hxxps://cdn[.]emailbadge[.]com/media/0r1gWAqL3lv2uBNZF9pxb7LCAUm7A6pyiOGhu8M1[.]jpg

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.emailbadge.com/media/0r1gWAqL3lv2uBNZF9pxb7LCAUm7A6pyiOGhu8M1.jpg

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133377060008513174"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2996	chrome.exe
2996	chrome.exe
5104	chrome.exe
5104	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2996	chrome.exe
2996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 4264	2996	chrome.exe	82
PID 2996 wrote to memory of 4264	2996	chrome.exe	82
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2288	2996	chrome.exe	84
PID 2996 wrote to memory of 2412	2996	chrome.exe	85
PID 2996 wrote to memory of 2412	2996	chrome.exe	85
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86
PID 2996 wrote to memory of 5020	2996	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.emailbadge.com/media/0r1gWAqL3lv2uBNZF9pxb7LCAUm7A6pyiOGhu8M1.jpg
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4dc09758,0x7fff4dc09768,0x7fff4dc09778
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1888,i,8012502997880651143,4970341239496386712,131072 /prefetch:2
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1888,i,8012502997880651143,4970341239496386712,131072 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1888,i,8012502997880651143,4970341239496386712,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1888,i,8012502997880651143,4970341239496386712,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1888,i,8012502997880651143,4970341239496386712,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1888,i,8012502997880651143,4970341239496386712,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1888,i,8012502997880651143,4970341239496386712,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1888,i,8012502997880651143,4970341239496386712,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
900B

MD5
7782b2460ccbfbfbc39c545680502c4c

SHA1
6a5d4343608a45d5b13380bc3bb3b40b3e192714

SHA256
3166746e671f66e37bd528549fe94df3cc551f9fdd1419b1bb1ecb7ce025c384

SHA512
9cff4e772d31470f0ead96256aa2a134b1f49b672cb745f7ccf65fe15252db1b712fe46b20dc173ac67c8e0bc14bf887c082cb6cebcba0cbdf2704cdaa9fc1e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b9433cf2de4b7a155e24092d641b4070

SHA1
0085c40c6c0b3dbbec5be6abfd96a4111ce4ee85

SHA256
fe7d48bd69b2abbebd02433165df4967eb1c7e6c9881b503c3394550cb8604d8

SHA512
66e207ecf7d747812e6e2a1e58f5c53e6fb7e954a59911ca1393d3bdf77c8feb81cd4b03b0302d1eac3be0be803036bfe0f2258a5e1e414bfce8a37fd01e3b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
409469b97903ebb9301dcdc0261e5c9e

SHA1
12c67c27a22083734a0e7268947933f6b2c1439c

SHA256
7a52f54f257849ad14cc2efa3244111af3e073c90fe432875b304d3f3d9d267a

SHA512
090739a5472ea93689d7d6655d6af41bace4b4c92ff0a1588e9a83d15a1cc50cf239e839a795b3fdff2f7fcd7f77a1bafce4cf681fc3cc265c7c036f62eae3b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d626ec495f372d0d24a093366836d93

SHA1
3b229e445253e8e4219bcc59e5811e6d9d00f096

SHA256
263d8f5b3d44950687abd151fcbfe2ff32c813e70d5419b2b20653970f29a2d1

SHA512
e1ad6527d5b243ddee26810c8b4fe1611818cc95e705e64d4c1d3314b09108cdc303ff55a6d62cbd6e664bcbcfcc1826d8863ac0d069fce71c0a7fac9b8c1d25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
8ceb50328cc423b0734a7a8a85ec453e

SHA1
70de631dc1490d67f14c59d22a96e810196cf347

SHA256
375505c8b5c1641a275baff44a886194118cd548f8ae351662421b7f58e821c4

SHA512
a53e3825ead26e5388df5cb18c966d48646f8a30269381bb259588e56bedd151453b8884382d080fed3ec5acb1402af2670b92f2312c6520cc379eb99bd25702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ff0902bb-a9f8-4c7b-8896-994126d01235.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit