Analysis
-
max time kernel
42s -
max time network
38s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
19-09-2023 03:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://email.mg.633pay.hk/c/eJw8yUtuhCAYAODTwK7kf4mwYNHW8R4CMk5GglFL0tt31_WXA5SSvF4DWj-ACAjqLTibsIiz7CJnypg4jZKGPPq15BKjfgUCYvDokFkADZr5W2jy0-PLDfKgiZVAfRrLfCy_ZnvrPWz3fVyKPxXNiuZ_UTTrGhDHwTohfYa-L_l17Us3vZ0trl0J3PX98Tzbz2FSq38BAAD__1N6M7Y
Resource
win10v2004-20230915-en
General
-
Target
https://email.mg.633pay.hk/c/eJw8yUtuhCAYAODTwK7kf4mwYNHW8R4CMk5GglFL0tt31_WXA5SSvF4DWj-ACAjqLTibsIiz7CJnypg4jZKGPPq15BKjfgUCYvDokFkADZr5W2jy0-PLDfKgiZVAfRrLfCy_ZnvrPWz3fVyKPxXNiuZ_UTTrGhDHwTohfYa-L_l17Us3vZ0trl0J3PX98Tzbz2FSq38BAAD__1N6M7Y
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133395691961593971" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1156 chrome.exe 1156 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1156 chrome.exe 1156 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe Token: SeShutdownPrivilege 1156 chrome.exe Token: SeCreatePagefilePrivilege 1156 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe 1156 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1156 wrote to memory of 1592 1156 chrome.exe 39 PID 1156 wrote to memory of 1592 1156 chrome.exe 39 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 672 1156 chrome.exe 87 PID 1156 wrote to memory of 4164 1156 chrome.exe 88 PID 1156 wrote to memory of 4164 1156 chrome.exe 88 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89 PID 1156 wrote to memory of 3700 1156 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://email.mg.633pay.hk/c/eJw8yUtuhCAYAODTwK7kf4mwYNHW8R4CMk5GglFL0tt31_WXA5SSvF4DWj-ACAjqLTibsIiz7CJnypg4jZKGPPq15BKjfgUCYvDokFkADZr5W2jy0-PLDfKgiZVAfRrLfCy_ZnvrPWz3fVyKPxXNiuZ_UTTrGhDHwTohfYa-L_l17Us3vZ0trl0J3PX98Tzbz2FSq38BAAD__1N6M7Y1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1156 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ce6e9758,0x7ff8ce6e9768,0x7ff8ce6e97782⤵PID:1592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1872,i,6388381131335266776,4166816352915129600,131072 /prefetch:22⤵PID:672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1872,i,6388381131335266776,4166816352915129600,131072 /prefetch:82⤵PID:4164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1872,i,6388381131335266776,4166816352915129600,131072 /prefetch:82⤵PID:3700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1872,i,6388381131335266776,4166816352915129600,131072 /prefetch:12⤵PID:1036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1872,i,6388381131335266776,4166816352915129600,131072 /prefetch:12⤵PID:4388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1872,i,6388381131335266776,4166816352915129600,131072 /prefetch:82⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1872,i,6388381131335266776,4166816352915129600,131072 /prefetch:82⤵PID:3944
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3460
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD57f4eb5896dc20242d5cb4524482ce537
SHA165867122a6570a5c88307a5bfb758dd6d6a855ad
SHA25673dd1fad6fd94ecd9677e76737b878e03a145b1cda36bab1520ff59714c12562
SHA51211a2db2234f71716234bbad5000751cf08f39b1edc81fa3f3e5910316d615f3d1e8dd3fce493c041187b313810194f1c70fa6ddc48a7a1cc982848dc60746124
-
Filesize
6KB
MD5d5fe0dc2b0d23a3a0d05da0cf839831f
SHA16897dca5b82665ed5082e75cd7df4f3e55cc8432
SHA256f1775b051e0cd80b38f2fc29513f7055900b06efecd4eff0dff4cd9325d1c9de
SHA5121efa6cdf4d5823924a416a03d31d405a5f7f18e0986899a3f758d58651d0b9e6ea28bac8b3ed2580c15ab4c71564b06cdcabafac789fd588c0b6101ff7b97fc9
-
Filesize
102KB
MD536dbdcfa85c61ba321d44be479e667b1
SHA11bb4e0a7b6d623bdd9b8f2507cff103a2a6cab18
SHA2561c20f60c22d63fc0960b96db9e873b30905281e90bd8c523fc54183cc1e32c5b
SHA51276c5cca6c4287915b366175728ad023cbfa402b962ee3770e0b9061e689f34fcb9a194ca6ebce1dc8c6c6be8165b46470ad2c79c7aa5229117a5474e9581570d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd