Analysis
-
max time kernel
151s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 16:40
Behavioral task
behavioral1
Sample
cert_HOU_University of Utah_3864852_8.pdf
Resource
win10v2004-20231215-en
Behavioral task
behavioral2
Sample
email-html-1.html
Resource
win10v2004-20231215-en
General
-
Target
email-html-1.html
-
Size
733B
-
MD5
0bec2faa2f36da06ed96602a60c1337b
-
SHA1
2520ed48cc814411f3e60063c621f99b9cda282e
-
SHA256
324d1bf8898ae62f98679c1076b3573ed442c840e39f9778b26592f6568b9f2e
-
SHA512
8ecec7dcdec33a906629f1b382a03fdce00104380044485bccae9ac9c9915e7af71ca10ef12197f9f96a6790023252586cada37b8420af014927daeaec2d8700
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522296382752747" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 212 chrome.exe 212 chrome.exe 4104 chrome.exe 4104 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 212 chrome.exe 212 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe Token: SeShutdownPrivilege 212 chrome.exe Token: SeCreatePagefilePrivilege 212 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe 212 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 212 wrote to memory of 4852 212 chrome.exe chrome.exe PID 212 wrote to memory of 4852 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 4160 212 chrome.exe chrome.exe PID 212 wrote to memory of 3688 212 chrome.exe chrome.exe PID 212 wrote to memory of 3688 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe PID 212 wrote to memory of 4672 212 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb79cd9758,0x7ffb79cd9768,0x7ffb79cd97781⤵PID:4852
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:212 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1836,i,4042037719316402656,10715232687681825360,131072 /prefetch:82⤵PID:4672
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1836,i,4042037719316402656,10715232687681825360,131072 /prefetch:82⤵PID:3688
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1836,i,4042037719316402656,10715232687681825360,131072 /prefetch:22⤵PID:4160
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1836,i,4042037719316402656,10715232687681825360,131072 /prefetch:12⤵PID:1964
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1836,i,4042037719316402656,10715232687681825360,131072 /prefetch:12⤵PID:1064
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1836,i,4042037719316402656,10715232687681825360,131072 /prefetch:82⤵PID:4960
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=1836,i,4042037719316402656,10715232687681825360,131072 /prefetch:82⤵PID:776
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4460 --field-trial-handle=1836,i,4042037719316402656,10715232687681825360,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4104
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3676
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD54f29413b443eeb110819b28852a11302
SHA11d91f47a8fba46b985b867da9be7e8d5d6f3c8fe
SHA256b08d9daf70d052356969e9a8610626af4c8f608eed349cd7536e62abd29009c7
SHA512c4fa19cd0d4ec39c3c7b44b4e74d73aa90e9a545b097eb4f86b28797e989dec43aaf91e5716be04bb7e72289ed258540a74ba6d49e139feda0cd7ce12606c208
-
Filesize
5KB
MD58b36ed3e4d00d6224a5246eb02f9d631
SHA1f96696b6f0d507be66272e216e871e25fbeb6cf9
SHA25607d5bfe2b44f2308afc8f9415c1819b92588b597d8e16ee7e95a2c625eff5ff2
SHA512c3368da7c42c6a63a08ad10448029b13c39000618a0d1d0a16b9617ab956badaa1f9fee2fd8d7ee3105c0d1d72f75efc646ac913da1eda2657be3bd67d0388ae
-
Filesize
5KB
MD5b9eeb94bd2de9413b1555167e39ea54f
SHA13905e629dde6295cc583d994b46975cab8e0633e
SHA256ae57778fe3ca191dfaf47c478d2a9598ef945e2ca6790c434d92ed9d37cfeb6f
SHA51240330e57714c37f15378f621d548567f6404237643f62f3b1d65fe2f97a5ceff1b5c319fb310ce4b4ba75a32e77083fa9955398166061ece377219c0da6c1c80
-
Filesize
114KB
MD51616d2a5f992fc76a2b5a4db8c541dc5
SHA149bde6b7c4308abc634c502efaf68b7ebb3602bb
SHA25624d8938ce0624deb9dd049e9e6ee7f5c36284387cf2d8abd7302b3cc36486c5d
SHA512bd53dfa061be5d2194765dce1bbdb7ca074c482148c6266b897bc27d2e1793bc39d50eebacd28d6f770c2ea9976a05028f2562a33eb734e0a69753fcb40eb305
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e