hxxps://outllook[.]d1y9k0mekn35mg[.]amplifyapp[.]com/#bnNzcmVmZXJyYWxzQGN3LmJjLmNh

Analysis

max time kernel
56s
max time network
55s
platform
windows10-1703_x64
resource
win10-20231023-en
resource tags

arch:x64arch:x86image:win10-20231023-enlocale:en-usos:windows10-1703-x64system
submitted
31-10-2023 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://outllook.d1y9k0mekn35mg.amplifyapp.com/#bnNzcmVmZXJyYWxzQGN3LmJjLmNh

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook
Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133432428440717882"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 2912	2584	chrome.exe	58
PID 2584 wrote to memory of 2912	2584	chrome.exe	58
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 4264	2584	chrome.exe	74
PID 2584 wrote to memory of 3492	2584	chrome.exe	73
PID 2584 wrote to memory of 3492	2584	chrome.exe	73
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75
PID 2584 wrote to memory of 3916	2584	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://outllook.d1y9k0mekn35mg.amplifyapp.com/#bnNzcmVmZXJyYWxzQGN3LmJjLmNh
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8c9019758,0x7ff8c9019768,0x7ff8c9019778
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1824,i,7864213047041927788,12096917039430380702,131072 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1824,i,7864213047041927788,12096917039430380702,131072 /prefetch:2
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1824,i,7864213047041927788,12096917039430380702,131072 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1824,i,7864213047041927788,12096917039430380702,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1824,i,7864213047041927788,12096917039430380702,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1824,i,7864213047041927788,12096917039430380702,131072 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1824,i,7864213047041927788,12096917039430380702,131072 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1624 --field-trial-handle=1824,i,7864213047041927788,12096917039430380702,131072 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1824,i,7864213047041927788,12096917039430380702,131072 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1824,i,7864213047041927788,12096917039430380702,131072 /prefetch:8
  2⤵
  PID:2284

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
32a2ae29941efd81aba47527a4cd1aec

SHA1
aa8d9c9799fa6fd6bdcbfd4b6aac381894e34267

SHA256
9293e68206b4dce856ea66dc4d10c34b2a48702e9bac92a6bb6476cbe464e68c

SHA512
1236653d0e1ecb19b6990be5da544048e522ab9e263a690ba3762e5df64f2f68afeb26b052ba9487f436dc3e8090e9cc65a233c6f98f5c173433d7abc3bd0833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
155b06e5a6e28d31ff0909477556b2dc

SHA1
701055db9b903f9cf9f5a3f2b1e7a86e7997e0f7

SHA256
cd7dcaa7d7a142abc95aa9fb93cb4c2e784adca1997dfaa074b9bc3b99969372

SHA512
fbb02f76e87b0543d013bbf18171891f56c5f99303146e6896dbab598af0f8bdc409958906a65d605aba6c219e6e93542e4938e14d20c420ef6390e335e7e50f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
a9aee17b9c8b92f8ce8454f2dc2af13b

SHA1
92a23fc12b1a4d92ab547f18e7ef6c3291ece523

SHA256
21ff22af5fc006ac86d6431c6b180ec1e6e0880d36eac48061782c1f1108385c

SHA512
71edb22e81439806b4e886f5d363a4c800c8f117c1977deddf721c5eec0ed7e88dfe86ef3833184acbd69b281b0589b945ceeb4ced1b8175f9cb61ceb650bacb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b7281f16572670615280eec68ddff42f

SHA1
8954df1a770529e12e63d756cb0b4d39cedd65c8

SHA256
0990068197841828c1e0eff4a9f6f6a538fd986cbd55cd50de1d76d9e5a988ef

SHA512
7cc14e9f5344f4ead0d00770d7c1cb5fd7020f0c235aebd76d90179017f0ee48de0d19377ae32c594613e071e72c6dcd0c23d3f412e71c724443608d4d2aec88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5b7d50b42e214a3a96d03eb7aed9a38e

SHA1
150e456152c819302b1d618b03fde528feca5bca

SHA256
a2a3aff2b033d81d7534156d6688e35c202b8317c37a6235b13efde02e1c661b

SHA512
df8485628a97696d5317867b516f6974e3b3bba0d7ba14db66522ae97410768bcc21b4e74a86b71a2bd26d4238270432f2a0e21bc6c16460fdc8c87a0cc165c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
12491b492c2fccf00fcd0e7af66ad256

SHA1
47d56dc8a5a45de6f26831f842df175dbdc7ff16

SHA256
ca66c30570228135a0abbfd7dcca674ff044147a394306ea42b5937ae4fb4a20

SHA512
d9292cb0660b88389a28d5214ec0f2313329e60bbf1e9e238d0490ff11803f2fd356cfd41986f57cd8474ad3766a149669ecc86610cee2c16602f82b7b1c830b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
111KB

MD5
084172976f8028f15d710c110cca10c9

SHA1
0badc9b1614e0439c1f834f32a4e8b867a22001c

SHA256
76f133190b1a399f0c8aeea6e1384ad300502af48926f54f57458038230e977c

SHA512
9250682b93c4c8a75588e351089418a10fd7ac293e25e46a22107841f6cd35cddab41785a8273fe1e3fb54f462d21de684d1ce51f72ea8ffd27f4c5f6ba15d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
110KB

MD5
804955009af64d4320e81a342b18fb4e

SHA1
152a24b63f6ad851c282b3d684d7a7aaf5a03218

SHA256
a272e446f09eaef1e620feae9caa7f449ea8ace6328dffaff08b96ddc831601c

SHA512
b222a2b296b6a653ae2a7d2565bc8ba6dcc98d47c7be54336b552649c46c61bf7d7ffd34e3a50036979cfd9f49e3a45583744ffe2a08dafea05a3677a62a3b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit