Resubmissions

19/10/2023, 19:35

231019-yarrbsba5w 8

19/10/2023, 19:31

231019-x8swlsce34 8

19/10/2023, 19:25

231019-x4yw3aah4z 8

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2023, 19:25

General

  • Target

    https://jpmchase.secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=hosttohost.clientalerts%40jpmorgan.com&p=2691bdd5-0780-4cab-8a18-5a3e5d3f3b62#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2F2691bdd5-0780-4cab-8a18-5a3e5d3f3b62%2Fdata%2Fmetadata&dk=3Tuy8Y4fcDr88VrVw5UEjojGL0xJmkTPRL1aRTUXhcM%3D

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://jpmchase.secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=hosttohost.clientalerts%40jpmorgan.com&p=2691bdd5-0780-4cab-8a18-5a3e5d3f3b62#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2F2691bdd5-0780-4cab-8a18-5a3e5d3f3b62%2Fdata%2Fmetadata&dk=3Tuy8Y4fcDr88VrVw5UEjojGL0xJmkTPRL1aRTUXhcM%3D
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5068
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7299758,0x7ffcc7299768,0x7ffcc7299778
      2⤵
        PID:3620
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1636,i,12565061187850724937,16024639035842437334,131072 /prefetch:2
        2⤵
          PID:1680
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1636,i,12565061187850724937,16024639035842437334,131072 /prefetch:8
          2⤵
            PID:1636
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1636,i,12565061187850724937,16024639035842437334,131072 /prefetch:8
            2⤵
              PID:888
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1636,i,12565061187850724937,16024639035842437334,131072 /prefetch:1
              2⤵
                PID:4324
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1636,i,12565061187850724937,16024639035842437334,131072 /prefetch:1
                2⤵
                  PID:2296
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1636,i,12565061187850724937,16024639035842437334,131072 /prefetch:8
                  2⤵
                    PID:4120
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1636,i,12565061187850724937,16024639035842437334,131072 /prefetch:8
                    2⤵
                      PID:2488
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1636,i,12565061187850724937,16024639035842437334,131072 /prefetch:8
                      2⤵
                        PID:3680
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4576 --field-trial-handle=1636,i,12565061187850724937,16024639035842437334,131072 /prefetch:1
                        2⤵
                          PID:2308
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3204 --field-trial-handle=1636,i,12565061187850724937,16024639035842437334,131072 /prefetch:8
                          2⤵
                            PID:3828
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4676 --field-trial-handle=1636,i,12565061187850724937,16024639035842437334,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1284
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:4720

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  408B

                                  MD5

                                  8782b4651d5684ff477bb896365644aa

                                  SHA1

                                  8a72518030b482a2d06117a67b8be598fb05ad6c

                                  SHA256

                                  afc9784757578603688c782c9a731ef5fe67c54b2a3e3d51a81bb3c612fa91e5

                                  SHA512

                                  02d52871d1670c587b980e2d39173eeb0b6f1034a9c060f8845f819da7a6cf8939351e282afd0308e8e5fbab0b877cfbbef95dbbf7660f88cbac489f9dfe078f

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  216B

                                  MD5

                                  aa9249928f95e9887567b61019853ce2

                                  SHA1

                                  a65d4f53c1c59a8de64b5b8c72d7ddc1e68f3ade

                                  SHA256

                                  1ad74adcae5a3e75109fc18e169cb08529a15f4117135bf6d7a3ccd6ebb893e3

                                  SHA512

                                  dcf78d91970c9f5f72bb5f1fbfc5a6d14ad52d287c03f99297f747152f8ce09da08cb078442daff39b6b5f26a756634377241265e4d91952da4e05639828881a

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  3250cdd528072b277c13127a1c8253c5

                                  SHA1

                                  9ad22090420d80391b4a28ffce819389c7acf642

                                  SHA256

                                  37a6f4839b0f4b5055b32e2d08b09a56401a48a56ed81feb1a4adf2c95be1367

                                  SHA512

                                  585a2170802d02de07770f3b7f730b7c28f0d99f8e4d362b048d86ab6e0e94cee3532b028521811d351947f97f7a9a187be8262cbbfd92cfee4ac4bca1b260bd

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  c51965a2180129c1c2c5dec2c5106c64

                                  SHA1

                                  9f38d664f239f9eb4fc19c7fd0387a7f7c6e8dda

                                  SHA256

                                  3934586fb8b304cb44e6d0bd5bfec485792db0ae8cedbcf260ac5c02cde1042f

                                  SHA512

                                  231b797fdce1ed00aaf90423bd7cb49142ab42eb6483c2f5822ae733b443b0f9d2d7e37992ba647c7446458ca1113b3bb93a118084ee1fe8108170848a99051c

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  1511c7db35cb58c72011af3af8243de8

                                  SHA1

                                  e48994da195d0a3b5afa2009959e1f4fb1bcb2b7

                                  SHA256

                                  ad3005bda1c363b3348bf915581ffa513c8692905d123a47ee88811ec3f469ca

                                  SHA512

                                  994f3aba8040ed9dc1743dee4e35b729cf3d78465a33dc09fdb4730ec7159ef87f0fd2b12c11c3f4c84147d3264ae347163040f60819c6de8a2985d664b1e5a0

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  ad204f7d00a5625832004c279e028f07

                                  SHA1

                                  191d1f61f4bc7e66137a6fc35740c142e1daba15

                                  SHA256

                                  78e5fa9ea8cdb41778f1ad1141dca24aa55592c30845bcac38bca242187dfe1f

                                  SHA512

                                  52fc842a930e22f9ac3ab3d6e7ddf4aefa0127281e11be95a01784d3381302a9fbf2b1adb19b4d11cd24da39a3c4ec5a0acd7d524d2a080df6c43d59fceddf15

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  d24ba57c0990a89a921a468219e2a72e

                                  SHA1

                                  b1d2ae7ddee195bf5c77de55d74dbe926a2eb568

                                  SHA256

                                  f012e4154751ad6b94813d58d74542d56a0f362a2b7fd1ef23724a24eda62cf0

                                  SHA512

                                  e6e298d08e204b0878673e4cf73f734230830c716af2a5f79d0b6df53d9aea50ea33e7450b486eef79468f552d3dbe7e8a62e94c958d063d559f77b6c2543643

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  97dcb246e94d9585634c2ce93f1e95ac

                                  SHA1

                                  0075ed805fc6507765219118f02d1622b2be3657

                                  SHA256

                                  1bd761c2c1f5a3abbcf4fda44636e2b63dbd17af050b54caebe6aa93741cc88a

                                  SHA512

                                  37d66c787b415e01f91fb84dd638fe117dfa1c048a96621f096ca7182dbd0ceb4f66b53b903051ab0dc8968757af833d4c63ae375bd71ab97fa4e3f0cec571cc

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  7c24fc9d513adaeb0edc1b22231f534c

                                  SHA1

                                  977b58762f7ebf78c384b7297cce9538bb1da6f6

                                  SHA256

                                  059a21fbd83e8618f5be7f3cd863d7238e7868fa4ae10c4dba7438c9a808da29

                                  SHA512

                                  9d7ea756c60dc3395e9b405c9ea8149f852c3446c739b75663bbb8c7fb01da1377222d2ca5a10371c164e176cd9abad3999b7334acfe076ca8387367cceaf18d

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  4a7d6d14ddaa6d2c49eb32bfe8656a98

                                  SHA1

                                  74855aa80d2f7a0f3694c114e8494b88c3ccce8f

                                  SHA256

                                  2198a7e3f4be18e030729c7ec1b09cc8ddde3d49a05cba8531371e6401969b97

                                  SHA512

                                  1d85f1104c5fba462528f45e92f8213a2c86ede941fab9b3d2fc29d255aed976cb182949f846f88d717f576d9250489d6c7516eb88160be5b1b5aa873bc8b6f5

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  19d5a0347d34a3b9ca7f84d68e7d52fe

                                  SHA1

                                  efa1667529cccdcb8e4a4b4535fabc378147c281

                                  SHA256

                                  4d36af259ca479e0c48b8430e5b9354783e28a91fb969ae689713164ebcc2b1d

                                  SHA512

                                  146e9dd1f9f15960e42cd1663e828c1b5db29e18d6c700b93380e762f01308b112fd851665213a64e7449ab02f26f8a3018554bfd25957520247257d292c677b

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  a5a1c6c990b651e8ba46bb05614db61b

                                  SHA1

                                  b2b08d3ee0916aff57a0c6b9ae8e2fa5d4626955

                                  SHA256

                                  c81ead85dc58fe781be70eeabd31ef612253e1892c20cd3e1be77e1f18b68b01

                                  SHA512

                                  a6bf17d6c823a075fac738b1bd3e105b4697f0ad085ac9621c51b946fa2878697238e70ac58a4a8a09919170d94b9f471d3293c1306843075de4ed3624902017

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  101KB

                                  MD5

                                  dbb64b70608b9b23cc27f6078d84b2dc

                                  SHA1

                                  855e7927bf83ee3d77e15a822fd1ba9e5caa5f37

                                  SHA256

                                  fac7afd14666a3dc49cd0c869f3f44965cbea70ee487edd9f0eaea6174e50ba3

                                  SHA512

                                  c24a3f6b47f37f92e1a7ee6f374e9b171ab64d2ce8c119d9e1e73820e39322b8272afb0a9ab27551f9556a4036516f0010edf87c16b70da3db6f2d96ec1e9e6d

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                  Filesize

                                  103KB

                                  MD5

                                  9eefcee90daf94f5d290750e45f2ba52

                                  SHA1

                                  8c389fa8bf2bfe365c6a02ae498473b9218e1114

                                  SHA256

                                  4c0d8adcbc0844293e83ec5336e95f9e627d3d4765fc335536ab62f543b1022f

                                  SHA512

                                  dc0efb4035a7d88659bcec013637a5f856771a8db3d68e04ebc419d2fb08afc558fe337f910187104e3853a9d31f81717b51a667ec84fcc1b03e38f112d6cd99

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                  Filesize

                                  104KB

                                  MD5

                                  9f3d3f59cbb74200185701a19bef5617

                                  SHA1

                                  bfa2a10a3760e4dab54fee0700b941cfe2b54cfe

                                  SHA256

                                  139583c7df70b62f84fb98c8c41b30e9deab90a3fc49bad23a96e582d0373f2b

                                  SHA512

                                  ad49f72f1ea0920b57f028db4e9d9cde910a8c9e4afddc196443b71ba93a69ab3109beb0597fc804149a3ac716bb4f493e86b3e3c38044a6aea6e1ce89bc1e68

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582a57.TMP

                                  Filesize

                                  101KB

                                  MD5

                                  b750720664470825d0cb7297603f3c18

                                  SHA1

                                  34e3d4b599472280f307f9ccdf05d99eecabd98c

                                  SHA256

                                  27afc6349d26835246ece2d74ad340246c6739b53fa72b368b9d33a3f032b7c1

                                  SHA512

                                  04deb83ea201db8bce80a4df1954bd82b91d9799b35275d67c95e2fb04dca893a6a0d3d5f9fcd3c9cbf6b2f647ea3200a331dd5343a6f48c2b73b6ff9484a742

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                  Filesize

                                  2B

                                  MD5

                                  99914b932bd37a50b983c5e7c90ae93b

                                  SHA1

                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                  SHA256

                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                  SHA512

                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                  Filesize

                                  2B

                                  MD5

                                  f3b25701fe362ec84616a93a45ce9998

                                  SHA1

                                  d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                  SHA256

                                  b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                  SHA512

                                  98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84