6be7c49c9d7e12bc59ef54f3a0c4bd8baefbd3560ffa7ee9d1590422b363ee5e

Analysis

max time kernel
299s
max time network
278s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-1.html
Size

2KB
MD5

ccd7509fdb8197c9662f81023e95f4f9
SHA1

01898005c5ccd6d8d7d47da4e41614d2e9c327b1
SHA256

a32e1853a791cc4bd018e184d089429125898c9ffa3227f9775c579ab719e524
SHA512

b1dc0fe59ad233e7ca95764c6f24517a1a0bccb538e1c4d6809a196145fad918f72f396f9e17e9a83b1d4401697d9f8e85184df15a1f8ae64bb0fe872f8797f6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578132140512376"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
208	chrome.exe
208	chrome.exe
588	chrome.exe
588	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
208	chrome.exe
208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe
Token: SeShutdownPrivilege	208	chrome.exe
Token: SeCreatePagefilePrivilege	208	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 4888	208	chrome.exe	84
PID 208 wrote to memory of 4888	208	chrome.exe	84
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2968	208	chrome.exe	86
PID 208 wrote to memory of 2628	208	chrome.exe	87
PID 208 wrote to memory of 2628	208	chrome.exe	87
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88
PID 208 wrote to memory of 2712	208	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4a1dab58,0x7fff4a1dab68,0x7fff4a1dab78
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1908,i,4645917596563487028,17821017697769721652,131072 /prefetch:2
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1908,i,4645917596563487028,17821017697769721652,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1908,i,4645917596563487028,17821017697769721652,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1908,i,4645917596563487028,17821017697769721652,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1908,i,4645917596563487028,17821017697769721652,131072 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1908,i,4645917596563487028,17821017697769721652,131072 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1908,i,4645917596563487028,17821017697769721652,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1908,i,4645917596563487028,17821017697769721652,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:588

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
75bb10268b44401768db76f3550003f0

SHA1
d713bc68f2fde2beac06f75300675a1ea9ff00b6

SHA256
6ebfede19aa2ea6e659660e37724f60819bd5af23e182ee877777c771dc09f27

SHA512
f23f0e15d1e6447057a51910b15992c6296c954f3b3aa95673c1c2232694dc7e8e4c8cad5c044848c0ddbc0a3901e21714154b45fc4ac69d6339fdd98da95550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef0134b6dd1316a1211ca6be44cd6c66

SHA1
bf20a8b739424beb10720de08d6a8203edb07d54

SHA256
8982868298b5d08c16376937d5ea79689110678f771a153f618d08834db21636

SHA512
488293fb540c2c6c4b94df19633bef0294ec4aa136f08f7218857f22735caca9c78a671f9e5cff7acf0213387c5e7fdfa89abbcce68ca60830c960ca393965c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
e882a6e66f67ff1f7ab755370b66ac2e

SHA1
8fd40dbaab7bce7d1f8ba86c742691c808e6b420

SHA256
41b1a8ad3611a36f48f3394c1420197f776f2990c6554cb9a271c983ac1c1bd5

SHA512
3f62c34cdeafe5235b5592a676e953fdb66d75264a197676c4d4536172bcbaa47f75b3fc5379c4a837bed6ed236fa2166f8bf40390c48bc8f7e14b94540cb352

Download Submit