Analysis
-
max time kernel
299s -
max time network
270s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:32
Static task
static1
Behavioral task
behavioral1
Sample
a1s-root1=email_banfield_2024_01_25_16_SMTP-att-1-4TLRgQ29l4zJmsx-2024-01-25T16_51_46.eml
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
a1s-root1=email_banfield_2024_01_25_16_SMTP-att-1-4TLRgQ29l4zJmsx-2024-01-25T16_51_46.eml
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
email-html-2.html
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
email-html-2.html
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
email-plain-1.txt
Resource
win7-20231215-en
General
-
Target
email-html-2.html
-
Size
15KB
-
MD5
01627150ea7deccb38d2733a9dc96c8a
-
SHA1
ed7e3087128c57c3756eef2737cccf5064ebdd54
-
SHA256
61e4b36529a542d601b972729047126ee42ce0bc43090656ab9dfd2746e5a31b
-
SHA512
c033b2fb1332c3c4342788bfe3ab34c12ee9859f8348d55cfbe020128a51a8351542b0d80fcfa368568eaefa8636aaf1a159bb29804ce9562b87e46e59821b6f
-
SSDEEP
192:X9+qJPa+X2C9xuzIpYrVignH5hTd7vdwzk2usk9Z+dKAu:xJPZX2wxuL8ChTdBwTusUfN
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506776170154009" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 4236 chrome.exe 4236 chrome.exe 2392 chrome.exe 2392 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 4236 chrome.exe 4236 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe Token: SeShutdownPrivilege 4236 chrome.exe Token: SeCreatePagefilePrivilege 4236 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe 4236 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4236 wrote to memory of 1876 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 1876 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2016 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 692 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 692 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe PID 4236 wrote to memory of 2304 4236 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecde29758,0x7ffecde29768,0x7ffecde297782⤵PID:1876
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1856,i,15115401519917667710,5115833500914338684,131072 /prefetch:22⤵PID:2016
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1856,i,15115401519917667710,5115833500914338684,131072 /prefetch:82⤵PID:2304
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1856,i,15115401519917667710,5115833500914338684,131072 /prefetch:82⤵PID:692
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1856,i,15115401519917667710,5115833500914338684,131072 /prefetch:12⤵PID:4820
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1856,i,15115401519917667710,5115833500914338684,131072 /prefetch:12⤵PID:2164
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1856,i,15115401519917667710,5115833500914338684,131072 /prefetch:82⤵PID:3628
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1856,i,15115401519917667710,5115833500914338684,131072 /prefetch:82⤵PID:748
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 --field-trial-handle=1856,i,15115401519917667710,5115833500914338684,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2392
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1108
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1019B
MD5c99308a93099478cde7082ab3f88c454
SHA1c9852ac860a92a65772a6f11b927f215ab9bc0c2
SHA256b65c7726efc13cee65af077a66826bd800de372880f6c5bba31757f165808cc4
SHA5125ddcd77ce735c34f5e0f01174e50c6b15381b71d4ff899ca36b3aec744e4a465eb6d7c4f11d6b14e483a18dc0f0350d996aadb71444adb6d0c54cce215fe657c
-
Filesize
823B
MD594193615eb39a154f225c8c6a641e65c
SHA11d7bdde5a96073a3dc2ca034b3143ccc5a642e62
SHA256988998d9f49458e6e1aeef35de36ebc5c235ba14bbe3a45e6385cf8310e1b8e8
SHA512b1685d7ba5d9561676e09c9cb2f24fe0a2771bfdfe65fc8bc53030f5e3c6c464d8e48e359f74f9b13cf7494c423b7c323a6790dda0ca9074964a10bdd9bac4c6
-
Filesize
6KB
MD59314f5e788eeb991963cbe350d98e6c7
SHA17b74d50fc4dee77ece24bf5eda681e58489a700a
SHA256d26f3f4cd08cc493fd0ee20056d2d161ef12f2952555afa0d322865afce61dec
SHA51271a57737fd7bba6af2239ed6d9235485ccede14c002b36ad585ccc60ed214e308791c0d0d0457b79d901188c3d1c9d27d64f045f35c098ad83283cd03dbc2d6e
-
Filesize
6KB
MD5d12cdcfa96a8479e102b91e72ab564d0
SHA182cab65cae7ff5cfd90a2fc90aa47576a3fc8b8b
SHA2560e64adcb4ff93d5503d660a1004b3950252a11e8a11edfe43beb23883de249e1
SHA51295df3ed8e43f095e6358fd8413916cde6cf50d5cf1ef08803789f151a505fcc1c478293d476fa9f61fb856b02b5c1978f74a45de85c0011782590ad7c48b46df
-
Filesize
114KB
MD5706549932b8cf550149bf1afb8ba8a30
SHA1f0f41c3c21e971743dc32a33e556b755c98f91c2
SHA25630f6b3684fb17ae523f1f51d91b79188020c071b1fb66c57a827d54fd25424e4
SHA512e8c6b7e0eaf552c1d26b8c7d606c7a427bd3d51d2a37e8496460d7f1b3e50b5a27f2d77c6065c7797e9d81b75f6029e30ae42008a00e0a5a030d2154da6b36ef
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e