hxxps://optout[.]oracle-zoominfo-notice[.]com/acton/ct/45126/s-008f-2401/Bct/g-00cf/l-00c9[:]146ba1/ct3_0/1/lu?sid=TV2%3A3DublY78w

Analysis

max time kernel
0s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
11/01/2024, 06:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-008f-2401/Bct/g-00cf/l-00c9:146ba1/ct3_0/1/lu?sid=TV2%3A3DublY78w

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2296	chrome.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 1644	2296	chrome.exe	14
PID 2296 wrote to memory of 1644	2296	chrome.exe	14
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 4480	2296	chrome.exe	27
PID 2296 wrote to memory of 3244	2296	chrome.exe	26
PID 2296 wrote to memory of 3244	2296	chrome.exe	26

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff1b309758,0x7fff1b309768,0x7fff1b309778
1⤵
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-008f-2401/Bct/g-00cf/l-00c9:146ba1/ct3_0/1/lu?sid=TV2%3A3DublY78w
1⤵
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1828,i,9694340980873858946,5438313390607776227,131072 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1828,i,9694340980873858946,5438313390607776227,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1828,i,9694340980873858946,5438313390607776227,131072 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1828,i,9694340980873858946,5438313390607776227,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1828,i,9694340980873858946,5438313390607776227,131072 /prefetch:2
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1828,i,9694340980873858946,5438313390607776227,131072 /prefetch:8
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1828,i,9694340980873858946,5438313390607776227,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4756 --field-trial-handle=1828,i,9694340980873858946,5438313390607776227,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4812 --field-trial-handle=1828,i,9694340980873858946,5438313390607776227,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4800 --field-trial-handle=1828,i,9694340980873858946,5438313390607776227,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1828,i,9694340980873858946,5438313390607776227,131072 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5172 --field-trial-handle=1828,i,9694340980873858946,5438313390607776227,131072 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5052 --field-trial-handle=1828,i,9694340980873858946,5438313390607776227,131072 /prefetch:2
  2⤵
  PID:1016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
cdfdfbdfa374d0c9c888f5f887db627d

SHA1
db80e758572e3e6fb1485bac53cda9db96f0f7f4

SHA256
9ad3c84bb6026b5dc3f70ac38c8385a448bb4fdd6f01db55f426fcb3517a39d3

SHA512
4f05f2f037d19dea46963753afaaed7329d81dbe1809589cdfd681d7e773d579004e37bf56a40c285cae1795627395a694f695c79816129b77a86446af9e5aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6eece03f6f1e2da258fcb7791d63402b

SHA1
2f45a79bf52699b6a2f8fd1b8615d4a74c83aa99

SHA256
91f3e4c5e0fd171a489d3d3d945d16b4022857547c8387bfaf3136138422dc79

SHA512
fbbc962a9c7fe10645e9a3642ca4ea7f7936923d6a017ab8b9a0deb5bea04693c2e3cfb857da98793bfb96921f3dec5625c1fb09ce787826d21fa51d94cf1d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5b607e2b3d3bede712537e00c39224ee

SHA1
92acb1e5000aa68243f5e74733e811504409fe70

SHA256
8be2eb565563a91081c514116382a0ccfaaf60b425d8ce785b3335eb955aa976

SHA512
e09dea897c78d4166486850c2e21ac31c91596a2a5e69a6d696a82fad8e86f57f4efdd0cc53e4955d7816e0db23a552a8ffb8aa8e7b37d727002b20aef2cd697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6f426bdbb7e31a2aec8be8bdadcbabed

SHA1
abb18def4dad71fa812e2966d2e3704d806e3e13

SHA256
b4324a96835eb90ed86a4ee67e75ddb7575207377d05d30b5681c6d8015d6fa8

SHA512
123fd4de99adc110b266770aeefb1861388109aa9fdf9d974d90707e440e4e1bb00408ac6f2fedbde9c45409bff60432ec01c5c3d60a0000b6ea85278c4cb26f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
234b2ffc0d4aa8f81f4227addfff8ef6

SHA1
c5d5aa9d0abc40246ab3eceac9cb2ef8cb20c43f

SHA256
b25c1b27c4a727c5374f58d3165d08acf2cb7c14452fd1d98e4933bfb1745291

SHA512
fece6c5ccb36971fa496296b2abb44f6bdcb8476b1fd374169c2d37f221d5daffe7b24185d1b2821de43f646192b03888a6b7135dc28d846f6242298828e4408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
ecc26e08c06423e9f963896c5bcaa280

SHA1
97d76ebb9a9c6879506f2940b44762f88c9a7b53

SHA256
6f51e0c67092f9cf3de77b928c3fe0533503adadae1c29da30ebc3b1e7f57b71

SHA512
5e90921606e7e55e0bbbaa2c88d52e0b11afa2727276ef3c215e5492f33d6eba61b33e9e13b7716a2276708965310f460f3e661f087e1db70dad74ac587ef6a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
15KB

MD5
11c37e3355d2bee91743c77913cd5eda

SHA1
1609b6380f45062a8128e625238109c25443b8d1

SHA256
3fff8ff2abd246dd2304f59af8ab9aa9e8f6143aa071ae3403b43b41acfdd846

SHA512
e3d23309664cb9b1c2434675be6e457626d078e2b04bf0a74601514b54fbf88962c5ba21335187b40cba7971859098aa8203dfd3d5d76111c81d24606bb1622e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57cec9.TMP

Filesize
11KB

MD5
f07df1a7d0d41ec47d89ca793967b2c6

SHA1
1011545380c9006aa74735ce7a0b8e8a4bfa7959

SHA256
ca0b2a9e04254161f66e8914dfe4f4f9d89a9e6977f912267c1508eb79e8f164

SHA512
593e5cbe9305ceb633dc9a8d08b334fa04659792504524c36b4fd3274a295737432012548d6f09481ef1f54a88050174c42db31f851d46f36bf164186b0f1953

Download Submit