,12309870830007591202,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1820,i,14185532598448519026,12309870830007591202,131072 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1820,i,14185532598448519026,12309870830007591202,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1820,i,14185532598448519026,12309870830007591202,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1820,i,14185532598448519026,12309870830007591202,131072 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1820,i,14185532598448519026,12309870830007591202,131072 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1820,i,14185532598448519026,12309870830007591202,131072 /prefetch:8
  2⤵
  PID:2452

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4020

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
95c978a3be121fcf18227d7613937009

SHA1
8a946e5f1b82feed4bed82cdd0abbeb96780f1c4

SHA256
c2e4d12d66da782cef5ca7343479a02a045612dfe109751833fc9db3b18b11b7

SHA512
d219d73a957e884bda94258abffa499f7cd7a7fb4f4c28cef8c1f7be2f6a11460b437c3e5c21644a5d367d21bf7b2682c1a812cfad4f65142e58b3696f352339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b06a07aa32719d0a0ca7d0d408d8b33d

SHA1
3685e0bedd104bb8c2fe39609844bdfc9613c3a7

SHA256
d5f3e0a68bdc94ad2fc96a27f2ff118376bc25f49e0a09ed3a4e59a0694a45e7

SHA512
3dd4fe7da86ab1185264d933721fd2e2c8a6944ca196b1b38f7cd26a5de77a1d40d1dae265f7be51a39662c34c2b670cf3727d2fa8049eac3929c80f24161350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e72adfc1d799e580efb844fcdb604d31

SHA1
6f9b67c0e589f95b5aa8bc2cf404a3c677e6f465

SHA256
ea371f163edb0857f5ef730a0f07ac536c15e1be3302fd563898ae444e1b6e3d

SHA512
9021fccd306bf7334066069c0a320443440a7cf560fee5eb542f9de15255663f099b62853f3b12e2c7fa9a5b3d0cc51ce4dc6949b126af47c94fac514c38bb6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
dd5d201d13ced166510c3c186d196818

SHA1
c00876050e4576045b0b32fb6541c197ee6cd07f

SHA256
b7e99e852276ef9dba67d1bf53ab8976cff6a25db6a196b959c41810ddd25eab

SHA512
4aa01a5d0a6203eb9401cbbf32eb21f08fb403654ca0ae18dd59472873cd59146d119b95f46adb9cb8547ff5cf0106c0debf4c7c9ab972fde4741eb2bc0f577f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit