hxxps://manulife[.]nucuw[.]rest/?56=4Yotx4dHJpc3Rhbl9zbWl0aEBtYW51bGlmZS5jb20=

Resubmissions

02/01/2024, 14:56

240102-sbfgssaef9 1

Analysis

max time kernel
0s
max time network
146s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02/01/2024, 14:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://manulife.nucuw.rest/?56=4Yotx4dHJpc3Rhbl9zbWl0aEBtYW51bGlmZS5jb20=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1036	2380	chrome.exe	16
PID 2380 wrote to memory of 1036	2380	chrome.exe	16
PID 2380 wrote to memory of 1036	2380	chrome.exe	16
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2876	2380	chrome.exe	24
PID 2380 wrote to memory of 2456	2380	chrome.exe	23
PID 2380 wrote to memory of 2456	2380	chrome.exe	23
PID 2380 wrote to memory of 2456	2380	chrome.exe	23
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19
PID 2380 wrote to memory of 2752	2380	chrome.exe	19

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://manulife.nucuw.rest/?56=4Yotx4dHJpc3Rhbl9zbWl0aEBtYW51bGlmZS5jb20=
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6e99758,0x7fef6e99768,0x7fef6e99778
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1248,i,8425845330569263470,11491130917193623016,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1648 --field-trial-handle=1248,i,8425845330569263470,11491130917193623016,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2096 --field-trial-handle=1248,i,8425845330569263470,11491130917193623016,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1248,i,8425845330569263470,11491130917193623016,131072 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1248,i,8425845330569263470,11491130917193623016,131072 /prefetch:2
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1580 --field-trial-handle=1248,i,8425845330569263470,11491130917193623016,131072 /prefetch:2
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3608 --field-trial-handle=1248,i,8425845330569263470,11491130917193623016,131072 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3140 --field-trial-handle=1248,i,8425845330569263470,11491130917193623016,131072 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3672 --field-trial-handle=1248,i,8425845330569263470,11491130917193623016,131072 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1756 --field-trial-handle=1248,i,8425845330569263470,11491130917193623016,131072 /prefetch:1
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3620 --field-trial-handle=1248,i,8425845330569263470,11491130917193623016,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 --field-trial-handle=1248,i,8425845330569263470,11491130917193623016,131072 /prefetch:8
  2⤵
  PID:2928

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
adb18776b26bd5044836dd953d9c95e6

SHA1
cf80b7c003d0407483fdd0e12d7b3015262bfb8a

SHA256
cc1b9fb127a919f873f9074dbefd1017d7df8a6e8c54710311e7e97c4564e51a

SHA512
370965ce8c95620d68030795bd6dd65d5f5cc815d3bfc929039a50d60f2112022dd18566581f03db393be33c746431d044a079f8a7c591a972e16cd90b564a36

Download Submit