964a6054cf39bf2a842e9741bd6ffe10924e91cc6421f5a0ed1ee06ae661889d

Analysis

max time kernel
149s
max time network
130s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28/02/2024, 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-1.html
Size

11KB
MD5

c2c0029ea5e50685dad5119c08a5e60b
SHA1

f80f4996b33a950dc82eaebf922ef5cce48f6c3e
SHA256

a76ccd0390ff013be20d2f81100644ec9e70b98d241e51e9abd237fee613f79d
SHA512

db9058edebbb05e5b6b4403c899e508e59e5badb8dd6d6fc09d0f473e0a381f6b3d08b4284ec14e84a77dd45ba789513dc55da4db8b2163e40fed0a8370715e7
SSDEEP

192:ol4MpjV78SWdt+YOExtnPvXzd85Cuv4lnQxMn:l+qSWT+mnXB4XANQxMn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536252022754155"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
4956	chrome.exe
4956	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeCreatePagefilePrivilege	2824	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2032	2824	chrome.exe	80
PID 2824 wrote to memory of 2032	2824	chrome.exe	80
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 2812	2824	chrome.exe	83
PID 2824 wrote to memory of 4148	2824	chrome.exe	84
PID 2824 wrote to memory of 4148	2824	chrome.exe	84
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85
PID 2824 wrote to memory of 328	2824	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c5c29758,0x7ff8c5c29768,0x7ff8c5c29778
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1784,i,11971941497627737047,12428687347940422222,131072 /prefetch:2
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1784,i,11971941497627737047,12428687347940422222,131072 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 --field-trial-handle=1784,i,11971941497627737047,12428687347940422222,131072 /prefetch:8
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1784,i,11971941497627737047,12428687347940422222,131072 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1784,i,11971941497627737047,12428687347940422222,131072 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 --field-trial-handle=1784,i,11971941497627737047,12428687347940422222,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4268 --field-trial-handle=1784,i,11971941497627737047,12428687347940422222,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4300 --field-trial-handle=1784,i,11971941497627737047,12428687347940422222,131072 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2628 --field-trial-handle=1784,i,11971941497627737047,12428687347940422222,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\922d930a-1a53-455e-9c57-2b2b4a32d988.tmp

Filesize
129KB

MD5
ab976ebec61cbfa1ed4c5b946ae1650a

SHA1
1b2ae55ad9c2a90a50607559a6b261f46ccd4d37

SHA256
bc5b92ffbacb667042ff9a09a98cd090542f0175162a8e9876e458e258f394c8

SHA512
89b8b8f361bd3024f6dc729fc360518e97a7a0b9a9ba3ad859030cbe351de044dcaf794e41c047460f7f32b292bb7f9158782d9dcba5d18a9282b6d55e592262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a5a57f2c436a777e4580eb4f161a4e21

SHA1
41d5c29ea902484ca6369d6c8449e1629469e173

SHA256
df1391fccb99e63cdca4cf5dca0a8f3390706ae7df6553312b6242e2b3469d40

SHA512
7389e9381a52cf48043feb2782e287adbff955c957fbc63129e94655ddb3fcc2708f053c7f6ff5525583afd1edf23ab76bdca524d611eba9f6492dd9c3d56998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c559aa12d14619c3ed69c9d785a7df58

SHA1
e2ee957e060e494beeab204d02b0d78f337d11e6

SHA256
96c22967b41a4ec9179176d769c5435be9ec7479fb376c52a1d9320b7f53bb84

SHA512
e47c67ad8fde4b574a59b8ceaf3d404bda87d5e973ed659d93a61990220b6ec1d63047429e7dbe1a6f6bea8b746656afb4a5b51d7f356e6cb33bffd372be916c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1152b21f19e2b7eeb4e630460c8b42b8

SHA1
fc7b882d1dfcb4c2e8f41412351a4111a34a8f94

SHA256
3d6981f2216cf6b67b3435a64f59a92835735346eb8f7a089201e4fcedd1ad2b

SHA512
0d53366741811f61073973210fdb06bb15bcb20c32ca09ffb954379cb2724d3a55cd3ad1bbf6ff72a1f272a6c9914ddc6e74248c51ac920623edf466b499a10d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
5627f45341d056f76816ad85d8dc8c7b

SHA1
e502eb2d1819c6d59dabdf4a7d42a451a2f087a1

SHA256
5f5bee5c52f87c42df5accb8a9c1d42721ae6e42433dc45abe72feb468e69f66

SHA512
8aa93ad42f6ac84e88369cda51f27fc6979acfeea1ec73b5a283dbbb7b1f8435e86bad23f1b98974a1286f730f8c719f04099b43a86bfebb2ec450b8a0de5eb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit