hxxps://farhansiraj[.]com/sendy[//]l/SZs8c1n5JEQZ763leKhO68929A/CdcNk5PNH5qNSBAuOxswkw/M1gOZ9yjIBjkn1etdxQv0w

Analysis

max time kernel
0s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://farhansiraj.com/sendy//l/SZs8c1n5JEQZ763leKhO68929A/CdcNk5PNH5qNSBAuOxswkw/M1gOZ9yjIBjkn1etdxQv0w

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2072	2384	chrome.exe	14
PID 2384 wrote to memory of 2072	2384	chrome.exe	14
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27
PID 2384 wrote to memory of 2448	2384	chrome.exe	27

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbeabd9758,0x7ffbeabd9768,0x7ffbeabd9778
1⤵
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://farhansiraj.com/sendy//l/SZs8c1n5JEQZ763leKhO68929A/CdcNk5PNH5qNSBAuOxswkw/M1gOZ9yjIBjkn1etdxQv0w
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1856,i,8551008738571022961,3402482132336125292,131072 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2812 --field-trial-handle=1856,i,8551008738571022961,3402482132336125292,131072 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2804 --field-trial-handle=1856,i,8551008738571022961,3402482132336125292,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1856,i,8551008738571022961,3402482132336125292,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1856,i,8551008738571022961,3402482132336125292,131072 /prefetch:2
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1856,i,8551008738571022961,3402482132336125292,131072 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5184 --field-trial-handle=1856,i,8551008738571022961,3402482132336125292,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3764 --field-trial-handle=1856,i,8551008738571022961,3402482132336125292,131072 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3896 --field-trial-handle=1856,i,8551008738571022961,3402482132336125292,131072 /prefetch:8
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3756 --field-trial-handle=1856,i,8551008738571022961,3402482132336125292,131072 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1856,i,8551008738571022961,3402482132336125292,131072 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 --field-trial-handle=1856,i,8551008738571022961,3402482132336125292,131072 /prefetch:2
  2⤵
  PID:2780

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4188

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x520
1⤵
PID:5420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
53c891028d9c0e41a86146c841d5a732

SHA1
0033ead0abb543cf6d3fe6024fd99ad9e8908add

SHA256
ca9e6e2fe62c678511db84d036bcdee0e01b9766d3bfd752d3e31d85ac7e30e2

SHA512
8b81a2ab2b27b96996ae434016f15286db8305b6d42434df7186596a565deb231d808ca00aba7b49ea4e2a892c3898ae92f4f78f439fadaedf88cafc794f4398

Download Submit