hxxps://app[.]invoicesimple[.]com/v/7NAYepXVCe

Analysis

max time kernel
0s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.invoicesimple.com/v/7NAYepXVCe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3520	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 2308	3520	chrome.exe	16
PID 3520 wrote to memory of 2308	3520	chrome.exe	16
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 5048	3520	chrome.exe	30
PID 3520 wrote to memory of 2548	3520	chrome.exe	28
PID 3520 wrote to memory of 2548	3520	chrome.exe	28
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27
PID 3520 wrote to memory of 4920	3520	chrome.exe	27

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8702f9758,0x7ff8702f9768,0x7ff8702f9778
1⤵
PID:2308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://app.invoicesimple.com/v/7NAYepXVCe
1⤵
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1896,i,17977895699579598371,5445155828185277500,131072 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1896,i,17977895699579598371,5445155828185277500,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1896,i,17977895699579598371,5445155828185277500,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1896,i,17977895699579598371,5445155828185277500,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1896,i,17977895699579598371,5445155828185277500,131072 /prefetch:2
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1896,i,17977895699579598371,5445155828185277500,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1896,i,17977895699579598371,5445155828185277500,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4652 --field-trial-handle=1896,i,17977895699579598371,5445155828185277500,131072 /prefetch:2
  2⤵
  PID:1952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
53ce11c2fac71a47c1193615069c97bf

SHA1
da93d15886e987c401eeb3ae87db6278ab36920b

SHA256
9c21bc24a9f39eeafec597ceb99113d0956dc0b6b6cdfb18c3a5cd0cede2a43c

SHA512
5aadad872f3a5890865f14d39aff5d65416e9e7f08b8341679f8390faa631cf99330d933c8481baff60ac0e84d46362f9146fedddbba27af5f5a25795e6edaad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7a7a8c10080013bf06d83ab1c607c43e

SHA1
3270ff11554cf2a6d188d4bdead078ee28e8bf3b

SHA256
8208b548c4e4f41b5aec9530abbf2e370437d08696686bf4a07f7eb01343286d

SHA512
b2d8aea87a30c3187f8328efb6c32414e1d4a5092fb808912edd597df1e6542b682e8f4066478fdff316353645682e833e566f5f5be8d25655fe9a4d92338e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
06508aeb5705819e06d72c023fc2c17c

SHA1
68b88a2e8409fa596a402de1b625afaa6d239140

SHA256
c3b6cb87a3f60c180e7b2c4cb1d0702f9fc56c48b9d6372f563a98f889899432

SHA512
9fe0955f167aede397579def369c44a43c42e387edafdea56cf98997f5df58ef1c19114f72ff08a9944bf6d45383ac55e311f24f80e826d7d4ba876c2f189ed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6bd721956b3b1df36fac92bb7e5c312b

SHA1
1973b9dd7f5929cff6c42c3b639ebecbee599192

SHA256
9d9edebfa87d77dce5f6623fe366bb8298d722a3f0e8e7752bf57b09130030b7

SHA512
7d434aba84884210bf554cd40f5183febbbe6489a008cc1ace559b305c35afaf56b0d8594ca4bfda03075e7968c45802294db3e3afb8ef69ad90a09f4dc21a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
0b9cebac7623a08ef0a1b333544fa0ab

SHA1
ef65a691f9669f936a4b33666f135dc994d8bb02

SHA256
7088b695babde057b0c634c51feb3a0006831705fff95ef429374327393df287

SHA512
2676778930f36da0b059785ace7685aa200e40943736a73cba51fac11e11f0188c897f18facad899b49f3e16bde904b259166d8c089ce85d981abb7924f90d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit