d642a27ef042746cb37b6576fcaa6284a93efda96d77c5f87617fc5f53b46b88

Resubmissions

12/10/2023, 17:49

231012-wd7kvafa2y 1

11/10/2023, 17:29

231011-v2veradf55 1

Analysis

max time kernel
206s
max time network
222s
platform
windows10-2004_x64
resource
win10v2004-20230915-es
resource tags

arch:x64arch:x86image:win10v2004-20230915-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
11/10/2023, 17:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

My_photo_video_2023_№7567456.html
Size

2KB
MD5

bd7b63ead8e40cb68ae5e1b6cc41039c
SHA1

c1e1e81bdc45e1633a46cca278bd12fa4f5e13ac
SHA256

d642a27ef042746cb37b6576fcaa6284a93efda96d77c5f87617fc5f53b46b88
SHA512

f79ea9c973321750b7508d4d76c8da2f640fdc45a191f04c30b35fb72342a7cd15aa6a01302fcc72448610a96becaa65d3dcd8d5b3df43ddce0778b7f84d3965

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133415191960647049"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe
2888	chrome.exe
2888	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe
Token: SeShutdownPrivilege	2080	chrome.exe
Token: SeCreatePagefilePrivilege	2080	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe
2080	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 3700	2080	chrome.exe	34
PID 2080 wrote to memory of 3700	2080	chrome.exe	34
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 2596	2080	chrome.exe	85
PID 2080 wrote to memory of 4016	2080	chrome.exe	87
PID 2080 wrote to memory of 4016	2080	chrome.exe	87
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86
PID 2080 wrote to memory of 1528	2080	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\My_photo_video_2023_№7567456.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc06519758,0x7ffc06519768,0x7ffc06519778
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1872,i,1021039997656211651,16792837465697232358,131072 /prefetch:2
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1872,i,1021039997656211651,16792837465697232358,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1872,i,1021039997656211651,16792837465697232358,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3152 --field-trial-handle=1872,i,1021039997656211651,16792837465697232358,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3280 --field-trial-handle=1872,i,1021039997656211651,16792837465697232358,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1872,i,1021039997656211651,16792837465697232358,131072 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1872,i,1021039997656211651,16792837465697232358,131072 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=996 --field-trial-handle=1872,i,1021039997656211651,16792837465697232358,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2888

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cf6729d12c470bd4e0abc5f31ac31821

SHA1
c816ac79d47825ffc95b7ce63f9005ac7efefe7c

SHA256
d45af31af0dbf7629b94339b3e783098a5c1d0437f907dfa29f71e2d1ad0418f

SHA512
ead02c19f4b235b4a93a747cef5a81e90fa535d6f073fd2f044d0b1b804fd7953879cc6abd158ed1cb771f648b99fef483021e52b67c781c7b05e9282ecd6815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6a24d4cc4d54e2e753aac678bf2bb5d3

SHA1
2fa711abc49cd6d359f6fd2171e06b85a5cd9945

SHA256
9dce9b5c7999ff81d8512244f282b61bb2bbe30d1019d125d597916d1303276b

SHA512
b6e664691ab479d9481a324c3b5a8ded910fc9fbe20ca93164a44524d9845f77f6222fccee8a4da6b882366ae94e1b978d7cbe4e531b1627a8a8deff09ab1769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
183c32ff99bb35f40beb8515edc29242

SHA1
d156d088af97cdeef46ec85ee5c1a83bd590cf13

SHA256
0ffe5a994237da8a45dd1563c9bb947a14e0ee5a4cf7a8517bdeeb1489f62130

SHA512
e2dc98566370bdebd53c85c6995d3c8db2361012bace0d369596748cff650c154213318beff823123bae5a96d5428c915df1187987209ef25374347c87275047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
9af29a6587638ea3abba64a77a5372a5

SHA1
38f54a265794ba7a3fdc6b73c73e0c15082d665b

SHA256
39032465c244e603f3a9bf5a2f15bd2a0b14142c24e50380230e241f93b07cd5

SHA512
8254b92011f8b081f2c381ee1904dcf463bd5d9e750d2bb462fe63b56ac6cd0ca13650d0c12d7795bc2daeeead6d9041572e799a63e1c6959db7660ee621e580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit