hxxps://email[.]whitepapersgroup[.]com/k/1A2tqKZ2yVtovF4xzrKMFpL

Analysis

max time kernel
2s
max time network
22s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 15:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://email.whitepapersgroup.com/k/1A2tqKZ2yVtovF4xzrKMFpL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 564 wrote to memory of 4048	564	chrome.exe	18
PID 564 wrote to memory of 4048	564	chrome.exe	18
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4792	564	chrome.exe	84
PID 564 wrote to memory of 4348	564	chrome.exe	85
PID 564 wrote to memory of 4348	564	chrome.exe	85
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86
PID 564 wrote to memory of 1564	564	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://email.whitepapersgroup.com/k/1A2tqKZ2yVtovF4xzrKMFpL
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffde669758,0x7fffde669768,0x7fffde669778
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1900,i,3716154380106509436,12021973412744064974,131072 /prefetch:2
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1900,i,3716154380106509436,12021973412744064974,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1900,i,3716154380106509436,12021973412744064974,131072 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1900,i,3716154380106509436,12021973412744064974,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1900,i,3716154380106509436,12021973412744064974,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1900,i,3716154380106509436,12021973412744064974,131072 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1900,i,3716154380106509436,12021973412744064974,131072 /prefetch:8
  2⤵
  PID:2268

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3f21c62f-3283-4e2a-a832-6d5dadb8d414.tmp

Filesize
130KB

MD5
f9fd81c6ef1e8accaeab212b2f96301d

SHA1
7f8718780956ff42b72b274ba9a6431e6f37fe5a

SHA256
f74c791cab1104ccba95f17e2976ca81a360a5a144fd65985a39f27df218ea98

SHA512
724c017cce14ffa1ae01ede2818952b7fc349bbb51eb71d68d6ff7e898da488cdba2cb732dda3747707ad2a46d07c0a6a7253237c2216bee6d30447966ad0e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
953B

MD5
7413c1e34a65d4e1882131abf91eb0fb

SHA1
6533b224619dc588bafcf9541e0fb5c9160c28e4

SHA256
a559ff76f89e67780aaf3fdc0428e2fb246989937c660b3a23eb37c5dc7d3458

SHA512
80810e5d2292432900e6eb1781a6bc10e34f586bad3c5b76f75ba20e23ff57f3f006563c8c320a9a673f5270b78716c26855d055caf700d5791a2a5ba0cf73a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
11c380f0a947b8c2ff495a73dd10f5be

SHA1
b94d099afb833e1f590c7219bd5825db35bd686e

SHA256
d8af7269f6352077445fa8607cc6ee6029e90133e637a1f0551d421799961913

SHA512
befc31b78a27013b94dfcd9403c7902865972e3f7703cbcf682c3bc0860f7eb70dc879711fd8bfbe2ca73e4316ff1e936d9a10c29c7c7c892fac47c5729ac06c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cc36fcece774df5fa85873dac40a6854

SHA1
043eb1d9a92616eee9f9f53cd95ffddc2d279479

SHA256
5394d1c66f0aa6e78e3ad429eda43c59b1db2e83b54b3930908db3f0e231e7c9

SHA512
74f5ef2f1f65a987bf8d0042bcff7dffb458b4a93a1498108bbd24fef995af75dd8dee00c806bed6c013ae4d609a42f0324155cf392542e19bd4c03f03fcfe40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
2c215cbc33606239be09504b6d0f4caa

SHA1
c5619ad3815a015f27baf11dcd4ff57d0844b471

SHA256
1d007fd1fb51583b2cd2463fdd58107ca3b72941d607ba45fa0cf9da9b0c4081

SHA512
f574c78eaaecdc97a41865834ccfffaaaf54a1c6127accbc96aaa55f0b6131b117d9dbc3d41a24d2631f081d82a6aebc0f2773281e03dcba621ef24b6eeb0a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit