hxxps://url[.]uk[.]m[.]mimecastprotect[.]com/s/O1QvCW8KMh5DVlzF6T3MQ?domain=linkprotect[.]cudasvc[.]com

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 07:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url.uk.m.mimecastprotect.com/s/O1QvCW8KMh5DVlzF6T3MQ?domain=linkprotect.cudasvc.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589342738891888"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
4032	chrome.exe
4032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 1156	4860	chrome.exe	81
PID 4860 wrote to memory of 1156	4860	chrome.exe	81
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4788	4860	chrome.exe	84
PID 4860 wrote to memory of 4956	4860	chrome.exe	85
PID 4860 wrote to memory of 4956	4860	chrome.exe	85
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86
PID 4860 wrote to memory of 4756	4860	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.uk.m.mimecastprotect.com/s/O1QvCW8KMh5DVlzF6T3MQ?domain=linkprotect.cudasvc.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb017eab58,0x7ffb017eab68,0x7ffb017eab78
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1932,i,15580752697638338331,3011798152646809706,131072 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1932,i,15580752697638338331,3011798152646809706,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1932,i,15580752697638338331,3011798152646809706,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1932,i,15580752697638338331,3011798152646809706,131072 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1932,i,15580752697638338331,3011798152646809706,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1932,i,15580752697638338331,3011798152646809706,131072 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1932,i,15580752697638338331,3011798152646809706,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4520 --field-trial-handle=1932,i,15580752697638338331,3011798152646809706,131072 /prefetch:1
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3872 --field-trial-handle=1932,i,15580752697638338331,3011798152646809706,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8fab406d34779dbe2ba6904da70329f9

SHA1
c047ac088aeb181464a3c8f9faecfb425bc50935

SHA256
1d523bdaf1fa3ad1f3d275a1e16dfc5f714332645979a05086789911ef6a143e

SHA512
b61fb535ff11ddef90a1cc130b75b76ebb1ed2cac6553d92c1577af4b0ff80272c08724ae233377ce0bfe165b8bf55927308add72d097a84fc7b5ae6c5449a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
263e87c6c8729668a8576a5e9df868d3

SHA1
f70ce1999070495f7e9931bd1cc14a74634497a6

SHA256
c42b3208eaa0af185d8ebb8a45768cfe0536ff399b3469a9d3969ae955fdf218

SHA512
3ae5a9a06a8b43c9a5e8c1094d2d36c144b3590131eb503440ab6e65cc7aab2870a82781de9db9c20b8de75c3989396f1c516d3fc4f8bf8e129bce3aa896a1b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
00962c80cc9efadec380f91476761b4f

SHA1
1b625c0160fd4c5f4ca288f3b64b978c818b76fe

SHA256
25069dfaa8f763a30ba7ddc1ddca7e8dc240fe5d5c205b09cd6aa6254dfd588d

SHA512
b668da1d6db09c3fb8cfd4374b25e2f27330973024e088811a8edf89968492592bbce1a01ec857dd340267a7417182c4f30965fb45ff01d870a66fc5cf395f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
4c710d9a5ce0230c173773b2f9b4052c

SHA1
9d7f44a6dade1d195c73d58cbc753d0439c55164

SHA256
cf3ede6556749724c5349f0366a4642d1fbf3957730078d2b7b8cf02284dd607

SHA512
f47596425396e5d4e756caa0196966f3d987b5f8b5ed9bdb131dac70bb3cb0a92f53a5e32e24d79f81618cae708adf34dec5d71a37e4d24d8b3b37c88cd150d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
842e16509cca547c93ed36c20ea5615f

SHA1
ba1d07ec2e95203fc0b36ef8e1061fcaebe9e6c6

SHA256
74cd738c76e76738f022d3db52afcc96b03b3850a2cc677182fffd39466c29a5

SHA512
3ff90eb33cb03c9955c9ca8fd200edaa13e53f8e98a6018ff8d349cfd141849073cd06dc3b4f7ea9e303689b8e6ac1a2535fcbc62c845a04420f0d22e98f277f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2c892e7e224c3bcc46be5222e40a5306

SHA1
0608c4ea811c87474af15143f668caff9d6abcaf

SHA256
2b808c2c29c409f3284230bb91d9cc615a7c3c5ae6239facde26362346b9202e

SHA512
7cd109d99f3f4e5a34e527718a6919b96b6ea8979690cc7a8f4feed4252abef73cd84c93c8d1644f34f9459e12738b2cc8033f550c77eaebe3d3f3a7be6dbe59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
b0aa6d78be0dc9fbb9bec48eb01dab35

SHA1
c09710e7bb986e1a134e43e194f763754805d5ef

SHA256
1ffb08bcda0ca10787aecc053e50705f7e674cef0138c58e8414ad53e26ea2d9

SHA512
d4227d3b4b44e5a8734750ff8fc86feadcb8631e16abc8e9c13f056b9d573b34b437fbf45852cf94b1f6881de30b01614f996481e5aecfc0deced73a84f7ea0e

Download Submit