hxxps://moneytalks[.]us8[.]list-manage[.]com/unsubscribe?u=84c535d167453f001a986f996&id=9d0d3899a4&e=8e44ec0ed4&c=786495c776

Analysis

max time kernel
1s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://moneytalks.us8.list-manage.com/unsubscribe?u=84c535d167453f001a986f996&id=9d0d3899a4&e=8e44ec0ed4&c=786495c776

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 3056	2372	chrome.exe	14
PID 2372 wrote to memory of 3056	2372	chrome.exe	14
PID 2372 wrote to memory of 3056	2372	chrome.exe	14
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2640	2372	chrome.exe	24
PID 2372 wrote to memory of 2712	2372	chrome.exe	19
PID 2372 wrote to memory of 2712	2372	chrome.exe	19
PID 2372 wrote to memory of 2712	2372	chrome.exe	19
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23
PID 2372 wrote to memory of 2456	2372	chrome.exe	23

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72b9758,0x7fef72b9768,0x7fef72b9778
1⤵
PID:3056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://moneytalks.us8.list-manage.com/unsubscribe?u=84c535d167453f001a986f996&id=9d0d3899a4&e=8e44ec0ed4&c=786495c776
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1372,i,1328879172897728978,7082640680272100305,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1372,i,1328879172897728978,7082640680272100305,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1600 --field-trial-handle=1372,i,1328879172897728978,7082640680272100305,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1372,i,1328879172897728978,7082640680272100305,131072 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1372,i,1328879172897728978,7082640680272100305,131072 /prefetch:2
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1468 --field-trial-handle=1372,i,1328879172897728978,7082640680272100305,131072 /prefetch:2
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1372,i,1328879172897728978,7082640680272100305,131072 /prefetch:8
  2⤵
  PID:1764

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
15KB

MD5
7ad3dcee83e7200f3c30af7bb41aefe4

SHA1
b8a9679e72d12cf50c2bfc10ed45e457e41a0e8b

SHA256
6fcb8f41ff4dcc1ec1992901c9f8dcc5528a63f46080343f909f179a74e64cf7

SHA512
36c70530a72675b170f383bc8094483960a564ce836dd475400966b8f1625c761f5d6bd8cd7d058f95fd100476b7a7e1cf2942de10286c910f3f21f5be639726

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15f8ca00aa5bfa1e37ff4aa9990643cd

SHA1
47b3bbfde2f34064f9a574f396cafa79e09bb2c0

SHA256
91defa93bba49eb75676334ff1af654542b355a83fe6ff6bc1ac64f2960330c3

SHA512
908d6890b9d75814be7aa668d6cfabe5d9bc4239777df3fa36f330a5393706f8d1ccdfe039ecb6d52d1e782b49efd1f19a03a013eca8745a81c016e350acee42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7b1540bb963210428ce411758e00bfa

SHA1
b44d5b02010e5140b152754a0a581033ff0749ed

SHA256
0b9f6a1000ef81eff4865369b7ee2cba625f3f959eee6044967fc4b5112d942b

SHA512
bd82445666964189bccc1a8679a10799a3f005c4a53782f36ee42352464d4301454f1c5fe98fa6a19481c32e1b103361bd93e170acfb4a04ef512c55a80c2b0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df2586f3cc40a71631400ca8da8e53ab

SHA1
422b4b1aa56352e197795520ad927a75cbf8c121

SHA256
f0c2d0c1f45fbc2feec4db3962369cb2dafdd235ca1bd9ac243c5583482ebdd3

SHA512
2cfa74b0f3817673c1f4899892834b9ae352261893eaa9673b39bdab70beef655f7bb8b55367b483205b1b032d50d77e4d161f1a39ac111f153dfc63774ba22d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c2f2e6181e48f36e144059f8e2aa3947

SHA1
615c6af88b66d0d0706b02a4f1e9eb6ed1f057d1

SHA256
571ba0fc85f643aa98201243b18f7e3c5755bc971f4e85019e4343faf523e85d

SHA512
270a1e9762ba59f0521518cb2f844544eee844001661eda0595fecfb23d8b337f0c5b4baead9c1bd7983ea6ae1379bfdeceec4626dc423a0721ed02cccea3f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6bf55889a09fc088bb95fb2b3c058329

SHA1
e2fe19665fc2634e79bd675e4a0c0c7729ec572f

SHA256
ffc482fd339ec1bf3a705069ff4ad61c1bc6ee9439004abb51a34fdb1c90356b

SHA512
a4ca8f11e45ea8de1d9e90176097fc809a9f980c339e80aa59d9b4049f18efe79177be4e53f7b69924f9b354bb8ea1acee53b7e17bc59049015b41e6cc91458d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
63KB

MD5
0a1c683e66dd0a5e9a4fd8792a31d820

SHA1
e8a2281c02d3e495cdc98bed60eb93b78f310ddf

SHA256
3cd842feca5e6ed87b9985941a038743d0330211bd4333207609387a84ebbcb6

SHA512
b6933b7f7ce666dc347ea4909e02a1f3bfa3729c8de5f05cf1a8f2deb7fb31ed60f0b317ed8f10bfd7fe1d3ec87b74ccb41c1df672587a01eba40f924c538b15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar106A.tmp

Filesize
11KB

MD5
8a656cca5c8c074c935da9a6a6202dec

SHA1
222afb434ac5df7eaffdfae5837be70e51aa0f6c

SHA256
656c8345e56646d90981d4769cb9654c562c7d7f6a0beb1dcac2edaea8020f82

SHA512
04a74cbe2808509f55a7a729f2ef21a3e534842c6ee0d64aa4dd3a25239ed5d49e0d1d8c1ae812e0b9cb96b33b8c89583fba274ed58090988466573e7c9dbe2a

Download Submit