Overview
overview
5Static
static
1a1s-root1=...1).eml
windows7-x64
5a1s-root1=...1).eml
windows10-2004-x64
3attachment-2.eml
windows7-x64
5attachment-2.eml
windows10-2004-x64
3email-html-2.html
windows7-x64
1email-html-2.html
windows10-2004-x64
1email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1Analysis
-
max time kernel
299s -
max time network
303s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14/03/2024, 18:17
Static task
static1
Behavioral task
behavioral1
Sample
a1s-root1=email_banfield_2024_03_13_19_SMTP-att-1-4Tw1Pc3nK9z1T4sZ-2024-03-13T19_52_20.eml (1).eml
Resource
win7-20240221-en
windows7-x64
5 signatures
300 seconds
Behavioral task
behavioral2
Sample
a1s-root1=email_banfield_2024_03_13_19_SMTP-att-1-4Tw1Pc3nK9z1T4sZ-2024-03-13T19_52_20.eml (1).eml
Resource
win10v2004-20240226-en
windows10-2004-x64
4 signatures
300 seconds
Behavioral task
behavioral3
Sample
attachment-2.eml
Resource
win7-20240221-en
windows7-x64
5 signatures
300 seconds
Behavioral task
behavioral4
Sample
attachment-2.eml
Resource
win10v2004-20240226-en
windows10-2004-x64
4 signatures
300 seconds
Behavioral task
behavioral5
Sample
email-html-2.html
Resource
win7-20240221-en
windows7-x64
6 signatures
300 seconds
Behavioral task
behavioral6
Sample
email-html-2.html
Resource
win10v2004-20240226-en
windows10-2004-x64
8 signatures
300 seconds
Behavioral task
behavioral7
Sample
email-plain-1.txt
Resource
win7-20240221-en
windows7-x64
0 signatures
300 seconds
Behavioral task
behavioral8
Sample
email-plain-1.txt
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
300 seconds
Behavioral task
behavioral9
Sample
email-plain-1.txt
Resource
win7-20240221-en
windows7-x64
0 signatures
300 seconds
Behavioral task
behavioral10
Sample
email-plain-1.txt
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
300 seconds
General
-
Target
email-html-2.html
-
Size
4KB
-
MD5
14c9fa53167b57fe3a94c1c8926f304f
-
SHA1
c566311d76e3d1b6dec0d7209656dfdd968b4745
-
SHA256
11b368941991620620238382d27deeecb8406317be97c02407491105ba3f625d
-
SHA512
be208a8dc1ccf9a82869e2b428d92a9c562f88f497136f176afd8256e5bc2fa0f7d5eeffa88cd4c7f57211597e98bc5f336a37b7c283b8fa6a4d3f9eb3ea6c89
-
SSDEEP
96:CPUif89F1LxQL9qQL9qQL7Ju+NTJiJ+JkF1rcQL1TQL1TQL1TQLlO+9T9TaTGTyN:gg5onn70+NTwUJ8D161616M
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133549138423850959" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4572 chrome.exe 4572 chrome.exe 4224 chrome.exe 4224 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4572 chrome.exe 4572 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe Token: SeShutdownPrivilege 4572 chrome.exe Token: SeCreatePagefilePrivilege 4572 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe 4572 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4572 wrote to memory of 4312 4572 chrome.exe 86 PID 4572 wrote to memory of 4312 4572 chrome.exe 86 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 1584 4572 chrome.exe 92 PID 4572 wrote to memory of 3976 4572 chrome.exe 93 PID 4572 wrote to memory of 3976 4572 chrome.exe 93 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94 PID 4572 wrote to memory of 1220 4572 chrome.exe 94
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4572 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ff88f7b9758,0x7ff88f7b9768,0x7ff88f7b97782⤵PID:4312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1824,i,8642793833438232116,7873298890406069811,131072 /prefetch:22⤵PID:1584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1824,i,8642793833438232116,7873298890406069811,131072 /prefetch:82⤵PID:3976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1824,i,8642793833438232116,7873298890406069811,131072 /prefetch:82⤵PID:1220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1824,i,8642793833438232116,7873298890406069811,131072 /prefetch:12⤵PID:3964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1824,i,8642793833438232116,7873298890406069811,131072 /prefetch:12⤵PID:1380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1824,i,8642793833438232116,7873298890406069811,131072 /prefetch:82⤵PID:756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1824,i,8642793833438232116,7873298890406069811,131072 /prefetch:82⤵PID:3412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3080 --field-trial-handle=1824,i,8642793833438232116,7873298890406069811,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4224
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3856
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD593cc94aa2f9b37f1dbe31dab63451617
SHA12c2112d2fa4da5b6287dfa23ea4a791639db5fdf
SHA25670e9ce5059b31174b584c1ab578915705a5755fe747f58b065cbe6863e14de1d
SHA512d2b57158fe64f26c4c5e9364f53d0606752344306cd81471dad52565ed3658fe70c24e3003f8aa521b263844ae773179cdbe50545001dc938547bbe8ccbf5201
-
Filesize
6KB
MD52defa1057a0baa0697d5747a7f1e1224
SHA17a176668af9683e6b01a2b35b8269722e91ae99a
SHA25616826179efb5e14e743b688e6d7564f2c8c4b21adcbf7a31c6953684aa90152c
SHA512a9c6f1bf14ae48edb697d3854ed6c10e8649de20ab9ee370d36ab8dad770dca46e253f718e0c30524f665d50f7e433d9472caf92549e9159535ed88ffdca5e52
-
Filesize
6KB
MD5f08f1b7dcd52fc898566adb958f9ce37
SHA140a39289cad118fe8afb9a8ace1bc9c02b84744a
SHA2562d2a9b77772374268ac319aab4b519fb02a59f3f3c4cbcbea6cea0d0e28b74a8
SHA5122fdd816c2f24c1ab62e59e5764a89f2944a22097fdaa21a0aa347de2a35477a1e3ec6fec949ed9d1f12c1ad978487aa9af435dc77c3218ee2958f93f486766b7
-
Filesize
253KB
MD5ff9af97452af01f9dfcf16d0d657696d
SHA10e055b94b1ae876a36eaf5709ae6bfb79de65527
SHA2565ecff1f6d2bfb18915f0def238c44a9a86c4288e70bba51f7b26e6cd2fc4498c
SHA5121d5c8f8379ed616d5a5641f0dad56be6ce690c65af2688d6412d29dd2a78d05b12185ec6c8e034d6cc23feb51f82552e156ab02dbb3079588b1a57283c9bd119
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd