hxxps://visitor[.]constantcontact[.]com/do?p=un&m=001EtLqpYgkKAin9Vp6bcC9rA%3D&ch=c79c3b5a-dec9-11ed-8253-fa163e1ce73c&ca=ad7d750f-33ec-4528-8a42-c7b0c9f8d344

Analysis

max time kernel
40s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2023 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://visitor.constantcontact.com/do?p=un&m=001EtLqpYgkKAin9Vp6bcC9rA%3D&ch=c79c3b5a-dec9-11ed-8253-fa163e1ce73c&ca=ad7d750f-33ec-4528-8a42-c7b0c9f8d344

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133264797531732955"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 5072	2752	chrome.exe	84
PID 2752 wrote to memory of 5072	2752	chrome.exe	84
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1064	2752	chrome.exe	85
PID 2752 wrote to memory of 1448	2752	chrome.exe	86
PID 2752 wrote to memory of 1448	2752	chrome.exe	86
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87
PID 2752 wrote to memory of 4124	2752	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://visitor.constantcontact.com/do?p=un&m=001EtLqpYgkKAin9Vp6bcC9rA%3D&ch=c79c3b5a-dec9-11ed-8253-fa163e1ce73c&ca=ad7d750f-33ec-4528-8a42-c7b0c9f8d344
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc489f9758,0x7ffc489f9768,0x7ffc489f9778
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1812,i,10783124728440911553,1548799560223780850,131072 /prefetch:2
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,10783124728440911553,1548799560223780850,131072 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1812,i,10783124728440911553,1548799560223780850,131072 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1812,i,10783124728440911553,1548799560223780850,131072 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1812,i,10783124728440911553,1548799560223780850,131072 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1812,i,10783124728440911553,1548799560223780850,131072 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1812,i,10783124728440911553,1548799560223780850,131072 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1812,i,10783124728440911553,1548799560223780850,131072 /prefetch:8
  2⤵
  PID:1712

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2020

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
19KB

MD5
1c9b584c67557c2924e2fb888ffb30a9

SHA1
2982b9d677aa2222c4d3e2cd1558ac6d1a9ac60c

SHA256
1abd96c5f5c7d460596b7f41c1441a288a9fd3c42f4d78dea2d6fe1ab60ced34

SHA512
be4022decda3d6dd78a3ce1c033827a584f70280cd896878af016fa9e2ad1d71dd18975bf4b41b01477b3ee881cafaf2a007ca8ca91e34b8d847096265e9afbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
6d05238588b29477094a30ae29dad628

SHA1
eed796b11c890c138c2ffa0be53d7a85b80e167e

SHA256
69caad32df85ab513efdc9916a3e77cbf225ea3678b1ecc02d56b29d8bd26c95

SHA512
a5d2c7f0b67f228a2e3cc5b62433e833b7300ec1f0b4567074bb34148d8901b40ed26541d881d86798030ee0703c18681e9079a44cf2f87914863d25b6b0dcd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ea4adb3de9d7e6cf91f86e616225cc34

SHA1
66d52c8a7f98e395bdf2c585a8c4737d5f7e5713

SHA256
c589a086c32b7f990d0e638426736c5494e682a5d1b372741356d336528ca1b9

SHA512
1aad7e0ee562a2c7af99d360bbabfc45f5d8fb915ea8507cc89368d8a9f6702dfa3ef44f0ce733cb9dff6808477521427ea11e9cb78ce96a4a57cdc6c6d77910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1d924a28012efb169634dcb26c22a4ec

SHA1
4f306179117ba37da5195560a45bbe00531bb553

SHA256
88336fae381afedd18bd09f8e312bc759b71a3a03dc0b5ee93678c9ca280f013

SHA512
e6042ec6aa3ca5230c76d8ba908619cb98ec0a05e3158953d13c34b73162de89255f9de8cc140c906cdc354bfb8c10e1d2f41f0ee2d59dbe09a8ae6b12bc8638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
f82e322701644cebc5621e0b9de4f224

SHA1
e05bf90248eec16e29e1da4578254b463247ceeb

SHA256
049b7a181e1334958d7f3c6f1f19f5323894eaab1e5e3dbbc1a8345c15b0c189

SHA512
b0b8e8611ba26a08229a21d9a837cc40ca975e1eea3bad8b84222639824daebede503d3b9a0573648a85579a92875d426b8e32b01d29a2b14d192ecaf612c20b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit