Overview
overview
5Static
static
1a1s-root1=...47.eml
windows7-x64
5a1s-root1=...47.eml
windows10-2004-x64
1download (10).png
windows7-x64
1download (10).png
windows10-2004-x64
3email-html-2.html
windows7-x64
1email-html-2.html
windows10-2004-x64
1email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1Analysis
-
max time kernel
299s -
max time network
270s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/01/2024, 18:53
Static task
static1
Behavioral task
behavioral1
Sample
a1s-root1=email_banfield_2024_01_24_18_SMTP-att-1-4TKsFW22b9zsRb6-2024-01-24T18_00_47.eml
Resource
win7-20231129-en
windows7-x64
13 signatures
300 seconds
Behavioral task
behavioral2
Sample
a1s-root1=email_banfield_2024_01_24_18_SMTP-att-1-4TKsFW22b9zsRb6-2024-01-24T18_00_47.eml
Resource
win10v2004-20231215-en
windows10-2004-x64
0 signatures
300 seconds
Behavioral task
behavioral3
Sample
download (10).png
Resource
win7-20231215-en
windows7-x64
0 signatures
300 seconds
Behavioral task
behavioral4
Sample
download (10).png
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
300 seconds
Behavioral task
behavioral5
Sample
email-html-2.html
Resource
win7-20231215-en
windows7-x64
6 signatures
300 seconds
Behavioral task
behavioral6
Sample
email-html-2.html
Resource
win10v2004-20231215-en
windows10-2004-x64
8 signatures
300 seconds
Behavioral task
behavioral7
Sample
email-plain-1.txt
Resource
win7-20231215-en
windows7-x64
0 signatures
300 seconds
Behavioral task
behavioral8
Sample
email-plain-1.txt
Resource
win10v2004-20231215-en
windows10-2004-x64
0 signatures
300 seconds
General
-
Target
email-html-2.html
-
Size
17KB
-
MD5
7e28d0529515828717c3a637cc1a5dc2
-
SHA1
0b11630073187178921098d48636d111db220b93
-
SHA256
fa4fc3d197ef5cefc3656aefdc84ccc704e06ff24f09e38faa78ec92d2d1d353
-
SHA512
7665f5e53dd28d9efc82ff5dfbf1f811dfb9df48c9f3c671b45392e291e8c306bf621c223cb50ffaf764958439dd4d93d1d840136589610b07772ee7262d8c36
-
SSDEEP
384:PJ2ZXyUNHPB4hNrO6fqoK4j5/PcLdSf/0/n3fzZD6HPBjDCnIIIIIdCvB3x+h:PJ28UNHPB2O6fqoK4j5/PcLdSf/0/n3y
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133505960419622616" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1296 chrome.exe 1296 chrome.exe 3848 chrome.exe 3848 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1296 chrome.exe 1296 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe Token: SeShutdownPrivilege 1296 chrome.exe Token: SeCreatePagefilePrivilege 1296 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe 1296 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1296 wrote to memory of 988 1296 chrome.exe 85 PID 1296 wrote to memory of 988 1296 chrome.exe 85 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 4300 1296 chrome.exe 87 PID 1296 wrote to memory of 400 1296 chrome.exe 88 PID 1296 wrote to memory of 400 1296 chrome.exe 88 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89 PID 1296 wrote to memory of 4808 1296 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1296 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9714a9758,0x7ff9714a9768,0x7ff9714a97782⤵PID:988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1692,i,1774895869596445059,16962522923496544127,131072 /prefetch:22⤵PID:4300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1692,i,1774895869596445059,16962522923496544127,131072 /prefetch:82⤵PID:400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1692,i,1774895869596445059,16962522923496544127,131072 /prefetch:82⤵PID:4808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1692,i,1774895869596445059,16962522923496544127,131072 /prefetch:12⤵PID:1248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1692,i,1774895869596445059,16962522923496544127,131072 /prefetch:12⤵PID:384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1692,i,1774895869596445059,16962522923496544127,131072 /prefetch:82⤵PID:4056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1692,i,1774895869596445059,16962522923496544127,131072 /prefetch:82⤵PID:3620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3780 --field-trial-handle=1692,i,1774895869596445059,16962522923496544127,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3848
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1980
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
824B
MD58b61ce81e2cf4dcb4c1d28f2caa18f2a
SHA18b75c6f2853d695425cd0ddba0327229d26b6e9c
SHA256e1efdbdf8914c3410e938033f986139cd2f23173846c1f19c5ae7bd08922a942
SHA5123129a8e2ca17178abaf170d59254e6ad83c2c47c16b8e583164f1c3f378b269868bfd737ff8807156a17ba201f3cb8d78b380099dbf67d334e187c44823a6f35
-
Filesize
6KB
MD5deb1021b29f591141124555618001ece
SHA11a2a3b851482af8dff6f869cef607c11595e807d
SHA25689aca4574641bc8450dd6342c01149a66e1536aa7fbdaf755c96b0e0dfa5881d
SHA512ee9882c1c440a9a5095c247a7e1e11e21012294e65304d11ddb756989824126bb034440c8bde44039d87743803adedc0f2728b358efbd44ba6e3daac5bc74564
-
Filesize
6KB
MD5f8dc96ef0678e5c9c93225990fff8ea8
SHA12735f383ed00d55029023936fb77a38bca2045b4
SHA2568cef8cdca79b8808805d7ceecd8e2738c261362fc5eb299d15bd0ab428edc9f0
SHA5127e14dd322de8f342abd1d908d1704bec5bf56c6fe67ac1f8ba091f8d181e9633496139e607b3ff893ce5e2efb006f520a268fe8fef812dbaf612f9b523d33313
-
Filesize
114KB
MD5d507c668d66d587747df02126e6d19b6
SHA189f7daba462e2d99366c477f737b8d1d9118110a
SHA256bd933781d9cbfc775eae313ace80354f4f3ed8718317a3febf385d701abbebdd
SHA512456b7bfd483d566480e8d457085634c203caeee965d7a230b603efc4896b6574d4733e565871cfa7737b3a5442cf57cc5c07882a2e8cea8027da3beb6f069228
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd