07de8c7c95f36aaa1a89ed983c83404dcbbb058a88b83092773951cb039b6da2

Analysis

max time kernel
3s
max time network
27s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
15-11-2023 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PAYMENT-MODIFICATION-ENROLL.htm
Size

709B
MD5

2d49e038fb0cc34399d404ead89db462
SHA1

89f601c31ac5ff246db7e71ce5aab316f8a7d320
SHA256

07de8c7c95f36aaa1a89ed983c83404dcbbb058a88b83092773951cb039b6da2
SHA512

62d43dfb06a96ba2207a011962266fe65a68f63b1731bd684bf4c6d69d66c5323d26305aac30d5098da605738fe7f12d4b6dad7d6a411ca7c55a96f289c16f4d

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1744	chrome.exe
1744	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 2040	1744	chrome.exe	28
PID 1744 wrote to memory of 2040	1744	chrome.exe	28
PID 1744 wrote to memory of 2040	1744	chrome.exe	28
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2848	1744	chrome.exe	31
PID 1744 wrote to memory of 2856	1744	chrome.exe	30
PID 1744 wrote to memory of 2856	1744	chrome.exe	30
PID 1744 wrote to memory of 2856	1744	chrome.exe	30
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32
PID 1744 wrote to memory of 2624	1744	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\PAYMENT-MODIFICATION-ENROLL.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ed9758,0x7fef6ed9768,0x7fef6ed9778
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1392,i,3791962793543007448,9470166280397300841,131072 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1392,i,3791962793543007448,9470166280397300841,131072 /prefetch:2
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1392,i,3791962793543007448,9470166280397300841,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1392,i,3791962793543007448,9470166280397300841,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1392,i,3791962793543007448,9470166280397300841,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2812 --field-trial-handle=1392,i,3791962793543007448,9470166280397300841,131072 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3800 --field-trial-handle=1392,i,3791962793543007448,9470166280397300841,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1392,i,3791962793543007448,9470166280397300841,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1392,i,3791962793543007448,9470166280397300841,131072 /prefetch:8
  2⤵
  PID:1716

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68a552cf1f1cfed2c2aa426fb53353fa

SHA1
321f4dc61a03cfa2285cbdee42dddad977356293

SHA256
e79d745ce79a2aa112bd9f011a445f00d5e0e8f7657e70388a226e3dc94a836e

SHA512
7e980b9bab28d9ab20c1b6109035d2a16f99b5c1648629c6edfc59cfa074eb224c2426c20a890e99b6d6fc63cf8bfa58822b17923871c142167fa7ce4e350052

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fc15bc1a8242d412ded4aec3bebe109

SHA1
4dfac874fa0ab58403bc2eaf45d45a3be022fba2

SHA256
e4be4f24d16db4940be3d88eb2186afd269be9e11d166756146a89afe3fb0ae5

SHA512
6160fd976895bfebbb0bf5d8ae8da9d09b2ad10e0f1d1ed4f58357e5f5404131b4b1990ecd9a9bbf070306a8942a059bbdaee7d86c6cdc88c5e88d030f9c93ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14a01c9aad1cb6c22582a709c93673d8

SHA1
a252fe652c080240c1a9c339402a5e1a7c276bf0

SHA256
5f9bc08f5b1be5ace1064e6fb1250e1ea1f502ca456bca7b13e6c686420d87e3

SHA512
4980bfcc862bdecb280ec2b19b8ea783f0b628884103f936802412e5148263a4c282af5ebd034e618a32006806eb2d2c1f96940e9bec98c39f033bdeaec9be46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ed222e30f39244934a29515fa8325a6

SHA1
ce182143398acd901d059d05f8a36b99476b70af

SHA256
f558c2ddc0c627f7041995f524905d3285ccee6b17e6efc9060023fb5ccb5336

SHA512
21716909993269846c09cf650cd853e9d0747c32b84779c726f948a15b48cca898171fdb539954975bb6fa24c70dbf40084362a73c405fa2edc62eb9b7ff0f0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
215KB

MD5
d3f8b66cf336f5a3ee478b9c69fc46a5

SHA1
3206a25380c688804bc5f8a1a361d95b338d51c0

SHA256
50da3b3aa800d386c234f4a9e54f39b8aa30c24ef99a60133f8d185c16d5db73

SHA512
d26b1ecb1dfdb65e828732adc5eb2c4b7bcd9388e33274f9528050ac8d63522678793c0c2dc6e68722cffc86b32ae021dd8a7df75ba312630604cbe7aff7f19b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4839.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4993.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit