hxxp://secure-web[.]cisco[.]com/1GRcAuOd7i2ag9gQjC_DsivGUgpN9YtHHwcz8Lrl-234nI6UJZVvatDLMFNvU9d5K9Wu2Y4CrLoc0ib86f_gEgA41k9kzP9xToRdGWloVmjK5Ns19UiMxx6yy-5E3ZofR-UofnenpH3j8YRB2HgC-IYSrS7DY_HWjZrTMJkxeTPTdzP22bNxzkaQ-1f4N-T-mT1mdr-3P4m4ZOypHNgIXHpRZUsuu12R0GzYnbAEU2iYIg_jgIHiQnTN8wBsYYOzCq2uZWOMx21pJMRFlgWJMCXWjjTcUhOS0wYwOCU9X04HSw35xb4ovRCpfDVc2ut4-rSl5dXYAtkCorU62HXxxK2qh2RbmrkDE_H77_cZKleyaXIY_vMgxqmyropp_4gCAGG7_Tv5fGr9zx4CqtUaO1lBGB_m5l2ipK_NjjZrg1iONQ3RwMtiJjt-36XWsiu2FW6RRbVicGiYjoYpC_uAh54CGwxN5nU0_HQOKiXkHw1mCMLa9nHXAJr53zwCE3OydnF289PMr-knK8Ul87gXreSb7HC22BCsJdMzhIEpaV-k/l1111%3Ahttp%3A%2F%2Femail[.]click2redirect[.]me%2Fls%2Fclick%3Fupn%3DK3J3bDHG2YlhH8ElC2vm-2Fwc8AJ6NJCCdMyJlrcXaLx6eQlqX6DPudV6Gzvg0rKwSurnZCwUGnWq-2Fm-2BzocC-2FJZa8aUKbeMriClUnDhHR1Z2bbJa9C8pZjhiVg6Q3UxR9HTw2XcbROVN5gx80PGhUnY4m6FTWZ6I3YigQyAAHcQ2iTKPvhLklBNvakcnB-2FdbRZ5KR1fPTetWzHNAJVGYlPAaYILIk5vwjske4-2BTtUVyT5h2kJ5Jm-2FpgehDTZBAwcQ4pzhwbEZivu8dtSFfCq0KlccqFCNgkLcELuM1yz3vmN1PhkY1V88U0dH-2FdM2CVtEgalSxjMu-2F206j0T7OaHTwnZrJ3ouS09kJrgSdW7RLVrvK2YhbL9d2a-2FnJS2o8FkMc7x5j6KfBR1a4bBSPJC0VUHLUUynJo0EI-2BcgYHw6opGHxfqBU0NT8K8wtZqgDk56xevso_e0AB0dBNLh8C08kMJm4XyNR7gy667-2FjQGaJNJ2sLO-2FVPvtkA7MWYkP3rLJPUYOi-2Bo8BAcv4I3lDvzBc2D7moRw84WCvbHN3OcG2On-2FQMghnMOg6F62RT559QpRebqw0wvbNvpALfbVnXPEdL7-2Bs7yuDtBNxslDPagxY8zPqgOjRpvaIHqq-2BlqRl1jDatwb72cA-2BCOgqTmk9d-2B3a-2BT4cGtNjn-2B1I4NDEwl43ctPPrGwQUN8Nm6MxdOZLTmeEJdy11kFSFXg6KvJM6p04HpFZpBIqtaDxRD6p68TOelp4ksnIqiEVZqYb-2FXtheQXwLQ4SMJSet1T3oDFTFWqpJY4VdZC65qiMKLOVB27HfmDg6AMMUq42S7nx66dAwF8Dz0ShugKxYzx6W-2BnPPLAfNizwg2FjLy5HrNhPy3LYdsUKf0YlaJoF4waPnX1ausrAnXWlXuAbWCnZI-2BelcRaLs1WddbnpPJEsNOwvyGUw7bS4IwCrweax5eXgnGZFQ-2FIyi8YrsNc2qJ4ajgDlYvasYHZGFRu1T-2FUo6-2Bw-2Bs1ksQPlMisnY-3De

Analysis

max time kernel
150s
max time network
133s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
03/10/2023, 09:06

Sharing

Behavioral task

behavioral1

Sample

http://secure-web.cisco.com/1GRcAuOd7i2ag9gQjC_DsivGUgpN9YtHHwcz8Lrl-234nI6UJZVvatDLMFNvU9d5K9Wu2Y4CrLoc0ib86f_gEgA41k9kzP9xToRdGWloVmjK5Ns19UiMxx6yy-5E3ZofR-UofnenpH3j8YRB2HgC-IYSrS7DY_HWjZrTMJkxeTPTdzP22bNxzkaQ-1f4N-T-mT1mdr-3P4m4ZOypHNgIXHpRZUsuu12R0GzYnbAEU2iYIg_jgIHiQnTN8wBsYYOzCq2uZWOMx21pJMRFlgWJMCXWjjTcUhOS0wYwOCU9X04HSw35xb4ovRCpfDVc2ut4-rSl5dXYAtkCorU62HXxxK2qh2RbmrkDE_H77_cZKleyaXIY_vMgxqmyropp_4gCAGG7_Tv5fGr9zx4CqtUaO1lBGB_m5l2ipK_NjjZrg1iONQ3RwMtiJjt-36XWsiu2FW6RRbVicGiYjoYpC_uAh54CGwxN5nU0_HQOKiXkHw1mCMLa9nHXAJr53zwCE3OydnF289PMr-knK8Ul87gXreSb7HC22BCsJdMzhIEpaV-k/l1111%3Ahttp%3A%2F%2Femail.click2redirect.me%2Fls%2Fclick%3Fupn%3DK3J3bDHG2YlhH8ElC2vm-2Fwc8AJ6NJCCdMyJlrcXaLx6eQlqX6DPudV6Gzvg0rKwSurnZCwUGnWq-2Fm-2BzocC-2FJZa8aUKbeMriClUnDhHR1Z2bbJa9C8pZjhiVg6Q3UxR9HTw2XcbROVN5gx80PGhUnY4m6FTWZ6I3YigQyAAHcQ2iTKPvhLklBNvakcnB-2FdbRZ5KR1fPTetWzHNAJVGYlPAaYILIk5vwjske4-2BTtUVyT5h2kJ5Jm-2FpgehDTZBAwcQ4pzhwbEZivu8dtSFfCq0KlccqFCNgkLcELuM1yz3vmN1PhkY1V88U0dH-2FdM2CVtEgalSxjMu-2F206j0T7OaHTwnZrJ3ouS09kJrgSdW7RLVrvK2YhbL9d2a-2FnJS2o8FkMc7x5j6KfBR1a4bBSPJC0VUHLUUynJo0EI-2BcgYHw6opGHxfqBU0NT8K8wtZqgDk56xevso_e0AB0dBNLh8C08kMJm4XyNR7gy667-2FjQGaJNJ2sLO-2FVPvtkA7MWYkP3rLJPUYOi-2Bo8BAcv4I3lDvzBc2D7moRw84WCvbHN3OcG2On-2FQMghnMOg6F62RT559QpRebqw0wvbNvpALfbVnXPEdL7-2Bs7yuDtBNxslDPagxY8zPqgOjRpvaIHqq-2BlqRl1jDatwb72cA-2BCOgqTmk9d-2B3a-2BT4cGtNjn-2B1I4NDEwl43ctPPrGwQUN8Nm6MxdOZLTmeEJdy11kFSFXg6KvJM6p04HpFZpBIqtaDxRD6p68TOelp4ksnIqiEVZqYb-2FXtheQXwLQ4SMJSet1T3oDFTFWqpJY4VdZC65qiMKLOVB27HfmDg6AMMUq42S7nx66dAwF8Dz0ShugKxYzx6W-2BnPPLAfNizwg2FjLy5HrNhPy3LYdsUKf0YlaJoF4waPnX1ausrAnXWlXuAbWCnZI-2BelcRaLs1WddbnpPJEsNOwvyGUw7bS4IwCrweax5eXgnGZFQ-2FIyi8YrsNc2qJ4ajgDlYvasYHZGFRu1T-2FUo6-2Bw-2Bs1ksQPlMisnY-3De

Resource

win10-20230915-en

windows10-1703-x64

8 signatures

150 seconds

Report Analysis Logs

General

Target

http://secure-web.cisco.com/1GRcAuOd7i2ag9gQjC_DsivGUgpN9YtHHwcz8Lrl-234nI6UJZVvatDLMFNvU9d5K9Wu2Y4CrLoc0ib86f_gEgA41k9kzP9xToRdGWloVmjK5Ns19UiMxx6yy-5E3ZofR-UofnenpH3j8YRB2HgC-IYSrS7DY_HWjZrTMJkxeTPTdzP22bNxzkaQ-1f4N-T-mT1mdr-3P4m4ZOypHNgIXHpRZUsuu12R0GzYnbAEU2iYIg_jgIHiQnTN8wBsYYOzCq2uZWOMx21pJMRFlgWJMCXWjjTcUhOS0wYwOCU9X04HSw35xb4ovRCpfDVc2ut4-rSl5dXYAtkCorU62HXxxK2qh2RbmrkDE_H77_cZKleyaXIY_vMgxqmyropp_4gCAGG7_Tv5fGr9zx4CqtUaO1lBGB_m5l2ipK_NjjZrg1iONQ3RwMtiJjt-36XWsiu2FW6RRbVicGiYjoYpC_uAh54CGwxN5nU0_HQOKiXkHw1mCMLa9nHXAJr53zwCE3OydnF289PMr-knK8Ul87gXreSb7HC22BCsJdMzhIEpaV-k/l1111%3Ahttp%3A%2F%2Femail.click2redirect.me%2Fls%2Fclick%3Fupn%3DK3J3bDHG2YlhH8ElC2vm-2Fwc8AJ6NJCCdMyJlrcXaLx6eQlqX6DPudV6Gzvg0rKwSurnZCwUGnWq-2Fm-2BzocC-2FJZa8aUKbeMriClUnDhHR1Z2bbJa9C8pZjhiVg6Q3UxR9HTw2XcbROVN5gx80PGhUnY4m6FTWZ6I3YigQyAAHcQ2iTKPvhLklBNvakcnB-2FdbRZ5KR1fPTetWzHNAJVGYlPAaYILIk5vwjske4-2BTtUVyT5h2kJ5Jm-2FpgehDTZBAwcQ4pzhwbEZivu8dtSFfCq0KlccqFCNgkLcELuM1yz3vmN1PhkY1V88U0dH-2FdM2CVtEgalSxjMu-2F206j0T7OaHTwnZrJ3ouS09kJrgSdW7RLVrvK2YhbL9d2a-2FnJS2o8FkMc7x5j6KfBR1a4bBSPJC0VUHLUUynJo0EI-2BcgYHw6opGHxfqBU0NT8K8wtZqgDk56xevso_e0AB0dBNLh8C08kMJm4XyNR7gy667-2FjQGaJNJ2sLO-2FVPvtkA7MWYkP3rLJPUYOi-2Bo8BAcv4I3lDvzBc2D7moRw84WCvbHN3OcG2On-2FQMghnMOg6F62RT559QpRebqw0wvbNvpALfbVnXPEdL7-2Bs7yuDtBNxslDPagxY8zPqgOjRpvaIHqq-2BlqRl1jDatwb72cA-2BCOgqTmk9d-2B3a-2BT4cGtNjn-2B1I4NDEwl43ctPPrGwQUN8Nm6MxdOZLTmeEJdy11kFSFXg6KvJM6p04HpFZpBIqtaDxRD6p68TOelp4ksnIqiEVZqYb-2FXtheQXwLQ4SMJSet1T3oDFTFWqpJY4VdZC65qiMKLOVB27HfmDg6AMMUq42S7nx66dAwF8Dz0ShugKxYzx6W-2BnPPLAfNizwg2FjLy5HrNhPy3LYdsUKf0YlaJoF4waPnX1ausrAnXWlXuAbWCnZI-2BelcRaLs1WddbnpPJEsNOwvyGUw7bS4IwCrweax5eXgnGZFQ-2FIyi8YrsNc2qJ4ajgDlYvasYHZGFRu1T-2FUo6-2Bw-2Bs1ksQPlMisnY-3De

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133407976193119229"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe
Token: SeShutdownPrivilege	1304	chrome.exe
Token: SeCreatePagefilePrivilege	1304	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe
1304	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 2036	1304	chrome.exe	70
PID 1304 wrote to memory of 2036	1304	chrome.exe	70
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 356	1304	chrome.exe	72
PID 1304 wrote to memory of 1376	1304	chrome.exe	73
PID 1304 wrote to memory of 1376	1304	chrome.exe	73
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74
PID 1304 wrote to memory of 876	1304	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://secure-web.cisco.com/1GRcAuOd7i2ag9gQjC_DsivGUgpN9YtHHwcz8Lrl-234nI6UJZVvatDLMFNvU9d5K9Wu2Y4CrLoc0ib86f_gEgA41k9kzP9xToRdGWloVmjK5Ns19UiMxx6yy-5E3ZofR-UofnenpH3j8YRB2HgC-IYSrS7DY_HWjZrTMJkxeTPTdzP22bNxzkaQ-1f4N-T-mT1mdr-3P4m4ZOypHNgIXHpRZUsuu12R0GzYnbAEU2iYIg_jgIHiQnTN8wBsYYOzCq2uZWOMx21pJMRFlgWJMCXWjjTcUhOS0wYwOCU9X04HSw35xb4ovRCpfDVc2ut4-rSl5dXYAtkCorU62HXxxK2qh2RbmrkDE_H77_cZKleyaXIY_vMgxqmyropp_4gCAGG7_Tv5fGr9zx4CqtUaO1lBGB_m5l2ipK_NjjZrg1iONQ3RwMtiJjt-36XWsiu2FW6RRbVicGiYjoYpC_uAh54CGwxN5nU0_HQOKiXkHw1mCMLa9nHXAJr53zwCE3OydnF289PMr-knK8Ul87gXreSb7HC22BCsJdMzhIEpaV-k/l1111%3Ahttp%3A%2F%2Femail.click2redirect.me%2Fls%2Fclick%3Fupn%3DK3J3bDHG2YlhH8ElC2vm-2Fwc8AJ6NJCCdMyJlrcXaLx6eQlqX6DPudV6Gzvg0rKwSurnZCwUGnWq-2Fm-2BzocC-2FJZa8aUKbeMriClUnDhHR1Z2bbJa9C8pZjhiVg6Q3UxR9HTw2XcbROVN5gx80PGhUnY4m6FTWZ6I3YigQyAAHcQ2iTKPvhLklBNvakcnB-2FdbRZ5KR1fPTetWzHNAJVGYlPAaYILIk5vwjske4-2BTtUVyT5h2kJ5Jm-2FpgehDTZBAwcQ4pzhwbEZivu8dtSFfCq0KlccqFCNgkLcELuM1yz3vmN1PhkY1V88U0dH-2FdM2CVtEgalSxjMu-2F206j0T7OaHTwnZrJ3ouS09kJrgSdW7RLVrvK2YhbL9d2a-2FnJS2o8FkMc7x5j6KfBR1a4bBSPJC0VUHLUUynJo0EI-2BcgYHw6opGHxfqBU0NT8K8wtZqgDk56xevso_e0AB0dBNLh8C08kMJm4XyNR7gy667-2FjQGaJNJ2sLO-2FVPvtkA7MWYkP3rLJPUYOi-2Bo8BAcv4I3lDvzBc2D7moRw84WCvbHN3OcG2On-2FQMghnMOg6F62RT559QpRebqw0wvbNvpALfbVnXPEdL7-2Bs7yuDtBNxslDPagxY8zPqgOjRpvaIHqq-2BlqRl1jDatwb72cA-2BCOgqTmk9d-2B3a-2BT4cGtNjn-2B1I4NDEwl43ctPPrGwQUN8Nm6MxdOZLTmeEJdy11kFSFXg6KvJM6p04HpFZpBIqtaDxRD6p68TOelp4ksnIqiEVZqYb-2FXtheQXwLQ4SMJSet1T3oDFTFWqpJY4VdZC65qiMKLOVB27HfmDg6AMMUq42S7nx66dAwF8Dz0ShugKxYzx6W-2BnPPLAfNizwg2FjLy5HrNhPy3LYdsUKf0YlaJoF4waPnX1ausrAnXWlXuAbWCnZI-2BelcRaLs1WddbnpPJEsNOwvyGUw7bS4IwCrweax5eXgnGZFQ-2FIyi8YrsNc2qJ4ajgDlYvasYHZGFRu1T-2FUo6-2Bw-2Bs1ksQPlMisnY-3De
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb729d9758,0x7ffb729d9768,0x7ffb729d9778
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1864,i,4738368057302992563,11368665701714925506,131072 /prefetch:2
  2⤵
  PID:356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1864,i,4738368057302992563,11368665701714925506,131072 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1864,i,4738368057302992563,11368665701714925506,131072 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2668 --field-trial-handle=1864,i,4738368057302992563,11368665701714925506,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2644 --field-trial-handle=1864,i,4738368057302992563,11368665701714925506,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1864,i,4738368057302992563,11368665701714925506,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1864,i,4738368057302992563,11368665701714925506,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1864,i,4738368057302992563,11368665701714925506,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1864,i,4738368057302992563,11368665701714925506,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1864,i,4738368057302992563,11368665701714925506,131072 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 --field-trial-handle=1864,i,4738368057302992563,11368665701714925506,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e8e4ee290a8f79fdb14613c7735f961c

SHA1
44ffe39369b0ac2b5e6bc59854ea5673186b4c1c

SHA256
11fbddd85883db04779a5c286915105a470ec1ae2c14344692bab953d08d8614

SHA512
059baaf5ceb7283469f4a584bcc784ba7d315c5144f71976868a4778a7542666c9be8bdfb2ee96931ce2c06de07d1734b600ca2f6551665cd9cc59234ee3b1fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
faae523dc17e4e8c21af73294e68ebeb

SHA1
7d269b1e6506129ebf720198bda980707ae4935b

SHA256
9e2cc85463b8c7a6c09b420899f1a101fb487822d30d3f0fe6589c35291a5cfd

SHA512
266b9546e6ffbe568141920a02818a51edf7c04360bdfc3d1782b57580fc87fb7898293e24536298a90215c4e95a9ad6791c14264b25dba39e364ab9ef215306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
664d54201b27e19a874e821e221f78a6

SHA1
33e1968555d8ce2d9e1c2d0c99e83b89bbf76b4e

SHA256
8e54289deea0ad904f484ffeb2a68f219dc9b19cfa9d274f2b263c2cbe862f68

SHA512
5f5f902ee9d68826a60e1799aa265a93759b4391c07eb1ab554a9707724b6e41b62905ce34f1b80272f7126720227e3b74602ef52dd37d72cfc2206793268f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
104KB

MD5
8e037aabb2982e5b23a9c3dff7d61a2b

SHA1
62c35f60f2800a91f0c5281e932ce0038f8fb202

SHA256
01e2a8ec31f0e799c906bbffc207d2de8c8aebec5b24a75a68fa0a85734ffcda

SHA512
ed21f2e70d1a3dcbeb57073bb9899bae58b2c67354e2693b7681fb4e1c2cc46d75eca19d35534efdd97c0260cd1b352c9d5dbeeb4a9cc86c89d4734b25b4ca92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
57339e8deb12e445f4727a484b9efc3b

SHA1
659fa1c6f59013e234410231a48c7c38a87de878

SHA256
852c7af611b27aca244b9e30b5a7e1be34c8c8d6bdb82aa33b8b26902ab8f790

SHA512
b55ce99f2750ae99417587d85d8a3ab550f372a50df3a3ed50e96d6a4d1416a012a611025db6ec00a51d47cbba774e499ef35a286d6a2239eeee7f80e50f039b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
e9917de6fcf58164317191feb7efc185

SHA1
3fcdba52565becaf45ccdb74b6640445036883c8

SHA256
ee88adfbe50d550429e193c03083ea3fd2d591b243c4b858ebec810f074db25c

SHA512
2087f41cb8366c5e2b824f8d2f480f23ac9ab2c5dbd2c02b65ac6599deb6206f27eb9a37ab5778a3bc36035fe85db83aa88e8dac321aeba2ed6a1b35bfd0808e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
04b1b23bc3b4b59ebec8228f514cf802

SHA1
dde7fc1f81db566145f6c6352f7347441b2d1b6a

SHA256
8e40ba5d5bba2eb1be115ea5e92d385a3f8b796feaed797ddca7e7794e8ae8de

SHA512
463fc35d56f579f859790d585915421dd562c2a201a3dc5bd3276ba6e50afa8011d52c175c4b36920db43454a794c7b73cb68fcaf591e199495a2e86a41da281

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit