hxxps://info-cnfpt[.]fr/digi/ext/eml/r?par=aHR0cHM6Ly9tYWVsY2EuY29tLm14Ly9DbGljaz9lbWFjY291bnRpbmdhcnRAbXNpbWdhLmNvbQ

Analysis

max time kernel
46s
max time network
48s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2023, 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://info-cnfpt.fr/digi/ext/eml/r?par=aHR0cHM6Ly9tYWVsY2EuY29tLm14Ly9DbGljaz9lbWFjY291bnRpbmdhcnRAbXNpbWdhLmNvbQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289829593457075"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 3824	4916	chrome.exe	84
PID 4916 wrote to memory of 3824	4916	chrome.exe	84
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4076	4916	chrome.exe	85
PID 4916 wrote to memory of 4292	4916	chrome.exe	86
PID 4916 wrote to memory of 4292	4916	chrome.exe	86
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87
PID 4916 wrote to memory of 2984	4916	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://info-cnfpt.fr/digi/ext/eml/r?par=aHR0cHM6Ly9tYWVsY2EuY29tLm14Ly9DbGljaz9lbWFjY291bnRpbmdhcnRAbXNpbWdhLmNvbQ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde6489758,0x7ffde6489768,0x7ffde6489778
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1836,i,6206131338557679729,2134251613023636749,131072 /prefetch:2
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1836,i,6206131338557679729,2134251613023636749,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1836,i,6206131338557679729,2134251613023636749,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1836,i,6206131338557679729,2134251613023636749,131072 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3240 --field-trial-handle=1836,i,6206131338557679729,2134251613023636749,131072 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4608 --field-trial-handle=1836,i,6206131338557679729,2134251613023636749,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3428 --field-trial-handle=1836,i,6206131338557679729,2134251613023636749,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1836,i,6206131338557679729,2134251613023636749,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5252 --field-trial-handle=1836,i,6206131338557679729,2134251613023636749,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1836,i,6206131338557679729,2134251613023636749,131072 /prefetch:8
  2⤵
  PID:3756

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:220

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
36f95ac72d5c3855906c680ac16cb630

SHA1
4a5fa9031ce4c941f53b08d7928de78ae089ee53

SHA256
02cb9d7ebdbeb5a69b4e9fefcd810e9961918d201166723d465df54d55384f69

SHA512
ff7ceadc20d0223e766ea05f4a9cd8f70c91d9db984c573ffedc2c4e96f563fd3462bf134290a400f4e42af9388fdcb2dcef8317d29900777471aeca53b69edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
f35e53c433f8ae2d15759c8aef7d74a3

SHA1
5e2b91a2300c6319d4e393bb199387b0db37f560

SHA256
fc412d6d610a86973c4f2ac6cdf9fdfc5102ff4062d556bba96f3f35a238b89e

SHA512
9f588641762ccf2b50b91dd6e392d58a081029aeea29ed1c333dcf211bd826c0a31fa57c315b66cf02e05be025473ea3179af0d57a06108015c873210f6680dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c1ddce02d13736943e8ebcae20328e00

SHA1
5e247d9273c9a1e698b29e915e3cde6d66a16711

SHA256
7ae8f99f032949688b0e6d6742a1ad183afa431cc1b3b28378f86caa69c459b3

SHA512
d0e196bbde015301607533550860f53d3b7edb843cd4b93d13f92c1bd251d1c01c329e7e0650f473fd3c5a3b00deea94fb089079c84cbccccee37550b211e3a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4edc7bd893b70b675196e6b7bd5752e0

SHA1
88a550dff4662e5878a12456e9443c54f91e84c8

SHA256
199d480dc442ab34604cee53ac2b2908c9ece9fd5f265b72520bfc92756c3c9c

SHA512
748d5e037b8e2bc925e884c4b30dd6b3dc32af19055c0a58ee60375aa1aa2ddc64e9ea9bdf028c82fde472cdbb0a77d385334f09930eb94103478a6203d76a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c152f509d74d01d6561e53affa075a67

SHA1
6736350fd071ee99964db2e7433c0def84a50ed8

SHA256
dbef333345c4ad5a4e31de1c7e7375e0759a3a394c6a9e2ba72e750a7b11f9d1

SHA512
c81b85abe86e625d63fd313ac32ad62a0982e82762f7276c928a0f202a60576ad517a54e576b97221022e65a8d1b111575f77e5fcc7e0c9530dd7d04783d4ade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
850ddaae68a7a98a2f99b22c45be8786

SHA1
99ed0a93b447c521eb74ce3899a09cbf48cc3950

SHA256
8c9cb1512ab33542d6b88ed4a0222909c1e7b14ce89d92e883a2357d343f5004

SHA512
160dbf4d56d8ef294636383757aa7b30c0619ce6a7c5b53e9aa33291b99d88a0e488b5b4aff24d8dd49e827126f3617274de924ca37aaa59ba0feac3820f1c9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\dd7dac26-d928-4ec2-b4b8-c6ffc297c726.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit