Analysis

  • max time kernel
    78s
  • max time network
    67s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01/04/2024, 20:28

General

  • Target

    https://ams_support.axiomupgrades.com/password/reset/52RNb8BwNuFdgynBM13CrUhTF1PbAYybNMhMdjkx7wsYeh0R6cObHCm8DgvL?email=al.bundy@saic.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ams_support.axiomupgrades.com/password/reset/52RNb8BwNuFdgynBM13CrUhTF1PbAYybNMhMdjkx7wsYeh0R6cObHCm8DgvL?email=al.bundy@saic.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:864
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff913ff9758,0x7ff913ff9768,0x7ff913ff9778
      2⤵
        PID:1556
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=312 --field-trial-handle=1816,i,14113153298337594414,5553236958191250235,131072 /prefetch:2
        2⤵
          PID:3144
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1816,i,14113153298337594414,5553236958191250235,131072 /prefetch:8
          2⤵
            PID:3804
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2152 --field-trial-handle=1816,i,14113153298337594414,5553236958191250235,131072 /prefetch:8
            2⤵
              PID:2100
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2808 --field-trial-handle=1816,i,14113153298337594414,5553236958191250235,131072 /prefetch:1
              2⤵
                PID:1640
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1816,i,14113153298337594414,5553236958191250235,131072 /prefetch:1
                2⤵
                  PID:2020
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1816,i,14113153298337594414,5553236958191250235,131072 /prefetch:8
                  2⤵
                    PID:2080
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1816,i,14113153298337594414,5553236958191250235,131072 /prefetch:8
                    2⤵
                      PID:968
                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                    1⤵
                      PID:2300

                    Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

                            Filesize

                            27KB

                            MD5

                            5656ae58a4ca972eb7ba56d28fffb4a1

                            SHA1

                            bf0c29f6052b86955c30b9211c02413e46e2938c

                            SHA256

                            67cf70082f1cb536a680c267837886e96211542363d0ac5c2234d36ab9a97417

                            SHA512

                            90c59e8ff940a23f4641226f3a26435166525a68adba3e4944131f193d4acfed33df530af156dd9b5aab9bd7904c87ffcf4407b0d0c4848f822eb9a469da7f57

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

                            Filesize

                            20KB

                            MD5

                            a44386502f79e4e2f0c9f91c1c0dfad2

                            SHA1

                            f1106dfa8ada219a5600c6a8fd2dfdf93a427c52

                            SHA256

                            ba4a4802c1982ae8e201da7be9c6ff31c017a367531bb4c4f1f5e722e095a59e

                            SHA512

                            1c81e79bb2a2e0316317f367e4c9dd62314495cc6a6a5d8a3e0d080c1ddf48ed184c2cd91223c62b475833896c9c5706b5504322bc162f249aa9fb6717fe82f7

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            504B

                            MD5

                            bcb56f216dda313f2036e718c0f5e77a

                            SHA1

                            ff20ffd250921cbdca4aaa5b40529ec4d474cd4d

                            SHA256

                            75379bb7b9273701b77272e3a1360b8360ef5930239185a1c73d9edb1ef610e2

                            SHA512

                            73de73bda8d4b7d6969bb7d2dd7d33e578a22f0f6674a4def36b27655f733a7cde41942248e95f40ee3d56b7748a47cd7ab024bea420b4e78270f6426ee6e37b

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            1KB

                            MD5

                            57ab9cf606fc1f8afac22f1c43f3f69a

                            SHA1

                            1e3b53918c4904808bc77fafdda02d1b0ff1afec

                            SHA256

                            590b984ebcb9238155ad07e762bb374fefabe18d7bc78abb93e21763e36caf19

                            SHA512

                            de1d38915482684c6aad4787d79d7a374fb5b5a4b505501142d6ee1df97f70213f5292a46c7383a7ccfe6bf01ebb2ec01cb2241c66d8d2cb223ca4ddc005e9dd

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            1KB

                            MD5

                            4e5be5fadec22899bb96381b82987749

                            SHA1

                            39a680a21a33548ce8cf5bef8d72e63dfa13bf22

                            SHA256

                            c5c2c5b3233333e401df9880973b61d4514cc21d74b32f838f50bca21b28e4f6

                            SHA512

                            567f7d32f43c280f3b92c5adc176c80dd553838e287a313c8d6f059a84a5e28cebc68335f0914d28b4c5f352013bd38a2a148a16ad33ea8b027450fc1c17c61b

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            1KB

                            MD5

                            4d1238d8edcff10deaeb00aa5d38ff29

                            SHA1

                            c8a8c518847b153ea7570e851a785a3bfe7aa2a8

                            SHA256

                            7603574db46a3acce2c1fdb33ef708d74471f1ecd6e2b84293570497b58577f3

                            SHA512

                            39f5c160f9c77cbaecfee575125fc6b59f7c0807e923638c58fafeb8436e07fe4bdc1342f467867e0179b8d91867ec06f47e1a4f0a0bb7b2e61787350c0dc0e1

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            702B

                            MD5

                            3c6be906e3a65caacede3376c0a8a00e

                            SHA1

                            d3a725f80faa3f9586da576466faad516424de3b

                            SHA256

                            2ede8699cf0c2584b4eebda8959260319f885d8246f894fabd360da0900e0666

                            SHA512

                            a77b4e7979caeb48833727e3e0e62e03f3af62c2295864d20f7bbb759fa98df994f95e4895614798ebcc55d6f5b6d215d8d67b17d96979e644796d758ec24bd2

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            702B

                            MD5

                            eaa034279c624a6255fe6163474b0242

                            SHA1

                            aa495cce52723be134234935dcd44c56b5b8d8e3

                            SHA256

                            720c92b28cb6c08f0c2ca4f8b3a30b09fdea9949ab5dbf3a0e565730c43c84ee

                            SHA512

                            7b6ac75867cb28df6f9369266a20457a07345d15d07d64b4d4804dcfa38892c2d8689db5b4030b19b1885e4a488c76a5eb76921a2a461cca81638a6a27d4e17a

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            702B

                            MD5

                            b8e236f6204596004e0896d5ceea1913

                            SHA1

                            16b16256f379f2ed431b39d2418c65e4170a1ed5

                            SHA256

                            3a5d7dc257d54066ab9b88d7f58ef9f24c6955c63e5f8d9aed72252a23905e12

                            SHA512

                            25d41fe91d869650ab2372f8ef698c409ca5b2136a7ad1025beb92bd12b8a609b525096ec6b751fe5e4970b6d759de29a6d02f33a23be75ca750caa7017649f5

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            704B

                            MD5

                            388392ed001467a971c54615e1fb10c7

                            SHA1

                            81c9746e84fddf4a46a909fa544eeea77289c460

                            SHA256

                            2fbaf9317a4a5b7455be52430f7319f05e6c91c4ebf48de67762b1f3e5626531

                            SHA512

                            099ee3f10fdf8d1e0a93037f01f71c89c2c146b631625c4fcd310e7035b09703250ee9551959569a65130bdbfad287e351eced8d95daef3d2e42b59815e73f03

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            5c4c0ec3cff345fe20d1cd5851e55581

                            SHA1

                            f4f3a4b26094542078e61593973660478e714ab2

                            SHA256

                            5977887a0b4ec94ff6cdd89bcf3b854e0f8427bb4dfea5b8ca5cc70fba83645f

                            SHA512

                            76353a6afd1d800bc570f596ae34e85c025d386df64adb989dac63aefcd373f1857f2f3ef16b62fc1b5681a1ae0227056aa49ab3d1dd943434a5fe49944816ce

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            73e900f118c098518a8bdf4b8b6e0c0c

                            SHA1

                            585fd864382c0f4926a77542d3f94694c3794354

                            SHA256

                            b3cdccc7d04ee5f25206ce8f29c63020a493ed38eea7b09b4ad904d16b546b58

                            SHA512

                            c80959139476a55156bb7839fa300c35911a65ef2edcb94ed9c9a1818f24e66a2b92009d6d4b29ffea11d37d91f97b3beb8e54e423c7fb6570fcd23ca2905e66

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            130KB

                            MD5

                            d2c297fec5d700076156e8a01401f84e

                            SHA1

                            c5f23fa52c75708a7bb73dd3012b91f0412b9ac6

                            SHA256

                            c42ee202853021d105bdd97e0104d24835973bbd67e7be84f7181700f94b9b25

                            SHA512

                            34d5339f3d118a63deb2e0230781a09237a8d7aea599467f31ff4b68306f0664935e4c6fd991c16d6c69a8b7e1bdc290261297b6488fed1ebdc122aa6063dc1d

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                            Filesize

                            2B

                            MD5

                            99914b932bd37a50b983c5e7c90ae93b

                            SHA1

                            bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                            SHA256

                            44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                            SHA512

                            27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd