Analysis
-
max time kernel
149s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
02-02-2024 23:28
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale=nl_NL&~tags=version=1&~tags=marketing_code=BSH3675&$android_url=https://play.google.com/store/apps/details?id=com.thetrainline&hl=nl-NL&$android_deepview=false&$android_passive_deepview=false&$ios_url=https://itunes.apple.com/NL/app/thetrainline/id334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=alfatahtours%E3%80%82com/.mandem/uaryfait/Y2Jyb2NrQGxvY2t0b24uY29t#%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E&e=5359720045&elqTrackId=khclwagxdtnavykgzffy&elq=7##char20##&elqaid=208402&elqat=1&elqcst=272&elqcsid=1506365
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale=nl_NL&~tags=version=1&~tags=marketing_code=BSH3675&$android_url=https://play.google.com/store/apps/details?id=com.thetrainline&hl=nl-NL&$android_deepview=false&$android_passive_deepview=false&$ios_url=https://itunes.apple.com/NL/app/thetrainline/id334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=alfatahtours%E3%80%82com/.mandem/uaryfait/Y2Jyb2NrQGxvY2t0b24uY29t#%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E&e=5359720045&elqTrackId=khclwagxdtnavykgzffy&elq=7##char20##&elqaid=208402&elqat=1&elqcst=272&elqcsid=1506365
Resource
win10v2004-20231215-en
General
-
Target
https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale=nl_NL&~tags=version=1&~tags=marketing_code=BSH3675&$android_url=https://play.google.com/store/apps/details?id=com.thetrainline&hl=nl-NL&$android_deepview=false&$android_passive_deepview=false&$ios_url=https://itunes.apple.com/NL/app/thetrainline/id334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=alfatahtours%E3%80%82com/.mandem/uaryfait/Y2Jyb2NrQGxvY2t0b24uY29t#%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E&e=5359720045&elqTrackId=khclwagxdtnavykgzffy&elq=7##char20##&elqaid=208402&elqat=1&elqcst=272&elqcsid=1506365
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133513901053868677" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 3584 chrome.exe 3584 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe Token: SeShutdownPrivilege 4960 chrome.exe Token: SeCreatePagefilePrivilege 4960 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe 4960 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4960 wrote to memory of 3968 4960 chrome.exe 15 PID 4960 wrote to memory of 3968 4960 chrome.exe 15 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 5116 4960 chrome.exe 38 PID 4960 wrote to memory of 628 4960 chrome.exe 35 PID 4960 wrote to memory of 628 4960 chrome.exe 35 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34 PID 4960 wrote to memory of 3312 4960 chrome.exe 34
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc414b9758,0x7ffc414b9768,0x7ffc414b97781⤵PID:3968
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale=nl_NL&~tags=version=1&~tags=marketing_code=BSH3675&$android_url=https://play.google.com/store/apps/details?id=com.thetrainline&hl=nl-NL&$android_deepview=false&$android_passive_deepview=false&$ios_url=https://itunes.apple.com/NL/app/thetrainline/id334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=alfatahtours%E3%80%82com/.mandem/uaryfait/Y2Jyb2NrQGxvY2t0b24uY29t#%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E%3CFONT%20id=%7Buaryfait%7D%3E%3CSTRONG%3Euaryfait%3C/STRONG%3E%3C/FONT%3E&e=5359720045&elqTrackId=khclwagxdtnavykgzffy&elq=7##char20##&elqaid=208402&elqat=1&elqcst=272&elqcsid=15063651⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:82⤵PID:3312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:82⤵PID:628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:12⤵PID:4324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:12⤵PID:4656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:22⤵PID:5116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4664 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:12⤵PID:3116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4880 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:12⤵PID:4708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:82⤵PID:4440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:82⤵PID:3380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:82⤵PID:2124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:82⤵PID:400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2468 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:12⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5492 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:82⤵PID:2768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3948 --field-trial-handle=1868,i,1153712056838278055,10978596898632485572,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3584
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4172
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216B
MD56973770f0fefc858af327ea64458eace
SHA1f0f79e424a24a9152f7f8d24b3ec49ad5653bf81
SHA25658e40b8d9b588047b065246d479fc90dba87cf9ddf5b60e94d7efe2063e79d6a
SHA5127edd3c3bd09dd84025c98a07187d956db3b5d584972822ad935f8f338a80e9361865b1cce1f5105c1c5cee2378c47c60aaaf8b19a1df1bb9a13c7540c394c681
-
Filesize
1KB
MD597229076ddcd77788ca95a519368e83c
SHA188b74c5a3bce2ae0dd1bf4bded628d38a49b6521
SHA25624029f4e71b5f8c62f733d08d8a833606ea5684ced79dc83417e1bee0d1a7c43
SHA5124a2d35876c7175078f1c75f74f523b2167690e8f91cc6d5537ad7b193b3ffc2d748c50aae9e4dcde404c2dc69086b57e213198068e8eb860fec5a7e566a78331
-
Filesize
538B
MD5619745817ef2e7219ac02f70e22c31c5
SHA1939c5b345867938d35ee337efabeda73ad2fa78a
SHA25623068a42b9a8173ddc2f4ca8b4f7c5fc1c619e11ed6c2bfb5f741908820512d1
SHA5123db7e75267fcbed73b2aeede50a00ab290598c62fe7619c3161ee9aa02f5efe014bff3981cdc2fda0cd1b6cbe2ef1042d589433c1240ea0431958b64c5f8be40
-
Filesize
1KB
MD5eaee6ab474a3461423936ed49c872d3a
SHA19f52b141234472c333067e82d86f20893c905f1f
SHA2568a7e00a02f97f02e1b006995a1a2308d1715ee07939a6300f549229d17ddbf9c
SHA512203d24df64ed30b7fa8464688fee47e70108b981a419bf667bf511cdf1f2fbb92fd1135e075aa6628a5b3806af50773bc8dad7694fb90859b7ec8809319e1493
-
Filesize
7KB
MD5f66ef7f937d3ee6d5c290826fb0af83f
SHA10dcfc76e98567c0956de134cfb63d1a9a5a425b7
SHA25688a7ec17b3245f399275221680a44a3cbfba51fde96bd9aca40fb35e8e93cdd2
SHA5125f636d12c2e6d7a05cdf4e8aeb8f1e6e295ad9c7fefaa0beb1a1225d2068430fe8668cd074ce97f0ebed4f054dfe9e431a6e4d4e6a3227c27444b88e6a52df7c
-
Filesize
6KB
MD5b43cbd151d384407e31bb6606c473715
SHA127bad3fa5b669aa3610ea6df795720193a2349a5
SHA256f810f5755bb8bc4bdd63e345c7e9d28c13ad6d0731335c430f5ca0b73e1d34ff
SHA512ed9c47a00f64dc98611444a945e95e10976960ae0160dd6bd44f31baed2f163a7e2090db3bc2047ce5c4f76043fe5a055ab85c261889d6f44dae2c59ee04a759
-
Filesize
135KB
MD591b5d3cf91cfc3a25115192da4e44727
SHA12d00a104245e17a28fb5fb2e1c30ca7551558840
SHA2569b19c9dbc810e9ee56b368e77990d15e90569d2d9f5b5cbc7939dbbd7c62435a
SHA51251c0da537263c1e8fdadc931c2e9447358b55e182adbec5695a880150e242b59798b841b7a3586bce7cd97d9d80b16c0d4d5d4de357a760ede58e7cde7f0c420
-
Filesize
115KB
MD5b8fb91e69b3cd5e774dd99483b8ccfa8
SHA1e16d3dbd4d3e0d71f48ab3555966d05d2400e95c
SHA2564926a00c6d2985e87e7ae16cccba8e59ecc534862c1d6e92ed58b3bbcdd1c602
SHA51295ee874b40fd669c5ab0b0aaef71e9a7be6cecd9cc1dec921fa624117fc0e48de61968b5ed0def30a02ed146894fe51783a59eea3ba0fd051d8b13eabf087d37
-
Filesize
115KB
MD57fafb18053adb7a0347b46392fe566af
SHA1b2f65ec14df0f7ff92705c6f762a8f2784f26297
SHA256bea7f13747874a43e31b8c7b6e192a69c34aa8221f0c865d9633ab0cd9dcd14a
SHA5123d6bfe75f75e03c95dc94887a25f4c66b57e98b89585623ae6c87f635abb4ca6c188c3438a294ee0e1e1733ddabc1c26c048d2ab9404a0e649291db867621027
-
Filesize
116KB
MD5c1086ec805639f5163f17cae0e301ea1
SHA1f4222947c5c27cfc959ac5e978198d39b2975ebc
SHA25651f6677b49d2c651bb53199c0ae7b78e4d19666a2c59650aab865b35d987ba25
SHA512fa240d0ad9c9c63de02c137b7d0c13d45a7775def7f321e877bb77f5c3e944e64ada11ea98d0865c90b56844acca019fb1c19baf13afb6bc580d55f8be11b604
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd