Overview
overview
5Static
static
1Quarantine...1).zip
windows7-x64
1Quarantine...1).zip
windows10-2004-x64
161572692-0...d4.eml
windows7-x64
561572692-0...d4.eml
windows10-2004-x64
3818481848184.zip
windows7-x64
1818481848184.zip
windows10-2004-x64
1email-html-2.html
windows7-x64
1email-html-2.html
windows10-2004-x64
1email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-03-2024 17:30
Static task
static1
Behavioral task
behavioral1
Sample
Quarantined Messages (1).zip
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral2
Sample
Quarantined Messages (1).zip
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
61572692-0383-4e5e-0231-08dc42b4b0cc/38e596fc-e0eb-46f8-3711-3bde1d4cd6d4.eml
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral4
Sample
61572692-0383-4e5e-0231-08dc42b4b0cc/38e596fc-e0eb-46f8-3711-3bde1d4cd6d4.eml
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
818481848184.zip
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
818481848184.zip
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
email-html-2.html
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
email-html-2.html
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
email-plain-1.txt
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
email-plain-1.txt
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
email-html-2.html
-
Size
3KB
-
MD5
93b88e815e959b42fac077dc75b7fb86
-
SHA1
25e50e7cdbc3c66b962881fb5635120508984adc
-
SHA256
75d7c230503379144fc0d6b75eac5bf47ed5b6205f1263195b28625427ff6170
-
SHA512
20f563e8ba97dc5d5331f2c1bd91ffd159ea7d3714c3b0d9f55a96329b0c68a45b661f21bd20e968b010f4c96d9045527490f57555ad86c90d4ddb2f47a51e92
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe Token: SeShutdownPrivilege 2128 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe 2128 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2128 wrote to memory of 2104 2128 chrome.exe 28 PID 2128 wrote to memory of 2104 2128 chrome.exe 28 PID 2128 wrote to memory of 2104 2128 chrome.exe 28 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2760 2128 chrome.exe 30 PID 2128 wrote to memory of 2600 2128 chrome.exe 31 PID 2128 wrote to memory of 2600 2128 chrome.exe 31 PID 2128 wrote to memory of 2600 2128 chrome.exe 31 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32 PID 2128 wrote to memory of 2604 2128 chrome.exe 32
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6859758,0x7fef6859768,0x7fef68597782⤵PID:2104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 --field-trial-handle=1396,i,6610585110686290974,5227918927001227649,131072 /prefetch:22⤵PID:2760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1396,i,6610585110686290974,5227918927001227649,131072 /prefetch:82⤵PID:2600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1648 --field-trial-handle=1396,i,6610585110686290974,5227918927001227649,131072 /prefetch:82⤵PID:2604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1396,i,6610585110686290974,5227918927001227649,131072 /prefetch:12⤵PID:2708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1396,i,6610585110686290974,5227918927001227649,131072 /prefetch:12⤵PID:2528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1396,i,6610585110686290974,5227918927001227649,131072 /prefetch:22⤵PID:1988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 --field-trial-handle=1396,i,6610585110686290974,5227918927001227649,131072 /prefetch:82⤵PID:2064
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2648
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
5KB
MD541afd8b0fd7b1d2712a63a9907abbb9b
SHA1cfe257fb5f3a6b1e404693b829254b28cce35aa4
SHA2565282f0990f7bbc59e2d93468ea0b9371df47389a986a3b19f1541b027716d3fe
SHA51265e9acfab7f4b68306e6dc6d9b1c4c5c102cc5a80eea59310a28413c0a9f343d512876c5963a5c02b6b7f85e2bd3d40c5bc5e41599b6d4e36e3034240ecbb4c3
-
Filesize
5KB
MD5ce5dede1a4bff556c21be47913f84913
SHA1fb158872b755d0ce5dda35f299255ca198c43aec
SHA256f3dacb4ae3280b9e95153f338fe0f7ee25efe39127931414969cc28ccb3d0cf4
SHA51266221ab40af97e24e529117d9f154a371e9eab8669e1cd8088a14cd03d5a1beec06b97903f244875ecaec475c1dfd8f871031a2bb56dff169bb63b1566b3d855
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
175KB
MD5dd73cead4b93366cf3465c8cd32e2796
SHA174546226dfe9ceb8184651e920d1dbfb432b314e
SHA256a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63