945aedc7795bf7bffb3066393828504c3cfd270ecf61e667d87f0c4632929c9d

Analysis

max time kernel
338s
max time network
360s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

redirect.html
Size

6KB
MD5

747079a3eb4b74870eab6308a8d36425
SHA1

c40459e59c648f22a3f5195cc5015734e52da7d5
SHA256

945aedc7795bf7bffb3066393828504c3cfd270ecf61e667d87f0c4632929c9d
SHA512

ebc9c4cf0d622f019092369e71688bed95ee37617d2755013e18ecf87aea379250224ce5c3d31dbacd07bd3a9ed83d55c7be015e5ba7ba3f5ec36c0d6071713a
SSDEEP

192:dDHLxX7777/77QF7yXyr10Lod4BYCIpjhO0yX9XX:dDr5HYD0+CIptOBXF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 45 IoCs

description	pid	Process	procid_target
PID 568 wrote to memory of 1368	568	chrome.exe	36
PID 568 wrote to memory of 1368	568	chrome.exe	36
PID 568 wrote to memory of 1368	568	chrome.exe	36
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 2068	568	chrome.exe	38
PID 568 wrote to memory of 3012	568	chrome.exe	39
PID 568 wrote to memory of 3012	568	chrome.exe	39
PID 568 wrote to memory of 3012	568	chrome.exe	39

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\redirect.html
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6cb9758,0x7fef6cb9768,0x7fef6cb9778
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=948,i,6434153707791158694,17760887329079509467,131072 /prefetch:2
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1344 --field-trial-handle=948,i,6434153707791158694,17760887329079509467,131072 /prefetch:8
  2⤵
  PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --mojo-platform-channel-handle=3096 --field-trial-handle=1352,i,12420025324662307508,6148453904338320896,131072 /prefetch:1
1⤵
PID:2288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 --field-trial-handle=1352,i,12420025324662307508,6148453904338320896,131072 /prefetch:8
1⤵
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=3432 --field-trial-handle=1352,i,12420025324662307508,6148453904338320896,131072 /prefetch:1
1⤵
PID:1680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=3588 --field-trial-handle=1352,i,12420025324662307508,6148453904338320896,131072 /prefetch:1
1⤵
PID:2960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3440 --field-trial-handle=1352,i,12420025324662307508,6148453904338320896,131072 /prefetch:1
1⤵
PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
bf7c893eed301afe48d0f81573e8e2ae

SHA1
8fd567dd46c59ab9fd62acce01f5b5e68566e8be

SHA256
3546c57045df8afc16cdd153db441f32ac491ccc6fff280fef92db3e3c05ee75

SHA512
3cb546ce7fa5c0a7a1890e21604cfa009e671370c8cc5ca18e4d47eac193446e1d034589bb785ad06e3a88de3a0551a615c2b0c8898be864e43fd603fbdf0cc7

Download Submit