hxxps://davidmac[.]hosted[.]phplist[.]com/lists/lt[.]php?tid=FpJqXHYjr0eUFGLwDW11GW+ropC/b9c4sH3EJcbK7vpHI0yoD1vT7rRwvpPjMa4L

Analysis

max time kernel
1s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://davidmac.hosted.phplist.com/lists/lt.php?tid=FpJqXHYjr0eUFGLwDW11GW+ropC/b9c4sH3EJcbK7vpHI0yoD1vT7rRwvpPjMa4L

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 1208	4704	chrome.exe	14
PID 4704 wrote to memory of 1208	4704	chrome.exe	14
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 1876	4704	chrome.exe	34
PID 4704 wrote to memory of 2828	4704	chrome.exe	33
PID 4704 wrote to memory of 2828	4704	chrome.exe	33

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6ef49758,0x7ffe6ef49768,0x7ffe6ef49778
1⤵
PID:1208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://davidmac.hosted.phplist.com/lists/lt.php?tid=FpJqXHYjr0eUFGLwDW11GW+ropC/b9c4sH3EJcbK7vpHI0yoD1vT7rRwvpPjMa4L
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2152 --field-trial-handle=1864,i,11171279552517421768,9204514003530108245,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3240 --field-trial-handle=1864,i,11171279552517421768,9204514003530108245,131072 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1864,i,11171279552517421768,9204514003530108245,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1864,i,11171279552517421768,9204514003530108245,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1864,i,11171279552517421768,9204514003530108245,131072 /prefetch:2
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1864,i,11171279552517421768,9204514003530108245,131072 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1864,i,11171279552517421768,9204514003530108245,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 --field-trial-handle=1864,i,11171279552517421768,9204514003530108245,131072 /prefetch:2
  2⤵
  PID:2560

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ef38aa5e2ddabd66d7bb7be2c9a677aa

SHA1
78d8a3c9803c473e35191e5392b80ec226e49d12

SHA256
2253c43a805eb4876c6ee03c9d70293c3e18c7991b8a26e3563605dd8b46d304

SHA512
c96e2bfca557e6b87529324124b71df5fed91859f0922152260fa11a42d40b39e932d7492b690821e87389da9a2782b5448fc01ba1de3edf595dfc4764225944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
426c81b362758a0d5a60cdb7f753d421

SHA1
9de51d965aab53350d7db3009317d7233458ba87

SHA256
6c38cc863948d64ffb3d4a3ac5bca8ca383716d0e93b3c0a39cff30b92b8b348

SHA512
feaeb8395e75caff155391d0f644bfebcbc5d6fcdc86c12c1d12d00dadb832ea403a11cafcfee474650b06a03c9b277219eb29e4540c6ed45411462a1144d4e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c0a2c2981d299e2f82826a11488d85f4

SHA1
95c0395f6012c4007025e6b31f026202d0806c55

SHA256
cd029af2e4f01c912daaa7b9104d1cacbf7e603b687ce982d22da8e5b31913bf

SHA512
175f1204a768a8f39a6f7a3e13faac5032fc338f4d1aae084577e0f66750cb9436743c378b8073e98607aa6806ddf800a2451c468096e89ea18794b87b2b5c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
28KB

MD5
b0e032cb6c682e3bc5e2e522eae31811

SHA1
0b0ff311f3a210fa7cca000c4ba1bda645ff0b30

SHA256
1cb776249639c072280f290d6a5d48ea172f0593ab7b73efbd75582e5c8edf57

SHA512
76d65e183ba0a930d9efb524dbc4b588ef3f3c34210aa8613ac3a1a1ab62177e464d4011df6dd968b7d8e01132d9b073ec925db4b563e4c52bee18b9d87693e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit