Resubmissions
06-05-2024 14:16
240506-rllwwsea9s 106-05-2024 14:13
240506-rjrdlaea2x 506-05-2024 14:03
240506-rcyt4adg4z 5Analysis
-
max time kernel
75s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
06-05-2024 14:16
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://outlook.office.com/mail/
Resource
win10v2004-20240426-en
General
-
Target
https://outlook.office.com/mail/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133594786558423679" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3604 chrome.exe 3604 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe Token: SeShutdownPrivilege 3604 chrome.exe Token: SeCreatePagefilePrivilege 3604 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe 3604 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3604 wrote to memory of 232 3604 chrome.exe 83 PID 3604 wrote to memory of 232 3604 chrome.exe 83 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 4576 3604 chrome.exe 84 PID 3604 wrote to memory of 1888 3604 chrome.exe 85 PID 3604 wrote to memory of 1888 3604 chrome.exe 85 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86 PID 3604 wrote to memory of 2732 3604 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://outlook.office.com/mail/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3604 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc801aab58,0x7ffc801aab68,0x7ffc801aab782⤵PID:232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1240,i,4426392969742949433,14382744519991913287,131072 /prefetch:22⤵PID:4576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1240,i,4426392969742949433,14382744519991913287,131072 /prefetch:82⤵PID:1888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1240,i,4426392969742949433,14382744519991913287,131072 /prefetch:82⤵PID:2732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1240,i,4426392969742949433,14382744519991913287,131072 /prefetch:12⤵PID:4516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1240,i,4426392969742949433,14382744519991913287,131072 /prefetch:12⤵PID:1048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1240,i,4426392969742949433,14382744519991913287,131072 /prefetch:12⤵PID:3372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4156 --field-trial-handle=1240,i,4426392969742949433,14382744519991913287,131072 /prefetch:12⤵PID:3416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4500 --field-trial-handle=1240,i,4426392969742949433,14382744519991913287,131072 /prefetch:12⤵PID:4320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1240,i,4426392969742949433,14382744519991913287,131072 /prefetch:82⤵PID:3660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1240,i,4426392969742949433,14382744519991913287,131072 /prefetch:82⤵PID:4652
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1428
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
744B
MD5be0f5a440d8ea2e25204b2ab5a8fa351
SHA19d4c8f5a8e9011e5d7cf431818d77e90fbed4f51
SHA256fdc1485f0a8569e1abffab24cae33d2377100abfc0a3c396b9a767ff999c5f3b
SHA5126251be80f584bb798da21e0429242cf2ec3fec9acb27f0fc90debba7b80ad6fa27827f590e2344cc6e7edc4c60840946e191d0b4c041acf179fb57db1ac92fcf
-
Filesize
1KB
MD58d10ff93986f719d58bb9e114daea085
SHA1990a73ce8765428156ec09f007477a1d6a27ee28
SHA256902d1ee002e967e67f5f25ce4a2ed39ead46af6e9dff6d94f4be192f001bda23
SHA5123e343806b714b4def13420288571fd7cae9cf65afae53469322be2ee9e8cc7344514b4f1abc58e3ced39952862f0c74fff32d3c111dd8c1a80c00f841544bbe5
-
Filesize
2KB
MD519953d4adde10869f12f064fe9c6df0b
SHA1ba6081de154efbcff507877db0d15561f050d807
SHA256338b728dce424f4cc487fcaabca5323922ee348656add3fe709dd4aec97b4429
SHA51252688f4c2c147eba7740638950a702512afa8d9df8a9ac954132500710f2a03abe27af7e1a0a1858c62cebca3cc9988728cf15689748bbe25da36318d2be7724
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD54ace6717ad3105b8f71aa3ad9ba9b67b
SHA1de45ae590823d7b643e5193e5325d037de918cde
SHA2567b34993a9fc145e3919634c04149e601c7b155efd9a81200bd5689c2963a42af
SHA5129bef246ba6b8969fdba225386cb6d858fb933d8db4f71d1288063c4fe2228924760ed495db9511adb4a5f4fedb3217a8c876a6aea40665184e3f60efe9b9f9fe
-
Filesize
7KB
MD590e3a82411c60a9ea095f41bdbc7e0be
SHA12875d78a385a51720024710f320824f84e25738a
SHA2561ae2a9d9f3853304e4fa917033b46215bae9fa38931654dbea68f14d319229bb
SHA512b119edba8d48cadc5a66913a9b5e93d083cd0d7175b6d77ee3dd544282cbb2aa2e66af7dd35a848b97c0842daad922784d3342ad9905fbefadfc4f5cc8e98b55
-
Filesize
130KB
MD5a94888e9a7df171fbeafc7b8dd216bb1
SHA138e3bb8225e4a0b0a7a39254fc7a09fd53fbcb0f
SHA25677eb87688830bbab39b9dfbdaa70721c5c59bee371e2dd8c5e701a1da53a84f1
SHA5125bb49be004e0966c43b919bb9687eedae3985210679eb904b3c43771eadeea463239f7b30f54287e4281750e406e022387605f996c2a40a58f00898edebebbae