hxxps://community[.]constantcontact[.]com/contact-support?ic=comm_header

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2023 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://community.constantcontact.com/contact-support?ic=comm_header

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133341356664621095"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
404	chrome.exe
404	chrome.exe
2928	chrome.exe
2928	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 1532	404	chrome.exe	84
PID 404 wrote to memory of 1532	404	chrome.exe	84
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 2960	404	chrome.exe	87
PID 404 wrote to memory of 5048	404	chrome.exe	88
PID 404 wrote to memory of 5048	404	chrome.exe	88
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89
PID 404 wrote to memory of 912	404	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://community.constantcontact.com/contact-support?ic=comm_header
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe31c9758,0x7fffe31c9768,0x7fffe31c9778
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1860,i,1871065676194247447,18412887229378015050,131072 /prefetch:2
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1860,i,1871065676194247447,18412887229378015050,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1860,i,1871065676194247447,18412887229378015050,131072 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2768 --field-trial-handle=1860,i,1871065676194247447,18412887229378015050,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2764 --field-trial-handle=1860,i,1871065676194247447,18412887229378015050,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3676 --field-trial-handle=1860,i,1871065676194247447,18412887229378015050,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1860,i,1871065676194247447,18412887229378015050,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1860,i,1871065676194247447,18412887229378015050,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4528 --field-trial-handle=1860,i,1871065676194247447,18412887229378015050,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1860,i,1871065676194247447,18412887229378015050,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:228

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9c76cbd9-2e8a-46ab-8ba0-6115fa4cbad9.tmp

Filesize
87KB

MD5
2b9f7c60146dfae7fa524fe363b237cc

SHA1
736db1a0f138cf5af78c6512249a0958fb2b2505

SHA256
ffc72f52df3b2f46fddf4e5ad1031341167ab76a10855e5fcefcbc40a488dd5e

SHA512
af3f7f561b8e25fe93a29c6790719c604c7b404fa6575d233d2cc0d575b51f22b6eb5a390017c6621a9964b5c46e09019d1b1cd2675c7000da9588526739544c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d19612fa3d977203174f63c615ef993c

SHA1
eb20be72bedd8f61c2785428a32fcf06286e2495

SHA256
be68d3f3221664584fcd1906fada7f0a4f6c4936bd2f43004109398614f33469

SHA512
42bfbb3bbc7e4945c6b2efbb0003d6550613f05028337ec6b36e5406d2d3bbc31cebf92cf78f41e530a1d8e8d248bcf4dd66770b0a1e2347a0ba70aaa7923739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\65a9743d-16e8-4c7d-9ed2-8b3f6d11852d.tmp

Filesize
3KB

MD5
2e2770da95cd3ab532b5fcf67bd08333

SHA1
5db3adb2e2c9142fccf0eb527708e781c3df07d0

SHA256
af6b38a37bd4fdcc6f893743ae1283cfd78db801bab1f70c19d0784ac71d78b3

SHA512
df346ad980019ab97474328345f56092614733200c9239fef249b453389b18be71d1a443a9ef7bb44f9fc803fd8ee1bd4cb097a70e51380e91eb2dd0ccb4e49b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f57254c28890512cad143fcb6f5254ca

SHA1
50274de5712c38c914677019f3f2ce43386a0792

SHA256
2cf7aa41bcd9c55b51407e9e3d9e96184a817c45914e3b15f565014292151f7a

SHA512
a1cbe379a95826fa1e8c092519c8bee7ec48d2eea9fbc484e95ae446e7afd080d8d436a1fe544e902bb44c3c2ff1eef3caeb55e39110a9c8c957984b32040a1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4482b7a1e8eafb8c1f327e1fb94da53d

SHA1
86fb7af0ad9d5af89d5265b1f6f8f6636e957d24

SHA256
a056de4e6254e4cdada8e5f04b199b27abe772e43c0fc05fc6c9201b915738f5

SHA512
3ca752ca694620f6243d65f720c14df76493ea139c14baca15d6b9383cdb5471f63b1bcd6c7886e7ebf602bf4cd42a01c9a07a493b004d8029f555db6d0a124f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
80f8b4d587daf7a8b5d8d332cb45c9dd

SHA1
df4e00f0ed6e5ef44355933a4e92ed830deb0393

SHA256
c207cd4b07516b9cef8f5e77207b614ec6ad7895aece9f80ee80b57801c37f70

SHA512
e33e98d300b899b7043c79d7704bc76d3036687d5ac7a2ea9335198414913c4b4cc34e36e1af702af40200df67511f4a4fdd9dd3b4f5e757424fb6d4e7e7ed13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2584b66777bafcb7fb08650fcc6ddd0e

SHA1
9b6e403d38b865cba114263505001b11029bf909

SHA256
b75013fdf74ea88350f75ebf2d96b46f984810971bae3b9b74a3b0e744a862aa

SHA512
68074e49bef73a273dbceb0539ea9a869496f1b02c34878ccbfcfca61809585aad0ae1d3b219fd609e588e84e64ab163428985b121c60ce8e4da7caec066cbe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit