hxxps://lp[.]constantcontactpages[.]com/cu/dmXOzj7

Resubmissions

13-11-2023 15:38

231113-s25jlsdh65 1

13-11-2023 15:35

231113-s1ea2adh56 1

13-11-2023 14:35

231113-ryaz6adb5s 1

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
13-11-2023 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lp.constantcontactpages.com/cu/dmXOzj7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133443633267374319"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 808	5068	chrome.exe	84
PID 5068 wrote to memory of 808	5068	chrome.exe	84
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 2184	5068	chrome.exe	90
PID 5068 wrote to memory of 4632	5068	chrome.exe	91
PID 5068 wrote to memory of 4632	5068	chrome.exe	91
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92
PID 5068 wrote to memory of 4332	5068	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://lp.constantcontactpages.com/cu/dmXOzj7
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedbdd9758,0x7ffedbdd9768,0x7ffedbdd9778
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1900,i,8988822297051121462,4045576005830263160,131072 /prefetch:2
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1900,i,8988822297051121462,4045576005830263160,131072 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1900,i,8988822297051121462,4045576005830263160,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3232 --field-trial-handle=1900,i,8988822297051121462,4045576005830263160,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3240 --field-trial-handle=1900,i,8988822297051121462,4045576005830263160,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1900,i,8988822297051121462,4045576005830263160,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1900,i,8988822297051121462,4045576005830263160,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1900,i,8988822297051121462,4045576005830263160,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
302b37c8bb843675f5d0f5c6d30f0a54

SHA1
fd524ba3ef280125755429302976cb7571cbd89f

SHA256
f61f9ddc22a0336bfecfef2dcad428f5d1608ed53741c2438bb80489f6c1e08b

SHA512
0acc69f01c4878daff2f93b5fb6ccdb2a0af14a05d2052d513c06ce1da264ea53ee06692c8f85d8510c49b51f7a9d381c0299e0c9759302b7244700633250c7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
19b9667bcd51ea7666e52fa6fbdc3daf

SHA1
7ddf68fe80d60fa3cf0015c4f95736bce24b411d

SHA256
45a68966b739f1170612c1040f307a429ec7e455d94b4528db0d065b3ff080d7

SHA512
0f05d49e4baa380882933cf24a0496e8e933d6aa6cbe32bb0016d291cbf255ff9bf1a3ca85cfc8a9dbe58c82f1b7a1050d7aa5e597dd4ed24e98ef518caf39a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b2f10068c8e13b29948e3276896b5350

SHA1
b8c4c6e8eb012033a4f15aff8adbe15af126f843

SHA256
0a25130963cd73fe85a4d7b82b90ae8f3c212bd83bdf889400bfce0f0c2864b5

SHA512
ef0c0dd2591c0d55ea6f29b7d7c6a5a041ae15ce2ddff37d05d20280282068ddc1155e2c4b2cc699ac620dd0ff35d3cd78e5e4d6258e96825af5b4ab5cc1aa4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
fae04168ca0ba9ae5cc7c76fd2b65fcc

SHA1
349b0f0991d2ed399aca39213d4582866a7ac9ac

SHA256
19a59db82bb902479a51a8f6fad9dcd92b5d4ee65c241e166cae8ea678bf763a

SHA512
6939b52caa2b062a4d482f71b944373cc013fbc4d6aa7b23effb6051a70736ad0c265002080ee9331c1fdfa35a1b40f36721721280f411f52fec9f7acfd1721f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
363a5c6ef2a08d6988c5c6581d142859

SHA1
2625759f941f64a5d76f3dfc87e20622f224a520

SHA256
d5642222fc99636583bcf9adef8355a3628ee1ee21b1572db30cdbebf4802a1c

SHA512
4981cb59c99450f89c40534cdd1913e31c3c2aef13af8c7353963d5a2b4cbcb748a91c1c52e6519ec2319b1d5471c059b9862240c64af9a923f89ada5b9b7f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
ed378d002f4b1ccae2ebe651b44da3d5

SHA1
a2c5ea3d23b70431676e15cb87920433c6341908

SHA256
b1d1eac103a00bd7bc9c8f2ce96281c62c744c012bcfc08b8380d3545ad73c87

SHA512
ff0c4996fd71053873e7d276f9bf0da4e88a80c9babf3c206ca966d76b386d78923726f269af58a6b9a06967a1ff85b35fbce7b152097c7d80c911c8e4711888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit