Analysis
-
max time kernel
29s -
max time network
253s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:22
Static task
static1
Behavioral task
behavioral1
Sample
phish_alert_sp2_2.0.0.0.eml
Resource
win7-20231215-en
windows7-x64
5 signatures
300 seconds
Behavioral task
behavioral2
Sample
phish_alert_sp2_2.0.0.0.eml
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
300 seconds
Behavioral task
behavioral3
Sample
RQ3W3185FSZY.jpg
Resource
win7-20231215-en
windows7-x64
2 signatures
300 seconds
Behavioral task
behavioral4
Sample
RQ3W3185FSZY.jpg
Resource
win10v2004-20231222-en
windows10-2004-x64
2 signatures
300 seconds
Behavioral task
behavioral5
Sample
email-html-1.html
Resource
win7-20231215-en
windows7-x64
6 signatures
300 seconds
General
-
Target
email-html-1.html
-
Size
775B
-
MD5
73629986ff4d4bfb104858e57dc4e864
-
SHA1
6765a6e588bf3d6535dedf427c882c8e2c0726c1
-
SHA256
ac1e79d9352bb00b222a2130233a431717fc130f256f5f295825c73a3eb3956c
-
SHA512
a16d915f96fadf10faf6773946b27c521c46af4b656ede3d03da9b60272aa04c3f57785bc76c8159c9387a97ad019ceade3faf43f39e24d7ea71d93779da39d4
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2496 chrome.exe 2496 chrome.exe -
Suspicious use of AdjustPrivilegeToken 54 IoCs
description pid Process Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe Token: SeShutdownPrivilege 2496 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe 2496 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2496 wrote to memory of 2204 2496 chrome.exe 28 PID 2496 wrote to memory of 2204 2496 chrome.exe 28 PID 2496 wrote to memory of 2204 2496 chrome.exe 28 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2832 2496 chrome.exe 30 PID 2496 wrote to memory of 2676 2496 chrome.exe 31 PID 2496 wrote to memory of 2676 2496 chrome.exe 31 PID 2496 wrote to memory of 2676 2496 chrome.exe 31 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32 PID 2496 wrote to memory of 2100 2496 chrome.exe 32
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2496 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68a9758,0x7fef68a9768,0x7fef68a97782⤵PID:2204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1280,i,5287623400226368296,17917608851339972861,131072 /prefetch:22⤵PID:2832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1280,i,5287623400226368296,17917608851339972861,131072 /prefetch:82⤵PID:2676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1280,i,5287623400226368296,17917608851339972861,131072 /prefetch:82⤵PID:2100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1280,i,5287623400226368296,17917608851339972861,131072 /prefetch:12⤵PID:2380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1280,i,5287623400226368296,17917608851339972861,131072 /prefetch:12⤵PID:2680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2832 --field-trial-handle=1280,i,5287623400226368296,17917608851339972861,131072 /prefetch:22⤵PID:2888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2788 --field-trial-handle=1280,i,5287623400226368296,17917608851339972861,131072 /prefetch:82⤵PID:2092
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2944
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
236KB
MD5f386cbb7f322be2e8be24ea6154b05de
SHA16d376a96a51cdd8812e4674b1de557bfafc6a110
SHA256e850d4bbc548207fd7ed8f88468999b5ebdcd90b3b5853d82de7fbb25189b031
SHA512abc2c5cacd0ee61284011bace5ead4dc3b84696b27dfd9c6bb63d522252fd3705c5a93ca9a49738c245ff978afe983c1700c1b4ea340ea3c0a6d27deb2d6d34e
-
Filesize
4KB
MD57ae46ded110347cd88d55cdb2c97296e
SHA15ac6870c252c1d4e8cb70fa2998a9de5aab188ae
SHA256795fcbcdc4685e9bc0166f101cd35ac2b364e7d02952dcbdaa353c5c7a0b8707
SHA512c0b3f2068cd1a0809be0e473783fcf7fb5e5cba493ea9c5e8239ec4dc2fa55a1b61723d6890ce2487720adc65257cdbf9d25d4d36304459379d0569909157b3f
-
Filesize
4KB
MD5228191e00ef6e6fae1427aa4761ab215
SHA10e60559105e863fae02f1f2fd3858eb63f013fb1
SHA256ab2351f24464add8adec410f9dd7cb4675ad7e60eace185350df2d1d84686fb4
SHA51229d09de92e94d2f3de2fad3b3d7700bf75319e664ce691134e880dea3f0fcc305875d317b0588efaaa54c77c8a0d17d1bb6eff31ff10ae901af49f7239d762ad
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2