58b438d10bbe60ba8e47175c7405d9963694410461fe88bb63fe33a8506ab491

Analysis

max time kernel
69s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-1.html
Size

1KB
MD5

be6499098c4b180d14f916e42d19c29e
SHA1

517f7e99e254cc420b2efb209ff9ba542b226e66
SHA256

84fe45c0599187c505dd133237487036956712017410ef363f60cbed3d7341eb
SHA512

c10e20481e4ab722669c5e1c4529a93c75956a2012749cfd71373d786253f3a89790b6309c8132b2f342b0b3d767df59cd45106814c1e0bcf0232336990b4f2b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133535344560949290"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2632	chrome.exe
2632	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe
Token: SeShutdownPrivilege	2632	chrome.exe
Token: SeCreatePagefilePrivilege	2632	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe
2632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 1720	2632	chrome.exe	85
PID 2632 wrote to memory of 1720	2632	chrome.exe	85
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 3944	2632	chrome.exe	97
PID 2632 wrote to memory of 5064	2632	chrome.exe	93
PID 2632 wrote to memory of 5064	2632	chrome.exe	93
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94
PID 2632 wrote to memory of 644	2632	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffd86459758,0x7ffd86459768,0x7ffd86459778
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1968,i,3622428605737093273,17765097517761429308,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1968,i,3622428605737093273,17765097517761429308,131072 /prefetch:8
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1968,i,3622428605737093273,17765097517761429308,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1968,i,3622428605737093273,17765097517761429308,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1968,i,3622428605737093273,17765097517761429308,131072 /prefetch:2
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1968,i,3622428605737093273,17765097517761429308,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1968,i,3622428605737093273,17765097517761429308,131072 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5008 --field-trial-handle=1968,i,3622428605737093273,17765097517761429308,131072 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1968,i,3622428605737093273,17765097517761429308,131072 /prefetch:8
  2⤵
  PID:2300

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0546e963-10b7-4d20-8c06-6d3be43178ee.tmp

Filesize
128KB

MD5
a5c90bc09504cbdfc143017cf3d916f8

SHA1
6a9b15484d89abeff701d44f2a92a860cf3441a9

SHA256
b006d38f6fa3b6a6108393feaf89935dc1afa91fc08786271e4ae2e2809cbfd6

SHA512
6f098e1dba651c464007d44771d165600b23b7fdec42c518d9ec0115471bcfbb87a31bfa45a6ad87688c45e32f5128d89c0d6d9634b1e8c602575aa6e6be9890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
67ccd5a439131229706285714006da50

SHA1
f5e1d90463d7d0bab51257bd9cc572ec090d7d01

SHA256
10321b0b16bfe7aacc055fce94af923cd08bb8bab64bc6629fcf98db016612e0

SHA512
2afbd37f7500fbb73085b31863ccebf179e53a339a9dbcd0142b0576cb954ec0be5419180d9e67eca93b03ece72ff78c41f30ec9acdb9660e108488914f85a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
61c023e346842b93ad81867c5222a246

SHA1
894ae117d11d61d5e0269ffdb3b1d6d1533d81e9

SHA256
9ea48259d2a54a8ebc99a512b28d77f9f66ca5a7f9809c1a75522721d9f0999a

SHA512
d1aa5fd7b8301340192abd7627ed4ed85ab350d3393798618f4cf50e52df4a4b4d03ceb0fda60e3efa0359887648f96ff2b4a1bcfd94a60f1ee12a8a3498c6cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
383ce4c96ee007cd436b22da0b241587

SHA1
21dbe6f0bcad2fb4601869c09d352e0650aecd6f

SHA256
0b6105bffac6f2f3eaa7c1fc0194acfaeffd653d3bbe0fb661b5e1b2771641d7

SHA512
2b811ddd9e1289f6420011f2f071c7a4ab048328563c427e375004a347d6e4b4192bd70e7777e3aa24ff5f7263c2d3e4ad3c7e07053e5cc0a0983cc8cc9e6829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e9ba6b4a9bd5f050540f8c268025c59c

SHA1
75f2772aa8b8af5f50f0b12347089768647c1635

SHA256
a5a5b54bf4d7c795e64b593c8afa211fd402a3a8f6ff992838ea971563caa193

SHA512
55d25f912ab0c3d3e89e5683008b68c79cb870807de2f7bb5a8a7d7eff45ec1b5e8cbe93ba4407d4b4d97ebb0629a30194e9335dba1886f2511b6c98097f48cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
6f64e80ad1ef565017ed2a4bf939342e

SHA1
4e2254b8176ae90644eb556e751784723d1266be

SHA256
2d006474eab3bd752304339d76084b7ceb5f82a66d368aa030891fce0f7ac42c

SHA512
41fe9edff3012fb13c10255a1a0eb6dd43244190a847cf8118aef1ca1beff3dbd287ee472609921b87615b9a6b008b194d2cedd3b52c890c350ced154b2fbfee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit