hxxps://varsitymarketing-my[.]sharepoint[.]com/[:]o[:]/g/personal/service_varsity-marketing_com/Ep9u5VMLcV1AsIFY2sdFIX8BwvQ0OwtGftSbLNrNvdckPg?e=spwna3

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 19:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://varsitymarketing-my.sharepoint.com/:o:/g/personal/service_varsity-marketing_com/Ep9u5VMLcV1AsIFY2sdFIX8BwvQ0OwtGftSbLNrNvdckPg?e=spwna3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546573821945553"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 3460	2088	chrome.exe	87
PID 2088 wrote to memory of 3460	2088	chrome.exe	87
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 3480	2088	chrome.exe	89
PID 2088 wrote to memory of 1760	2088	chrome.exe	90
PID 2088 wrote to memory of 1760	2088	chrome.exe	90
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91
PID 2088 wrote to memory of 2404	2088	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://varsitymarketing-my.sharepoint.com/:o:/g/personal/service_varsity-marketing_com/Ep9u5VMLcV1AsIFY2sdFIX8BwvQ0OwtGftSbLNrNvdckPg?e=spwna3
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff944859758,0x7ff944859768,0x7ff944859778
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1876,i,7819978782822430590,12100621559577314100,131072 /prefetch:2
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1876,i,7819978782822430590,12100621559577314100,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1876,i,7819978782822430590,12100621559577314100,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1876,i,7819978782822430590,12100621559577314100,131072 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1876,i,7819978782822430590,12100621559577314100,131072 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1876,i,7819978782822430590,12100621559577314100,131072 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1876,i,7819978782822430590,12100621559577314100,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 --field-trial-handle=1876,i,7819978782822430590,12100621559577314100,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
4afa23b5c289f987e0f3feb4bccd8aac

SHA1
53f326675de6edc51829a17cec9ed50fd57f30cd

SHA256
b855603f4a72023342aad26d1ec97c10b705596a5a15c26da3b87ed1551c0c29

SHA512
b0514842da3eff4025b643d871698a70db742927537f6612baeadc6dd88446259a362aa5220defc92a08ab18663cc33d1d008f7c490dba5ba97f633ae6d60cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ad667d9b0e46d7d86f7618b92a65aa15

SHA1
c013eae0a2862ef3dd97935161a733389ecaa564

SHA256
53f3d16d87fb5dffe1977ec50b7415996be0368e52a29800f74effae91336d02

SHA512
4be8051c6f5b21c69f43a3025f3e1b8f07ce7f9e0bcd809505834d12084751482f035f51c78f9b42baa612e0210d6feb62a704efe3734a595a749f731a3e8d80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
db722ee61491e4a64b2d8d71dbf407f5

SHA1
1dddef70c15bc11d360e43f82332c64e90a4f793

SHA256
3d446a86639fa53b5214d0341519bda893c58ea2febf97cb59370c2a06f33a33

SHA512
552365b53a900e44d58b64c3927aa8097be00936cf9a0a067a929ff1569a837104394c93a3dfcd760ab5598ca2947d31be356bdf1f1c7c4d02e27c1ca4680d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
8f670d4580a0664c560c307df798785f

SHA1
f476b14669e1cf3cb252d2a34267568e2686309b

SHA256
b5d8baca2f9f61135f3a7648e015d0354f8483a00e92a286bae1c73f8bd815f0

SHA512
1216587d262d98d36d8fd8790a39c793c53a1558d2ea4b2f624df5819b4d340615e068170b701839b40162d7e23565dcf77175ece20ada93c5c47e888292278f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5fc013be0444ceb1224029208f13586a

SHA1
b7517136a9e179ef5c792958b84cff61d5c208c5

SHA256
f1c84efc7071b1592c9235be2ed5ae06d7993f6c5ea429f4d0b1a039f051c40a

SHA512
a572d7cefad26b913ba9100cfb954839acfe5f747656dc5d9fde0c0fc9bcaccfc3913883de8773766bf28fcf01bc00399f89ed87d721ca4433daecdb2f4b0c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
d2d20a37d909aa5fe99f79318f06c3ed

SHA1
17c8d00b044092e075bd0a63240e6ba9cc528c42

SHA256
b6568cb3584069ea2fb2f32d4eec2a1014588ca655dc5eee126816f8ff046edf

SHA512
7e5ad939f59952321530d73ef77713dd7261c8a7c324e05c34a879e64448da4308cd0a595c99f1363432cc8dc19af0569a36f0a22392b8e4c0e4b95b7419324a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit