7692f44d8486c5970da962ef4add29b0bde70eacdbe0d582cd73c124e697ec39

Resubmissions

09/04/2024, 20:47

240409-zk7qzaag79 1

09/04/2024, 20:46

240409-zkkansec4v 1

09/04/2024, 20:43

240409-zhpglsaf93 1

09/04/2024, 20:40

240409-zf7v6sae88 1

Analysis

max time kernel
267s
max time network
246s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Encrypted-PaymentAdvice-Reference (1).html
Size

1KB
MD5

d518664141c76f578be9bd77a87da8be
SHA1

18b5e80b365eabf607350a934521181dc64651f2
SHA256

752dc035519e56f67f73da13233c6af3f7655ff29f56f7cb03afb307fcbbb49f
SHA512

6a22e7978f66ed431ccb5a98d36ffbbb6a50c2c9958bd0cee5f9adf30ea53f4ef246fd8b6dd034ce60dba584938fe221a80e26a7024e38fb08726319686f8245

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571692930168480"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1976	chrome.exe
1976	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1976	chrome.exe
1976	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeCreatePagefilePrivilege	1976	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2724	1976	chrome.exe	84
PID 1976 wrote to memory of 2724	1976	chrome.exe	84
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 3508	1976	chrome.exe	89
PID 1976 wrote to memory of 4488	1976	chrome.exe	90
PID 1976 wrote to memory of 4488	1976	chrome.exe	90
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91
PID 1976 wrote to memory of 2140	1976	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Encrypted-PaymentAdvice-Reference (1).html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff8bdd19758,0x7ff8bdd19768,0x7ff8bdd19778
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1872,i,2865802350909163055,17663880396005343682,131072 /prefetch:2
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1872,i,2865802350909163055,17663880396005343682,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1872,i,2865802350909163055,17663880396005343682,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1872,i,2865802350909163055,17663880396005343682,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1872,i,2865802350909163055,17663880396005343682,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1872,i,2865802350909163055,17663880396005343682,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1872,i,2865802350909163055,17663880396005343682,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2860 --field-trial-handle=1872,i,2865802350909163055,17663880396005343682,131072 /prefetch:2
  2⤵
  PID:3400

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
677B

MD5
b6d89d178832c027f038df648220a571

SHA1
79775acbde67979b7d8a3705c69ef41ee973957b

SHA256
82805b83c3e6ad4e9a5b5554fe8b371fd4241d6244400c144f40ea68982894cc

SHA512
6414669771c0673327524fd0f3a5b1b76634c56d638036c4760bcfbd69e67ec62d14517825ce4a391f238fc3eda203244e9dd4e6bf289848cd41ba0a1ab2e456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9529c90196fd055b0f4fe631f1d794fb

SHA1
747d0faf1c82663eeae90eb632798cf7487a0a01

SHA256
c31a1a24489a631627192bee8546220969f352c5b8a539ddd0f3895410626bd6

SHA512
bd0d610635540d85fee9800cc7075e05c9a5856900b89ec0200a27d2a61f569fd58baf80df95a213b1a4e66f39109acdac1e75af242bee1b373f45e7d437b36d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1f91feec0b78bc202ad8b9fcf9836bc4

SHA1
5dd0996bcfd4f1f748e9897e929158bd31ae64c3

SHA256
b02a38bafbde7de12ea8086e4eea689dbb9ba67306c2683bd35e21498b144b44

SHA512
2e6437fc91f960ea2b62e40ddf67b5d8253cd4e3d1803a19e68e2ff3d38a23d0fcfa00984566d7dd57a8e1a9153d365bbd46ca8a2fd229609f7a1aa06e45fe1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
0ac844871832505bea110bc81dd0dcf9

SHA1
b68cf14e0bd76848e8777ed791c0e7237dc7393d

SHA256
36b5778c8e83510ee3c8373c4e1b6d9015760dac36d0e2e0f899d2fadc56e540

SHA512
cc860471d1b420180b913dfbff3fde7ed5393a764a9faaf3151bd736f326197a23d9f2b9250d61368346de08741fec4458c1073e9c0a2590f2319f8a0cdf5fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit