Analysis
-
max time kernel
88s -
max time network
245s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:32
Static task
static1
Behavioral task
behavioral1
Sample
a1s-root1=email_banfield_2024_01_25_16_SMTP-att-1-4TLRgQ29l4zJmsx-2024-01-25T16_51_46.eml
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
a1s-root1=email_banfield_2024_01_25_16_SMTP-att-1-4TLRgQ29l4zJmsx-2024-01-25T16_51_46.eml
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
email-html-2.html
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
email-html-2.html
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
email-plain-1.txt
Resource
win7-20231215-en
General
-
Target
email-html-2.html
-
Size
15KB
-
MD5
01627150ea7deccb38d2733a9dc96c8a
-
SHA1
ed7e3087128c57c3756eef2737cccf5064ebdd54
-
SHA256
61e4b36529a542d601b972729047126ee42ce0bc43090656ab9dfd2746e5a31b
-
SHA512
c033b2fb1332c3c4342788bfe3ab34c12ee9859f8348d55cfbe020128a51a8351542b0d80fcfa368568eaefa8636aaf1a159bb29804ce9562b87e46e59821b6f
-
SSDEEP
192:X9+qJPa+X2C9xuzIpYrVignH5hTd7vdwzk2usk9Z+dKAu:xJPZX2wxuL8ChTdBwTusUfN
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 2152 chrome.exe 2152 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe Token: SeShutdownPrivilege 2152 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
chrome.exepid process 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe 2152 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2152 wrote to memory of 1944 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 1944 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 1944 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2576 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2732 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2732 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2732 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe PID 2152 wrote to memory of 2580 2152 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7089758,0x7fef7089768,0x7fef70897782⤵PID:1944
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1240,i,15271034542675940167,7159507647028299330,131072 /prefetch:22⤵PID:2576
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1240,i,15271034542675940167,7159507647028299330,131072 /prefetch:82⤵PID:2732
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1240,i,15271034542675940167,7159507647028299330,131072 /prefetch:82⤵PID:2580
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1240,i,15271034542675940167,7159507647028299330,131072 /prefetch:12⤵PID:1952
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1240,i,15271034542675940167,7159507647028299330,131072 /prefetch:12⤵PID:1296
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1576 --field-trial-handle=1240,i,15271034542675940167,7159507647028299330,131072 /prefetch:22⤵PID:848
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3024 --field-trial-handle=1240,i,15271034542675940167,7159507647028299330,131072 /prefetch:82⤵PID:2208
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
5KB
MD574b1e2cc0942f263d8fbfeb52ce53230
SHA14a91db2b05b197dd8f90cd6d63982396f591f1e1
SHA256c6acf73b90256b16af9d6dd15b0974ccf6793cef28fa7f9cc2e3d7f1df2a5fa9
SHA512f63bd9004ae425ec1c336c471ba8c3a6416c1117c373163d898aff6c7a85cb939fc991e1da90a515c1c13ad02f7c21f6a78b65e40247e43b43cbb2235d888d6f
-
Filesize
5KB
MD5048b67ee2bc5245e5567b022eb09ff87
SHA1c29b4e86cea2e2efe47c1951d663f7903dd45655
SHA256e31c4e5afa688fb8900f9ea3a56b553cb9a3229862f1bdc3757a73ce9c8302bb
SHA512aecda6cf439699de59c7411844fe758f39b829837e33766ddd9d24fc7e8e411889835c5127a4852b6c05180714f186bba5ff3e8b412d150d8ff7e79a1a47af76
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e