hxxp://email[.]voxer[.]com/wf/open?upn=fAwFfd5jwQRiYmKs98khofDW25rNHaA7CWHhjCyIrASpgPHerMFz1eTPrBLHL85Ds15hZweC-2B-2FlRQx20YUs6paCxogzdJdSI3o8TVKrGb8M8uvACa5m20TqTbauRFRUXzgKVtIu8lYH-2FtgaHA-2FbFRf4Odj1pYWSrOVfSQWjRhCYyH5iUAIOpYbcSy-2FuWA8J1OAe-2FsQaYoqBk2rs2WY622vY-2BxQx3xsWyIOjcGZOnfVk-3D

Analysis

max time kernel
300s
max time network
269s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2023 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://email.voxer.com/wf/open?upn=fAwFfd5jwQRiYmKs98khofDW25rNHaA7CWHhjCyIrASpgPHerMFz1eTPrBLHL85Ds15hZweC-2B-2FlRQx20YUs6paCxogzdJdSI3o8TVKrGb8M8uvACa5m20TqTbauRFRUXzgKVtIu8lYH-2FtgaHA-2FbFRf4Odj1pYWSrOVfSQWjRhCYyH5iUAIOpYbcSy-2FuWA8J1OAe-2FsQaYoqBk2rs2WY622vY-2BxQx3xsWyIOjcGZOnfVk-3D

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133371195033045474"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
1488	chrome.exe
1488	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 3124	2220	chrome.exe	82
PID 2220 wrote to memory of 3124	2220	chrome.exe	82
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 1220	2220	chrome.exe	84
PID 2220 wrote to memory of 4280	2220	chrome.exe	85
PID 2220 wrote to memory of 4280	2220	chrome.exe	85
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86
PID 2220 wrote to memory of 4768	2220	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://email.voxer.com/wf/open?upn=fAwFfd5jwQRiYmKs98khofDW25rNHaA7CWHhjCyIrASpgPHerMFz1eTPrBLHL85Ds15hZweC-2B-2FlRQx20YUs6paCxogzdJdSI3o8TVKrGb8M8uvACa5m20TqTbauRFRUXzgKVtIu8lYH-2FtgaHA-2FbFRf4Odj1pYWSrOVfSQWjRhCYyH5iUAIOpYbcSy-2FuWA8J1OAe-2FsQaYoqBk2rs2WY622vY-2BxQx3xsWyIOjcGZOnfVk-3D
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff847c09758,0x7ff847c09768,0x7ff847c09778
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1872,i,10518914970286917624,8925534411291716493,131072 /prefetch:2
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1872,i,10518914970286917624,8925534411291716493,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1872,i,10518914970286917624,8925534411291716493,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1872,i,10518914970286917624,8925534411291716493,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1872,i,10518914970286917624,8925534411291716493,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1872,i,10518914970286917624,8925534411291716493,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1872,i,10518914970286917624,8925534411291716493,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2468 --field-trial-handle=1872,i,10518914970286917624,8925534411291716493,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1488

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
824B

MD5
ed1644c1d46f0e71d0c23775d3c18a8f

SHA1
b1ad6105afe6a85df85df7ca5744ffa54ab3f6a0

SHA256
47271c8cf4554f16368f02db8a0ad07be13efb7e72bc6938068fea53b16421ce

SHA512
ca971de4449cc0977618fbde9c242429ee66c6ece5b8d0c0a89aaba733e2504ce32e4a01db62b27156670f3f53a4232e84cea93d850298c74a25ac3ceb85e695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1a565f5818062d435ce7063346accfe

SHA1
1ceb06e07853b93369308e9262b8ced7aa89ba7f

SHA256
3555f1f67c534a8183dbcf9adfd208eb06293d7c9f2b26a8ee522fe0c9a10918

SHA512
a2efd602c3c2d809d395bf948ba0101dfea15d0b44b6db0def67948eee9df334a0a935263624c408bfcbae7e0aefdfb76b095e68afda251da5b9c219f014cf1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
156bd01df62296ff724b7a3491e4158f

SHA1
035969cccecf3f43895eac2001cd515a5a10f96e

SHA256
49eb99ad9b1fa413e9f366db6cdf2735cf95bef1a627d7cd0407403d3282b584

SHA512
2c9f98665a7ff10528b6ecb611c3ad5dc9552ab1e2ac70f0f75d74af0061789f0ab0020388c4e820af1273a4c41f20be3ce8810314c46eb72bdbc2a9ba66731c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit