Analysis
-
max time kernel
41s -
max time network
44s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
14-07-2023 14:31
Static task
static1
Behavioral task
behavioral1
Sample
Benefits2023.htm
Resource
win10v2004-20230703-en
General
-
Target
Benefits2023.htm
-
Size
388B
-
MD5
7f501a43b93e06e2b43901eec43b69cb
-
SHA1
e0a55b573a092d1418a07c2fcdaaf8e6e38a2b75
-
SHA256
0093a16ee0b54c30cf0fa8b705083058c244bef3c5f2cd90f962a900e594efa1
-
SHA512
49679ffd22ac4586403ac67eddc174fdbbf9069d1da422e1c977226bc5ff07a8e852b42cca559b6a62c4983c553582c1891687463c4101ce11261c1a411457f8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133338187359986477" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5036 chrome.exe 5036 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 5036 chrome.exe 5036 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe Token: SeShutdownPrivilege 5036 chrome.exe Token: SeCreatePagefilePrivilege 5036 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe 5036 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5036 wrote to memory of 1932 5036 chrome.exe 17 PID 5036 wrote to memory of 1932 5036 chrome.exe 17 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 4168 5036 chrome.exe 87 PID 5036 wrote to memory of 3700 5036 chrome.exe 89 PID 5036 wrote to memory of 3700 5036 chrome.exe 89 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88 PID 5036 wrote to memory of 1828 5036 chrome.exe 88
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Benefits2023.htm1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0ecc9758,0x7ffb0ecc9768,0x7ffb0ecc97782⤵PID:1932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1856,i,2454198912189327037,7817053626528412134,131072 /prefetch:22⤵PID:4168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1856,i,2454198912189327037,7817053626528412134,131072 /prefetch:82⤵PID:1828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1856,i,2454198912189327037,7817053626528412134,131072 /prefetch:82⤵PID:3700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1856,i,2454198912189327037,7817053626528412134,131072 /prefetch:12⤵PID:4972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1856,i,2454198912189327037,7817053626528412134,131072 /prefetch:12⤵PID:2780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1856,i,2454198912189327037,7817053626528412134,131072 /prefetch:82⤵PID:2380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1856,i,2454198912189327037,7817053626528412134,131072 /prefetch:82⤵PID:3116
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2356
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD5cb8e8e27a1192eb609c9640b65d0750d
SHA19993dfe1a0518a9b5accfe3193937e0f69d73579
SHA25619966e5bda85a55541af091c619258271247bc5710babdc6bfa8360d9c78e2e9
SHA512b272fdb4bf325ebb62d970ad20ec539ebeb59002414020c5632cbb01b9cdc99d46c4aeb465e5b24d93f82b3302f8005dec3cc01bc2849abd4ae6a1159e1fb52e
-
Filesize
6KB
MD5f8a16c7c803aa8edeeaf097882781a4d
SHA1e740d3d1f74cb5d8654d53b2adf58203693936b5
SHA256171dcfe7de971bf55d07d01db82edef98d9f5232f132ff8bec5134525b5edf4f
SHA512d98befa6fad7cfc9b2a4328229051ca6872a1210681d6c20114097aa16754f8df79a0ce67b81a912426928b8240d9d97235e8693288d9d6500327ae5fe1e398a
-
Filesize
87KB
MD52f7c9c6e26bd998ae873cfe1e54dd92b
SHA16892257c6b02aa9a25390a4aa1fc1b3fc0721a4d
SHA2568d609c171871e6bd2c17653335f390449cb7e341d2a2bf81d6acd0924db3025b
SHA512aa83c4b8d3748a7234d1b374d022bec66dae04a9ce3d9ba6c54475d8c1f0236d2c59c168429a0f9c5a93cff76e9515b70d41e6070e018a4ff360526319482ee4
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd