hxxps://na4[.]documents[.]adobe[.]com/verifier?tx=CBJCHBCAABAA7lPz9K4CaZ0B0-rlZ7TfF7cJ7a8SlhLP

Analysis

max time kernel
30s
max time network
160s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/01/2024, 23:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://na4.documents.adobe.com/verifier?tx=CBJCHBCAABAA7lPz9K4CaZ0B0-rlZ7TfF7cJ7a8SlhLP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2640	chrome.exe
2640	chrome.exe

Suspicious use of AdjustPrivilegeToken 56 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2088	2640	chrome.exe	14
PID 2640 wrote to memory of 2088	2640	chrome.exe	14
PID 2640 wrote to memory of 2088	2640	chrome.exe	14
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2824	2640	chrome.exe	25
PID 2640 wrote to memory of 2592	2640	chrome.exe	24
PID 2640 wrote to memory of 2592	2640	chrome.exe	24
PID 2640 wrote to memory of 2592	2640	chrome.exe	24
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23
PID 2640 wrote to memory of 2904	2640	chrome.exe	23

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70a9758,0x7fef70a9768,0x7fef70a9778
1⤵
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://na4.documents.adobe.com/verifier?tx=CBJCHBCAABAA7lPz9K4CaZ0B0-rlZ7TfF7cJ7a8SlhLP
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1196,i,8760853547740908693,9869021644226537715,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1196,i,8760853547740908693,9869021644226537715,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1196,i,8760853547740908693,9869021644226537715,131072 /prefetch:2
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1196,i,8760853547740908693,9869021644226537715,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1196,i,8760853547740908693,9869021644226537715,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1336 --field-trial-handle=1196,i,8760853547740908693,9869021644226537715,131072 /prefetch:2
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 --field-trial-handle=1196,i,8760853547740908693,9869021644226537715,131072 /prefetch:8
  2⤵
  PID:832

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
625b38bbfe5a1ab2449a726ff562c1f6

SHA1
af1da14afb9a25f57ca2e22db74509b112cf4104

SHA256
b113bf5f1060e03a16aa08a328f7fde11f904b64b4e7c0e518bec538ac1fd166

SHA512
8b8b5a16a25667191bc496e702cf24ff184b2c7286ca7d94be347fda43ea6eca4815dd68d8ed5954864ace43315fa69651216785cb337edbf5513bc7f1d84f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b2614cfe383931e8a903f620343222db

SHA1
8eaa0ef5a81fe0283f0a56e99aca73053a0bf9dc

SHA256
f2c4266740ff70017fd3af2784c284ed81ab9dd73dd40a84571e78419dff7aa9

SHA512
4d499705b175bc4ec8f6fd0be1dddc23369622e01bc2a2da839b56f5407eb4f20b7710df8b460520ab1cc4cee86340bcacb90c4c11b4f462c5919bb99aa55078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
47f682137ad25050cc6c4f6c0ca33d03

SHA1
70021be40e745b8d299a64f18c138a9bba8fd4a2

SHA256
fb6e022f8284e3e09104e534e2ca48bae003fc55cd059ff64edff17b4c2b16bd

SHA512
4278cca5df017c8dd81095d9609628c3af17f41d2fc1a5df92988af0ea416069f0937998750800a87dec1ce2adbe17daf764a57448655c8bddbbb9b9d3f3f819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
229c2d41efb5900e652fddcdaf30b8f4

SHA1
e28e7a0ef1fd760f60a7911ef1c0be1dce500588

SHA256
6fe74a393b5e3ac8681192121c200806e6ebad271ea9c6d99c1799a08e91e8bf

SHA512
6715b5ba2685c04ef1ebd8d35f147cb6ab1713b0fceb25d61267a49485139236579630fa57b022b8d4b5eb45a6ee67c0060258d0fd7df7602adcfbffd11af504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d6f15ff4-f2e1-4283-acd2-8dfb56289196.tmp

Filesize
4KB

MD5
342cbaf1c59aeb4a60aa37018c779277

SHA1
6e96dcb8c2028e3473a411c4472c1fae99b06645

SHA256
dbb3e050d073821af303885b786c65ffb712248d39e772a4e205a67140750b84

SHA512
01359b0f5e55adff04d2331e7ae24f8e615ec6e5bbd8adb4503de52fec39ec5a5530fe4807acb9bcd6ca780816bd1b785acef0360e15942eadba66784be70435

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6E6E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6E81.tmp

Filesize
137KB

MD5
2b0c3a276e82db2d109b0686289b3b86

SHA1
516dc85a24c842205362a351b32073349d747d52

SHA256
c4fc71c4a4839371254b2cb83a6a5b3cb20a2503b2f4f9e968f0f806cc54efa9

SHA512
339f79258cf4b56745e62726686b114f7972334a1f65ab824c012f5b73163852b11f407590aab5d6d4ed03cd5dba2f0c7b9c6c5b77a88ff05713ffd847a5694f

Download Submit