hxxps://u2048429[.]ct[.]sendgrid[.]net/wf/open?upn=HtqUTvXKU5sUymDOc7F-2FPd-2FJUybCNPJqAu28kHNzg3-2B9JViHX09QFR370DDjtL-2FJsLaP48mhYuEbWGhteAn-2BPETLG8pHK9keemtmzAW4vMriynsKfe3vTrlL73KlTRhUpBmcxLqRnXc1Rrgg-2FvvL-2BJ5EtcuZvmpZ1M0EUsHjApIfDlk1mXeMYAOwmphfMe3HqNdSW24qsKNA3cqC6JwyctGWfCDHhipKiRV3CDM555H7TRwI7NvuyGi0f3yHzt3uZEjC39JwDXyb-2BNz1lk-2Fs2w-3D-3D

Analysis

max time kernel
150s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2023 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u2048429.ct.sendgrid.net/wf/open?upn=HtqUTvXKU5sUymDOc7F-2FPd-2FJUybCNPJqAu28kHNzg3-2B9JViHX09QFR370DDjtL-2FJsLaP48mhYuEbWGhteAn-2BPETLG8pHK9keemtmzAW4vMriynsKfe3vTrlL73KlTRhUpBmcxLqRnXc1Rrgg-2FvvL-2BJ5EtcuZvmpZ1M0EUsHjApIfDlk1mXeMYAOwmphfMe3HqNdSW24qsKNA3cqC6JwyctGWfCDHhipKiRV3CDM555H7TRwI7NvuyGi0f3yHzt3uZEjC39JwDXyb-2BNz1lk-2Fs2w-3D-3D

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133373491959312660"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
3360	chrome.exe
3360	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 4504	2800	chrome.exe	81
PID 2800 wrote to memory of 4504	2800	chrome.exe	81
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 368	2800	chrome.exe	83
PID 2800 wrote to memory of 4884	2800	chrome.exe	84
PID 2800 wrote to memory of 4884	2800	chrome.exe	84
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85
PID 2800 wrote to memory of 2188	2800	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u2048429.ct.sendgrid.net/wf/open?upn=HtqUTvXKU5sUymDOc7F-2FPd-2FJUybCNPJqAu28kHNzg3-2B9JViHX09QFR370DDjtL-2FJsLaP48mhYuEbWGhteAn-2BPETLG8pHK9keemtmzAW4vMriynsKfe3vTrlL73KlTRhUpBmcxLqRnXc1Rrgg-2FvvL-2BJ5EtcuZvmpZ1M0EUsHjApIfDlk1mXeMYAOwmphfMe3HqNdSW24qsKNA3cqC6JwyctGWfCDHhipKiRV3CDM555H7TRwI7NvuyGi0f3yHzt3uZEjC39JwDXyb-2BNz1lk-2Fs2w-3D-3D
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff911cc9758,0x7ff911cc9768,0x7ff911cc9778
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1880,i,12984893738987684168,4511536993027643371,131072 /prefetch:2
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1880,i,12984893738987684168,4511536993027643371,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1880,i,12984893738987684168,4511536993027643371,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1880,i,12984893738987684168,4511536993027643371,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3300 --field-trial-handle=1880,i,12984893738987684168,4511536993027643371,131072 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1880,i,12984893738987684168,4511536993027643371,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1880,i,12984893738987684168,4511536993027643371,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2884 --field-trial-handle=1880,i,12984893738987684168,4511536993027643371,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3360

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d3d14d673935ee3510575b55e444989e

SHA1
d5e26fd8f4cad9805825f39c6f25ecdc93635b5a

SHA256
72971f45e02220562710619c19c3cf284c4ea318a38e20011f04f66ccf6e10ef

SHA512
4a1661bf99d72401fd5a31cd496d6284bb9e5486a759230bce88935e61a966a0b3a575c0c4de9e052b0edda6548e6925c57a4999b487c59ae811471139213790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a5d2eec4271a0a29b8cdbc1ce5058a2d

SHA1
f19f4a89e69842b0e47071dbc37255872322283b

SHA256
7b8136ec80f4c4476959a1d04f44267f6ecaf0f3746af33f586f4970337cb765

SHA512
60176d548e08892b9541cb731f53c8192d288d727ffc092a028e4b25bf7e3de0e601798336a75d36942ff8a4eb1699b23e06ebb0ed2c5891309600f284f15342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
885283c9db0a6b2744a935f383e40a21

SHA1
b7db791387344a9a4be56c610321478262cb52d3

SHA256
e3141a80982e95e2669b63f3bb96ac29952b0cdbb4573af6e445e2b1f47f4da9

SHA512
c02761126dfbe35929e0cfab8292a2902d538330ba47a71668afadba40de3079c6b973f72772c63a54e84002c558aa5909c19e4a81efc316f4ecc21e72e1b88d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
ca8ad492699ec155503a505825000e12

SHA1
7c793b265907c6339280b8e4e1108048f9ac6053

SHA256
198bbd4fe7fa29506571b6d9a715fe31df17489affc5a3391e1b288aacc5d45e

SHA512
f10fe73b22d12be1a14ae25b977ed3ccfaba493e697d92acc6a92a740ab267c6ca793ba994d01032d40208b0a92e12d732cd7e0241d9c20f40ab53f353c97c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit