hxxps://customercommitment-finalpackageproccessed[.]us-east-1[.]linodeobjects[.]com/viaadobedocu-acrobatsign[.]html

Analysis

max time kernel
34s
max time network
40s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2024, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://customercommitment-finalpackageproccessed.us-east-1.linodeobjects.com/viaadobedocu-acrobatsign.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133553714031561389"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4576	chrome.exe
4576	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4576	chrome.exe
4576	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe
Token: SeShutdownPrivilege	4576	chrome.exe
Token: SeCreatePagefilePrivilege	4576	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe
4576	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 4760	4576	chrome.exe	95
PID 4576 wrote to memory of 4760	4576	chrome.exe	95
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 4420	4576	chrome.exe	97
PID 4576 wrote to memory of 2132	4576	chrome.exe	98
PID 4576 wrote to memory of 2132	4576	chrome.exe	98
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99
PID 4576 wrote to memory of 2504	4576	chrome.exe	99

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://customercommitment-finalpackageproccessed.us-east-1.linodeobjects.com/viaadobedocu-acrobatsign.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb778c9758,0x7ffb778c9768,0x7ffb778c9778
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1892,i,9703583387298786574,7912037752754167799,131072 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1892,i,9703583387298786574,7912037752754167799,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1892,i,9703583387298786574,7912037752754167799,131072 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1892,i,9703583387298786574,7912037752754167799,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1892,i,9703583387298786574,7912037752754167799,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1892,i,9703583387298786574,7912037752754167799,131072 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1892,i,9703583387298786574,7912037752754167799,131072 /prefetch:8
  2⤵
  PID:5608

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0f14a723f4b29fbdce9d4b9eac006d81

SHA1
7d9f90fba36efdbe14bd93aa912532a04b111ef0

SHA256
be7026e7bf40ceb382a83417e493c7402919aee626f2b83b13806007fb1a8384

SHA512
dd8c26e4a3240709009ed16db3a601f483345656f53e66461b2a208e22c88d9b766155b7471d214308a4107714905d7e332a6c166b5ab5a527d61bb521375bc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
ab538b19d45848c186a4d3c06f2d9891

SHA1
884d583ad81804753827f5e8c7563efd3cd739fb

SHA256
6bf9ad23222aa16bff3e141d1760d9f8cf1d0f2d20bc18a3847be9b92f30230a

SHA512
70282e6d8723026369e56a4617082027096c634d5a808dbb32d501350638267ea47109352cbaae0a0efc8a7784c77e2f4e99885fbaf9a27a6193d488794957c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef398f1af5b1eb1a2791713a9368e2ed

SHA1
da1a4f8aa7e497f3ce5d42b211c0362fc8e6970a

SHA256
dcce3a3693da4eab7f93773c1170d9e051528aa5bb19e6ef99ecda543563db2a

SHA512
633296850ed7acc57ae02527ad588b50bd2fae6fa8fe840e600ca17387a09a05954c19c76a38d18ee97c453ea55c9959722948bbaee86727c308708063c1b04a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
abdf654213ff2ba35b0e553c9f1fc7bc

SHA1
cefa983a77ed22dc965ce9e742abb156d41c0751

SHA256
5ec0c69fefa859d6653faeb21fdba09ca9d47ec6d098604ab38d0c6fb56e9a7d

SHA512
bece7a3a503f1ed70f279da3a8af5238c2240843f114db9dd4da6b5bc97da264492f105bd61f4cc7d758fe005492105adec43afecd4dc39dd5a04a5b6031fe48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit