Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-07-2023 11:37

General

  • Target

    https://me-pruworks.prudential.com.sg/resetPassword?token=NDHsDXAteh4wOGJSMiSd7xaVtZBZVh8rC3tyhZOsJN7eK5y2nabfJa5j20gSkiYnotrSN3t1BPvTCHLuAypjaqoJEwsnGi5UVEZl

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://me-pruworks.prudential.com.sg/resetPassword?token=NDHsDXAteh4wOGJSMiSd7xaVtZBZVh8rC3tyhZOsJN7eK5y2nabfJa5j20gSkiYnotrSN3t1BPvTCHLuAypjaqoJEwsnGi5UVEZl
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2580
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8233d9758,0x7ff8233d9768,0x7ff8233d9778
      2⤵
        PID:3488
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1872,i,16206124507921925840,7333243763031034692,131072 /prefetch:2
        2⤵
          PID:2536
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1872,i,16206124507921925840,7333243763031034692,131072 /prefetch:8
          2⤵
            PID:3168
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1872,i,16206124507921925840,7333243763031034692,131072 /prefetch:8
            2⤵
              PID:2800
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1872,i,16206124507921925840,7333243763031034692,131072 /prefetch:1
              2⤵
                PID:1656
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1872,i,16206124507921925840,7333243763031034692,131072 /prefetch:1
                2⤵
                  PID:4364
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1872,i,16206124507921925840,7333243763031034692,131072 /prefetch:8
                  2⤵
                    PID:2308
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1872,i,16206124507921925840,7333243763031034692,131072 /prefetch:8
                    2⤵
                      PID:5048
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2624 --field-trial-handle=1872,i,16206124507921925840,7333243763031034692,131072 /prefetch:2
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3556
                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                    1⤵
                      PID:4612

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                      Filesize

                      144B

                      MD5

                      289b65ffb4927dd55f6c94f03385bfe2

                      SHA1

                      9b5837e6fe6d69542114d8fc04fc76c85ca25992

                      SHA256

                      e98d3443a853d11ffa464d34e83a5f22a2a777cea0cbcd94a622b54540e6524b

                      SHA512

                      e1c3270626af672d38881578173c680abaef5005e9b772021b57d3416ee857d6d82794b032b4822126a97896a7acf230033e0ca37d7abae1af5bf23bd928d70d

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      1KB

                      MD5

                      1cf52e7ccc78dde2c2c4a31b3d957699

                      SHA1

                      f5a50f195be8d037ba10c152f5ecaf62749f3b63

                      SHA256

                      9097ca331291a8e4b216c78c077c37099fddcaf31a9af492a6d2dd8aadafee18

                      SHA512

                      c067eac02139b001f48f8124c53170e6891d05d96813a8217be318eea64219cce062c42c17f2a354981a404e012cc608e0c11637efa03c5f34f996ad77cce023

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      1KB

                      MD5

                      0feb0b906dbb9f605385f9f25e0b62f7

                      SHA1

                      dacea0f3d7cadafb96d272dd0215d25ca0cb8382

                      SHA256

                      63a9bb80efae91c8f40f8769ae60bb3367ef52b6a511afc4e42db7cb37da467b

                      SHA512

                      f99c69cf0262abedda94c5364d645e8bada5fd90a7ab617050278953a83f07d0a47e21374b5d9ab75a9c01372e3c0c04b566b6e22b91d7e9b7c90a21bdbf327e

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      1KB

                      MD5

                      32d71190762de9ce1ab79d958fb20e1a

                      SHA1

                      a7f29ba223b63a1705009a84004f5c273d0b6366

                      SHA256

                      7b50a69a772c7ec15b3914f7648ccb3be80f0e052c2197c06999dce9eaff123d

                      SHA512

                      f1dd286e9fdde6e86a1da2d947cd4c93c13711c40161e23e1d5576ff1bb471b20e387ed83f0a7a70759c8dc7d325e05cc6c9487273c6b26f12182f5da08c0773

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                      Filesize

                      539B

                      MD5

                      49f08e1f963b7e394ec3a4279f0b88f9

                      SHA1

                      459386bb0bcd4b8e9c5bf80635f19a5f4252a955

                      SHA256

                      0696941aac94a1660794b7563e4b2cee96756fe55faed5eb19596f24dd7ae807

                      SHA512

                      f488efb617381ec4b3f08a966df60edf9fef9c5d2e18a89dd074ca9f3cc0b7ce1a1627251534880070aa41e96fbd3535a780f4acdb0da1ae3bce28cfb5427118

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                      Filesize

                      539B

                      MD5

                      8aae95fac6bcd84ba03cf227f659ebf2

                      SHA1

                      4c1ce7c19ec7f200d72512b85ee7619a775b3fce

                      SHA256

                      a85b544fcccd8f510c222ea5be64bf3f1b219e23e43a32609d29e7448e0d30b8

                      SHA512

                      6de97b2f0fb5d20cc099bf57c036b355e3c000306562de1f5b516aedb78a645c4bc3bb2aa935a3eab831eb680bc38da50b0a81b0b750612146867a0ed7afd09d

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                      Filesize

                      539B

                      MD5

                      a3e0d7329fc1b79ec2f9d0d775694426

                      SHA1

                      108b8a4d79803e3ccbd65f22208450da665327a6

                      SHA256

                      22ca769c2ebce91d2e022abd3b2b57ab83313c00e792827b21d60a35b2bd2100

                      SHA512

                      f387f76a5367593ab85bab8d3973886b82349666426ea4847d16e2cfa3f693e529c4ce5b11f19f8fadc7cca9bf282589fd454696002f756cdb99526ea7c2ce44

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                      Filesize

                      539B

                      MD5

                      3d01a50c8b15e845cb69b586d71af006

                      SHA1

                      f3f9a0ba7423836e38dfa2c55521f755f3248f4f

                      SHA256

                      479b5b331db0333610766b49832bd55136d9b6befb4c666314a7229b14072181

                      SHA512

                      da260435bfee1c8d0f1c29a9f713ca0b4487258eb4ab04b9374ca06e212e8a34e655819ce428cf1ef406795d7d88a7135417da655000b8e0d7221b5d4b637774

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                      Filesize

                      539B

                      MD5

                      09d57d15f3aec72a1eca7f7e5c62fd04

                      SHA1

                      585ca1c70494f4459f3dd742933c29b8fd42fb00

                      SHA256

                      5b25b1da25d923ea1c0aff18c9c7ce3629725aa29625372eb23ea7515f9d6c45

                      SHA512

                      9a8d82966a613ef98fc45b1b56928045216cf2029c351747ac01a89843d6b65ba3df2444f0377cefce9cefc9644e34df95d31b3e8fd6c67bd0a127cae6c28048

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      6KB

                      MD5

                      1cc1fbf0fb16ac632fc42e9d01cf9c3f

                      SHA1

                      7322e818fd0da5fc3f6e4ec6c12e72c72b28c0e6

                      SHA256

                      c9addbb18c88508cf9a7dff14813c6312980bc26e985c740769f78826efd9a05

                      SHA512

                      540bcbe7c31fc824d1c1034572c7fed0d48180f7e627faab2ed9b3060a166b3081f16298a1a29e73b461089ffcb292e69ccb1d68d6e1c0c1d6c1cbac8417fd6a

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\bd6473c3cff8cfae9f204ce7e09e8adb1af0171b\bd1da0af-8961-4d5c-8516-156bba790220\index-dir\the-real-index

                      Filesize

                      1KB

                      MD5

                      dc1e0e7ef2643eb4dda68c64f3d83e5a

                      SHA1

                      ace14f1f9f9de4397f7a147cc3588ffc41d85e41

                      SHA256

                      9df448010637174f3efa2412a289be136821c5f639d5581c4525431285538daa

                      SHA512

                      cc11316c02d51519389daf307d019b0839556e284ac8600e6bd5fe09faf7b66b23e6edc7d23425d6f790054d7d9e9666fb7d9906ce9364ca6aa9fae590fce9d7

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\bd6473c3cff8cfae9f204ce7e09e8adb1af0171b\bd1da0af-8961-4d5c-8516-156bba790220\index-dir\the-real-index~RFe5875e7.TMP

                      Filesize

                      48B

                      MD5

                      b4dea5ca07c695ee5e42fd2ac351e976

                      SHA1

                      774a51d33ef3bc4383acabe92e1abd05a7583bbe

                      SHA256

                      eef7d1b72c2729b697fd818fbebcf9cfb3dd755ee7fb72da8b4c417a573c352d

                      SHA512

                      779e8f632ca5c89aa9cbfa8959f83f030789c0797beb0096a8c2df4e375ad07b56beb7b2b00620ae713eb581a4a3a4c9ef1b5650e2a8b9f3f4b745d52ce6fe61

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\bd6473c3cff8cfae9f204ce7e09e8adb1af0171b\index.txt

                      Filesize

                      193B

                      MD5

                      bddd725c69069dc94ee8ef31bc10bb17

                      SHA1

                      a193f31146829dcbd542a8eecef849c97878750d

                      SHA256

                      2950d19c0648bf195a9d2fb22b4227356a8edd6080c38b8b8067d47ab4ebe026

                      SHA512

                      59c221d29884b1b77bb42772d436cf95bd5b5fbc77154c0df9bef1ba14960e2fda41367f956a5b66a40c63e596942d19ed369ead31bd9865669920b256d5427d

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\bd6473c3cff8cfae9f204ce7e09e8adb1af0171b\index.txt~RFe587635.TMP

                      Filesize

                      197B

                      MD5

                      68fb6f5cc56aa74801cb9efa1b93c266

                      SHA1

                      d1257be7756ad9906ac14ba027ac040c11956599

                      SHA256

                      b6e8babe8ecc632b058aca54bb6cb14357fdfddbddb1f472aee0454dcc163995

                      SHA512

                      a0fe7998a40420f633b59910bea36c5ae442b04e98b440238afb62b1d79618397e2f2c4453d4c65bbdf8dad3c806e3e56aa1031c0f361b9bf8a090212bbbdf2d

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                      Filesize

                      96B

                      MD5

                      e5656959a779e2470f5eede9eaae0387

                      SHA1

                      f8a467a6e4c86e6ebe995851dcb2956d1605c451

                      SHA256

                      4ea6f7b7449d873956072f00470b47a03f12b2782717dd89934d2b1f9c33aa43

                      SHA512

                      d5b40644a12386efed65037923c0369bd7cc2e4f06a0d4b96a4e5397e7dc000305a793f2772a3dc22f28da44780c6b70cc3cbe6c3ce377a81eed0bce327989f0

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d4d4.TMP

                      Filesize

                      48B

                      MD5

                      aaa976bd0c99ee444ca8523fdf78e135

                      SHA1

                      1b0914b583df7e0a305737594f00d7298b3610f0

                      SHA256

                      c5c5349761117b2ddc4b8830333a4661b2b10d5a7f728c720db00f0a6c22a3ec

                      SHA512

                      6e102421c669fce7c0132350a63558e0ac4ea166d50f63b61ecb943a57bc7f77d8f78eaa75c86b9f7e63c237f2c970041a44c7e6d9dfd8753daf0d31cb06824b

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      87KB

                      MD5

                      b296578ed95cbdb7dcad5b25dd6ce694

                      SHA1

                      09b27d0a0d687f9118ceed8fd755beaef77e64ff

                      SHA256

                      4041c5491f36502cca720e498a06bac862a2318b3260ec95e38551df2d2b488a

                      SHA512

                      27ca06a65876f806b395cd28a8a02cc45cf3a118b3b2bd9109fed2bb5784254c518d11fefd1f651b3cf1537eba454c09ba3e0b62624517bbae89c5797d683cde

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                      Filesize

                      2B

                      MD5

                      99914b932bd37a50b983c5e7c90ae93b

                      SHA1

                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                      SHA256

                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                      SHA512

                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd