hxxps://reporting[.]integralplatform[.]com/uaa/login#/setPassword/resetPassword/bpn4mf4p7namek2b1t8q81eirk?isAgreementRequired=true

Analysis

max time kernel
1s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://reporting.integralplatform.com/uaa/login#/setPassword/resetPassword/bpn4mf4p7namek2b1t8q81eirk?isAgreementRequired=true

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2172	chrome.exe
2172	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 1708	2172	chrome.exe	15
PID 2172 wrote to memory of 1708	2172	chrome.exe	15
PID 2172 wrote to memory of 1708	2172	chrome.exe	15
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2592	2172	chrome.exe	28
PID 2172 wrote to memory of 2860	2172	chrome.exe	27
PID 2172 wrote to memory of 2860	2172	chrome.exe	27
PID 2172 wrote to memory of 2860	2172	chrome.exe	27
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26
PID 2172 wrote to memory of 2840	2172	chrome.exe	26

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d09758,0x7fef6d09768,0x7fef6d09778
1⤵
PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://reporting.integralplatform.com/uaa/login#/setPassword/resetPassword/bpn4mf4p7namek2b1t8q81eirk?isAgreementRequired=true
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1340,i,12110188122714679262,6683994583436804329,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1340,i,12110188122714679262,6683994583436804329,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1340,i,12110188122714679262,6683994583436804329,131072 /prefetch:2
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2204 --field-trial-handle=1340,i,12110188122714679262,6683994583436804329,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1340,i,12110188122714679262,6683994583436804329,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2792 --field-trial-handle=1340,i,12110188122714679262,6683994583436804329,131072 /prefetch:2
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 --field-trial-handle=1340,i,12110188122714679262,6683994583436804329,131072 /prefetch:8
  2⤵
  PID:1736

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\53ef97dc-8d96-43f5-b025-2144f067a398.tmp

Filesize
5KB

MD5
c2cb1b5e1a1ddf50886f720b3a84f830

SHA1
659d099212a61e6bbd3fe4fa1bae0ec384e416cc

SHA256
3f19f596aef56e922a9641f66def7e34d2d84a8ba0d45f658c0802afff0fffd5

SHA512
ea8269efd44dafe16b596785d04092c4ff6f07b45b9151d05316ee5fdf74594acb83b5a0d04288dcaa02d00e20ec757e481190ba378287b6ddea0e0de18f681e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
75KB

MD5
55d93dceb6801c58954732b93821a0d8

SHA1
8ea6146a3742db75a371ad543aa49a42649ffbbf

SHA256
b1b754473f8321aff2bc3b762ea68587b2623a3ee42a8aa3aae177c095251139

SHA512
024f07bf266c0a31727fe8102c09cdbc951ac042b3d81e11c06c1676c5ae28db2ce179fd374bba24a2f6c6c208c5f77fde5ba41884d8ad22e0f1ca59b11b3910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8b5f45fca9d2b0723bbfdeca7a8c4ddd

SHA1
103facf732dee007de88b334d28cda2e801cfd2c

SHA256
c91907f0116ee5b1b6910fa5f9c504afc996985167eb6906dce291d5b498826c

SHA512
195b6ee5b8641712c197397f89aaf69bb52a76ec2540c38f3376bf2f0ab8d70a93754f1a41cc9090cec876bf316516eae85ebfde23ab89ea21b4219fdbe8f1fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fd68b71854f45a036a04284723e00116

SHA1
5d8cc06f4788f9bac714fa9ed7ff602734f41e34

SHA256
a3417b97ea4b0be46806b99333463a3b153bbe72983a23a50e921c45649f2208

SHA512
fc1644e1afbf9316bf20887c4fe6dce2e78b8dc9da3507244c6c43c75c4656657e6419b18c89cef4304e8706499433caefd655a674603823b978aec9784d0cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
385676f8568ad38a57bbc51ac594458a

SHA1
dde87bf13f898aac2ca286c1493523e87ebc063f

SHA256
fb78f45112e7beabd829e371d13d596ba18a53d31609b16e6dcd454d5c4e606e

SHA512
5fb134f199caa0045e948e560aad7d64ca338f0ecad20de18b1170ed5c2bbdf40334fa1d631641584cd9a6e289292c1aff4d9811478aecb77478f14cf013e827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
65f81231ac53880d4bf3106c9119e5d6

SHA1
13e40c8c1bb242dce5fbd29087bee089f34da64e

SHA256
0d4bcb48d856c18f93f8b071e715769a976f11497770a8491230325a8ac833c6

SHA512
17d9f809b7231bba673985c736b4a6e90ed37e3df19ce23dcc61e082f19982e5011a4878cc1f24cdaacb1734050fe6637991f061bff1c9fbf08b04ea06f67f9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
aa629fce4f4664ff308f004f0bbf5b96

SHA1
c88b1126a9d16d596d289856549a440af4d21fd0

SHA256
4b4ee5e701578d71da2b1fbd724c78d1ed4286cd653e2e3e06774f2e3c7433b8

SHA512
8ae43bd1bd1af2a9c5270ace98b42bf5d98918dff5a4500794347530653fd170293604dc8c52efda16dd8fd12e6ae5e9f3e57cc4ae4fdccad211a0fd5968483a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
595ca3baba450dccd302381169a6e32c

SHA1
38047c6ea02e76973567f471aebb8158353f092b

SHA256
cb2bb6ca5432f043c9dd3a4bf518d0276aef4a8a0ed1ab99ec155270135c0273

SHA512
2d93fb40da462b657be9cfd7ee10df6b04b50a063fbed9b9845e38400cf0bcda62ef84573503e6e8b3734cf16147124f4484f4b7ff8c29466783030ac7672cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAE3B.tmp

Filesize
24KB

MD5
1684401d9460c176deb83ce6108e9d6e

SHA1
f5d7b550b2a07366dd330ec29f8f6d0497655e25

SHA256
d07a4243af56acafdd73e86a2b25f149ae8185783612563a5ec4233216415134

SHA512
42ab90511fcc40b13c879c00ff1899e2671cd99d315078dcd31994dbff8481627f3d4096864b7669952d3f32dad691421328409a27bc69d76ca3bdf3e4abb9e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAE4E.tmp

Filesize
23KB

MD5
2c1c9af137cf38602959142ac9bba950

SHA1
2c27487d673a4a8c382297502e7261b82d602760

SHA256
3405ff33f74bfa55419e1793ccc886b75b600701f480205fc9332d73c389a590

SHA512
2c088ed5ab194c56541a494cfc83e5b9193d9df5d81ba8d01a2e75669a196f286f35b95116c3409f820eec27ab44b0a391bfb094d564fb66e869b36a29e5979e

Download Submit