hxxp://click[.]info[.]mailssenders[.]com/unsub_center[.]aspx?qs=9fc242a6f77b41ded5c02e66efce00f2df98595ef7d90163b2d90b9805d7df741453fdb69bf83c480aba933a4a0be1e1ffe9ebd451c08ff0884d7a9a7a461d5a8f0127423722e3b7

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2023 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://click.info.mailssenders.com/unsub_center.aspx?qs=9fc242a6f77b41ded5c02e66efce00f2df98595ef7d90163b2d90b9805d7df741453fdb69bf83c480aba933a4a0be1e1ffe9ebd451c08ff0884d7a9a7a461d5a8f0127423722e3b7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133344145921134184"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4540	chrome.exe
4540	chrome.exe
4452	chrome.exe
4452	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 4976	4540	chrome.exe	85
PID 4540 wrote to memory of 4976	4540	chrome.exe	85
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3496	4540	chrome.exe	88
PID 4540 wrote to memory of 3628	4540	chrome.exe	89
PID 4540 wrote to memory of 3628	4540	chrome.exe	89
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90
PID 4540 wrote to memory of 2188	4540	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://click.info.mailssenders.com/unsub_center.aspx?qs=9fc242a6f77b41ded5c02e66efce00f2df98595ef7d90163b2d90b9805d7df741453fdb69bf83c480aba933a4a0be1e1ffe9ebd451c08ff0884d7a9a7a461d5a8f0127423722e3b7
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b73c9758,0x7ff9b73c9768,0x7ff9b73c9778
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1872,i,3790771769733140131,16195382496606771796,131072 /prefetch:2
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1872,i,3790771769733140131,16195382496606771796,131072 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1872,i,3790771769733140131,16195382496606771796,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1872,i,3790771769733140131,16195382496606771796,131072 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1872,i,3790771769733140131,16195382496606771796,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=1872,i,3790771769733140131,16195382496606771796,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2748 --field-trial-handle=1872,i,3790771769733140131,16195382496606771796,131072 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1872,i,3790771769733140131,16195382496606771796,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2768 --field-trial-handle=1872,i,3790771769733140131,16195382496606771796,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b82ca5f45ae8550f500003d2d9300e91

SHA1
aaaeb89c270870027358e61dd41c22ebf0e84739

SHA256
f93a6fc18a9ec8f6e6d4ffca5fec1a2916900636efb47a8c188146759e7f2ec9

SHA512
cc09314b13dbdea56085b10b16031fb1c395f0227d6e557561d0102c7ebd146f6bdcb761e237a92c12751795a8a7d9f20a859cdae1d25dddde3c6cda21f7908b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4023a7e98acd3afcb001de2220dd5403

SHA1
6ca53a564d9466851e248ba09ff7efeaa3a3524f

SHA256
0925812f65d8085c0f7072626b90d584cbd2a9a080d7635cc6deb8d4474d0ebc

SHA512
0eb85426180a1505438472d6d38b1e89faa0e27fd37ea542dd56bd8158eefb05305ab6e9ceb7e7052311c3b832f07cf98452ae97ac127755ee7a63149db7b555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b84119c07c74d2bbd65857b17715ca82

SHA1
7f88e93c0cd30b1394831202b67cfd6c973fe07d

SHA256
ee45ab7cd1d7cf0747e37b3019a2d6b9d90cb37ea023babcb18cc07787dee802

SHA512
4699c2cba68ba3f85d5e5d1888b5ff5ae36f7125a8283956e87f9e8913010e3abd3d34f388092dfdbd639879ed68680fc780e07a3a26188cafea73ffc114c6f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
03710a4950b267fd1ed914daf9955864

SHA1
7dcb9ff590f5de979209fe733bb0d8ea1260a8fa

SHA256
6a145915c55586d16bd5483bef09708c7b80284b3eca44b3cdc0dff773293b93

SHA512
3b02b3ef1ff3c6065f92c9592f0d66dd1e832a6f58157b1799e36aee3ff4865023f458661d74ec7ccba4f985ce4eb9164d0e15577de873f68b11735b91fcc1be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit