hxxps://www[.]flipsnack[.]com/875CB8DD75E/invoice/full-view[.]html

Analysis

max time kernel
67s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.flipsnack.com/875CB8DD75E/invoice/full-view.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607765967492203"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4572 chrome.exe
4572 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

4572 chrome.exe
4572 chrome.exe
4572 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4572 wrote to memory of 1660	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 1660	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2076	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4168	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 4168	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe
PID 4572 wrote to memory of 2004	4572	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.flipsnack.com/875CB8DD75E/invoice/full-view.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fd06ab58,0x7ff8fd06ab68,0x7ff8fd06ab78
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1884,i,9500565544620768998,9585019464291990018,131072 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1884,i,9500565544620768998,9585019464291990018,131072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1884,i,9500565544620768998,9585019464291990018,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1884,i,9500565544620768998,9585019464291990018,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1884,i,9500565544620768998,9585019464291990018,131072 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1884,i,9500565544620768998,9585019464291990018,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1884,i,9500565544620768998,9585019464291990018,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4688 --field-trial-handle=1884,i,9500565544620768998,9585019464291990018,131072 /prefetch:1
  2⤵
  PID:4208

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1e117d0c07349f97425c7f0fa223cab0

SHA1
d7df20d740ff4e4eacd7d3200b4e627eda392677

SHA256
1572fea3d2ebed06eb585f9d2d153ab7c3b5496e96ecd6a5b8ac901efe84ba70

SHA512
055e36c88c31e7940b35e78a6d58ef2a954e931fb1764e7fbdd02759d762215ab59668dad73f08f68b5e7f71ea2dda8548e6886c050efc99afe2403fcb23501d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
f74489bb1d2abee3c603c40824fef3ce

SHA1
26714fe7f94fc570e19d286afd406f2a894fb5d9

SHA256
f83102ac0f565bf4a3c778cc11adbd8325cb19450a93bacba27d3abe9c3c1e67

SHA512
9fa2810015c57c40f4d2f7635c525b1dcb3b817b17d2541eedf3c5384df33bc2133bfc2715c252d50aeda86f0537662aa179e5ac259be1481116f9616ce7d8f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
806753ab9efefe4a357cf235e6244ce1

SHA1
22102da863fdd4446fc9879dce36d909618c2638

SHA256
3b250d53f35b228fe9349f75f6bed480cf8cbe58b57526525e73026e81b4c1e0

SHA512
bfffdead65951d1d69a45f3b24a60e87ab49af5f949fecd1e6b8b2e05ed73a5074dd6e0cd7a4a4502017028636ed3b6b21124ceb9bfb46dcd58cbf0c99c037f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
418df5cc2336f6df94bf70ae62d93afb

SHA1
b070a3ac97c3f7534adcb96148ec0c61e0a8dd31

SHA256
871733d5a353a1deab2d2ed1d44dc907980fd77d044d3ae7a3758b0039325c77

SHA512
8fd907d65005a57ee22d5fc92957885c039461781631745ca476566fb3d753421dacb0b697920adb4bbd4a67ec4efb7df31215f5654ad795767c6b243759878f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
1221a5bd32b2be23aa20fd3ebf5880c4

SHA1
4b7e8be1417686826cee2a5d4f085e3e3dc4da56

SHA256
3fe2b93f598c78240bbaf0720e2cb53ca39b3f07ab89dae258fcb726550aa08c

SHA512
79d8d025602089dfac4eff42dbc8d4cd7965cbbe8d11b2768f105c0d5da7c600f23c6220217bf9ad7497afb7bca5fad9d7ee17cf195bebd243ce91bad97cfff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
dbe856af9f790e22dd811ea9a702bd50

SHA1
5c7efd757c422b1d997d76abbfa7f49cc5573038

SHA256
3cec1f9a7d8173d59ad5a92bd70a1675eeb810911d9787976819a8ca1f4aa69c

SHA512
963e93884fefe670bfb0d32952c28936eebacf727739c928b5592443f2ad109ba181fba5f0219519af75cbc00940e6c452e97c884caf373e145424c28bc04b21

Download Submit
\??\pipe\crashpad_4572_CXUYFOAHEWHYLRWM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit