Overview
overview
5Static
static
1Quarantine...1).zip
windows7-x64
1Quarantine...1).zip
windows10-2004-x64
161572692-0...d4.eml
windows7-x64
561572692-0...d4.eml
windows10-2004-x64
3818481848184.zip
windows7-x64
1818481848184.zip
windows10-2004-x64
1email-html-2.html
windows7-x64
1email-html-2.html
windows10-2004-x64
1email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1Analysis
-
max time kernel
166s -
max time network
176s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
13/03/2024, 17:30
Static task
static1
Behavioral task
behavioral1
Sample
Quarantined Messages (1).zip
Resource
win7-20240220-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
Quarantined Messages (1).zip
Resource
win10v2004-20231215-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
61572692-0383-4e5e-0231-08dc42b4b0cc/38e596fc-e0eb-46f8-3711-3bde1d4cd6d4.eml
Resource
win7-20240215-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral4
Sample
61572692-0383-4e5e-0231-08dc42b4b0cc/38e596fc-e0eb-46f8-3711-3bde1d4cd6d4.eml
Resource
win10v2004-20240226-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral5
Sample
818481848184.zip
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
818481848184.zip
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
email-html-2.html
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral8
Sample
email-html-2.html
Resource
win10v2004-20240226-en
windows10-2004-x64
8 signatures
150 seconds
Behavioral task
behavioral9
Sample
email-plain-1.txt
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
email-plain-1.txt
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
email-html-2.html
-
Size
3KB
-
MD5
93b88e815e959b42fac077dc75b7fb86
-
SHA1
25e50e7cdbc3c66b962881fb5635120508984adc
-
SHA256
75d7c230503379144fc0d6b75eac5bf47ed5b6205f1263195b28625427ff6170
-
SHA512
20f563e8ba97dc5d5331f2c1bd91ffd159ea7d3714c3b0d9f55a96329b0c68a45b661f21bd20e968b010f4c96d9045527490f57555ad86c90d4ddb2f47a51e92
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133548246777911521" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 776 chrome.exe 776 chrome.exe 100 chrome.exe 100 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 776 chrome.exe 776 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe Token: SeShutdownPrivilege 776 chrome.exe Token: SeCreatePagefilePrivilege 776 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe 776 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 776 wrote to memory of 1948 776 chrome.exe 87 PID 776 wrote to memory of 1948 776 chrome.exe 87 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 5056 776 chrome.exe 89 PID 776 wrote to memory of 1968 776 chrome.exe 90 PID 776 wrote to memory of 1968 776 chrome.exe 90 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91 PID 776 wrote to memory of 4524 776 chrome.exe 91
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:776 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff812569758,0x7ff812569768,0x7ff8125697782⤵PID:1948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1708,i,4014092776839934109,3256404840682990843,131072 /prefetch:22⤵PID:5056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1708,i,4014092776839934109,3256404840682990843,131072 /prefetch:82⤵PID:1968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1708,i,4014092776839934109,3256404840682990843,131072 /prefetch:82⤵PID:4524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1708,i,4014092776839934109,3256404840682990843,131072 /prefetch:12⤵PID:2924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1708,i,4014092776839934109,3256404840682990843,131072 /prefetch:12⤵PID:2540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1708,i,4014092776839934109,3256404840682990843,131072 /prefetch:82⤵PID:4848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1708,i,4014092776839934109,3256404840682990843,131072 /prefetch:82⤵PID:1188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 --field-trial-handle=1708,i,4014092776839934109,3256404840682990843,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:100
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1128
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5faa13fbffd6b8497391045d63a2c7b50
SHA19844aa2001027a69e67b23e052ab532674399e23
SHA256bc4fdbdeafa4c0b5b296badbd7e3beb433d51b27dfb001c0c2404439a31bc5be
SHA512e3689db77b1d425f235e5ef9e56051d1b44968b4329abe67b79324c500ad3a861422e6203af46229e0d7e05f6efb05deafd03572bcf65f4c67635838704330f4
-
Filesize
6KB
MD5c15fb650b21a1b86e087704f0bb6295f
SHA1587245321a9df82790d8da2897098d8e46582ae6
SHA25641121e5a4909a3406b4bb9fe20ee45e56d59c1b401186afcd030ae39c98bc1ec
SHA512ed2287ff24d3fee385acb78c12718f5808eb1b587497111f35c8133844595854023497567087cc6c1ea34b93c4a63630f93532104c5b5184f81be7894375a537
-
Filesize
6KB
MD5522b8f6654fb2e43276bc4ddeaf7fd64
SHA1260c5535cdbd28010cab588366d91eeb5164f8a7
SHA256a276e591fef16587223b8e379a031c50dbbcc98151e03c2f747173b8776fda18
SHA512ed5f961e4bec1edd1e998d8c80de14fbb4ce0d15b223df650a627b3d0df52c4f60b5b230997d6a3229c4882736dad559865985f146e337e698ec23b992ed1599
-
Filesize
128KB
MD5257a2c5cc206cd8b1ab85f0a6bc2320f
SHA19291a4a899e475c40ba2ffcf267be831ddf64428
SHA256778aa07416585158209e2c6ab2fba8c3c9a7c035c50c8f54a20dabe0b51c29af
SHA5129250cf6eeb7ac995ece16df2cbbe6213e80b8dd8832df86c7a78ab720515e0c964895975f1fad1968b9b8c75d5c09c27c3b33efc343aa684bbd1800de7b3e1d5
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd