Analysis
-
max time kernel
118s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20230705-en -
resource tags
arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system -
submitted
06/07/2023, 17:34
Static task
static1
Behavioral task
behavioral1
Sample
Please share your feedback.eml
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral2
Sample
Please share your feedback.eml
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
email-html-2.html
Resource
win7-20230705-en
windows7-x64
Behavioral task
behavioral4
Sample
email-html-2.html
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
email-plain-1.txt
Resource
win7-20230703-en
windows7-x64
Behavioral task
behavioral6
Sample
email-plain-1.txt
Resource
win10v2004-20230703-en
windows10-2004-x64
General
-
Target
email-html-2.html
-
Size
4KB
-
MD5
0f802bad885f8c88b9102c625a937cda
-
SHA1
f3c89b83c5fa5fbfc8b18d280249c02b91fdd3f3
-
SHA256
ad4823373c582151a35264f79d8a75474eaef3f537aa4ab0171cc0244bb7ce7d
-
SHA512
62cb48980e4a74f46199d6c329982ba81d7682ccbc54342baac2394e64853568302edcbf5c45afcc31210ce721fb186363548e42f253d6a93b1e5429b7eadd9e
-
SSDEEP
96:tCMYLPs33rp7rVJ4WuudNczfTutTJ4WuOjWg1y04sJXWoI2Ig4movo9/:tWs3N7rj4kDCwF4Vq74oXA2IRmyo/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3032 chrome.exe 3032 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3032 wrote to memory of 3052 3032 chrome.exe 27 PID 3032 wrote to memory of 3052 3032 chrome.exe 27 PID 3032 wrote to memory of 3052 3032 chrome.exe 27 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 1584 3032 chrome.exe 29 PID 3032 wrote to memory of 556 3032 chrome.exe 30 PID 3032 wrote to memory of 556 3032 chrome.exe 30 PID 3032 wrote to memory of 556 3032 chrome.exe 30 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31 PID 3032 wrote to memory of 2316 3032 chrome.exe 31
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\email-html-2.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7689758,0x7fef7689768,0x7fef76897782⤵PID:3052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1284,i,18372126163160351904,11088884060784850408,131072 /prefetch:22⤵PID:1584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1284,i,18372126163160351904,11088884060784850408,131072 /prefetch:82⤵PID:556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1284,i,18372126163160351904,11088884060784850408,131072 /prefetch:82⤵PID:2316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1284,i,18372126163160351904,11088884060784850408,131072 /prefetch:12⤵PID:2696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1284,i,18372126163160351904,11088884060784850408,131072 /prefetch:12⤵PID:2708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1304 --field-trial-handle=1284,i,18372126163160351904,11088884060784850408,131072 /prefetch:22⤵PID:844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1640 --field-trial-handle=1284,i,18372126163160351904,11088884060784850408,131072 /prefetch:82⤵PID:2032
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2640
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c381e6d4d1ee83d2fbd98fca47271968
SHA1841c53b0c38250b58765aaf28aa6fc4211c3a7a4
SHA2565bf15afb8492f6abbd9184e64ba658112594bc82882533c4fc9fb4e47fdcf600
SHA512acfdf587fc5d57a9a729e3e3b849f5d1af6bb32c05de8d26030f80de29efeaf24c91ca6c46e54856f6a140353e4f62062e9ddb4393ff678a4caf4ded3a976f7b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6e1585.TMP
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4KB
MD5114d2b963a33e7b5d6a79b2ea8324f1f
SHA1c9ded438bcc2192ef361ff497dce7a6102050c74
SHA2568ca2e2fcab6c7ca253cae49aaa3bef016a3356e9699442a6d102596e74c3e099
SHA5128f3211fbdf4f6c93da12733c747f3decc6372082bab737747f2ed558a67f87b34a53c865727f37cb21df2a44c70c0a2cddaa932d4f34c808a97c4320cb59433a
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b98bc20f-0cc8-47d5-a87b-6ae9ff358e04.tmp
Filesize4KB
MD5bd7ef9ab79575239f590f98ddc50642b
SHA164d8abd6e537cc16c19eaf8f12619ad06f71fd79
SHA256008e0ecff7176e4d66732911f4966e1e87fefd9a031f55bcac9f252544be081d
SHA512a67d488735b79c9f4b8092165cb2d4c44ce1213fc45324f800394b83ab79eeb7f18cd4c06e802fabe3fd12f8ccec1619d54276aa8c8f36b7e5ca583b9b4da5bc
-
Filesize
62KB
MD53ac860860707baaf32469fa7cc7c0192
SHA1c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c
-
Filesize
164KB
MD54ff65ad929cd9a367680e0e5b1c08166
SHA1c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27