hxxps://url12[.]mailanyone[.]net/scanner?m=1s9PCz-0000cD-4j&d=4%7Cmail%2F90%2F1716296400%2F1s9PCz-0000cD-4j%7Cin12g%7C57e1b682%7C11949542%7C14589158%7C664C9C811D87B03FE2E6472997A0C22E&o=%2Fphtl%3A%2Fatsnhtaageeteoilogt[.]rgsigc%2Faz[.]&s=1YKQiaLIfHH0tTbjCAvEAnTGAIU

General

Target

https://url12.mailanyone.net/scanner?m=1s9PCz-0000cD-4j&d=4%7Cmail%2F90%2F1716296400%2F1s9PCz-0000cD-4j%7Cin12g%7C57e1b682%7C11949542%7C14589158%7C664C9C811D87B03FE2E6472997A0C22E&o=%2Fphtl%3A%2Fatsnhtaageeteoilogt.rgsigc%2Faz.&s=1YKQiaLIfHH0tTbjCAvEAnTGAIU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607774798874223"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4780 chrome.exe
4780 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

4780 chrome.exe
4780 chrome.exe
4780 chrome.exe
4780 chrome.exe
4780 chrome.exe
4780 chrome.exe
4780 chrome.exe
4780 chrome.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4780 wrote to memory of 2612	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 2612	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4736	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4948	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4948	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe
PID 4780 wrote to memory of 4520	4780	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url12.mailanyone.net/scanner?m=1s9PCz-0000cD-4j&d=4%7Cmail%2F90%2F1716296400%2F1s9PCz-0000cD-4j%7Cin12g%7C57e1b682%7C11949542%7C14589158%7C664C9C811D87B03FE2E6472997A0C22E&o=%2Fphtl%3A%2Fatsnhtaageeteoilogt.rgsigc%2Faz.&s=1YKQiaLIfHH0tTbjCAvEAnTGAIU
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab53fab58,0x7ffab53fab68,0x7ffab53fab78
2⤵
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:2
2⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:8
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1856 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:8
2⤵
PID:4520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:1
2⤵
PID:5404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:1
2⤵
PID:3480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4364 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:8
2⤵
PID:368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:8
2⤵
PID:4004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3944 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:1
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4860 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:1
2⤵
PID:5336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4948 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:1
2⤵
PID:3192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5052 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:1
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3200 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:1
2⤵
PID:3908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4760 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:1
2⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3264 --field-trial-handle=1816,i,5873367608527114882,4742226797150942242,131072 /prefetch:8
2⤵
PID:4656

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1916

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
204KB

MD5
41785febb3bce5997812ab812909e7db

SHA1
c2dae6cfbf5e28bb34562db75601fadd1f67eacb

SHA256
696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483

SHA512
b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
0a9e1beda99adda8c71812fa22975307

SHA1
f84bf6bbf427ef6be5efebd75aeca51642ada98c

SHA256
de8c2569151b0463d390bf2d598c5c81c98ea2206c05fc4785abf4782b87a18c

SHA512
a49a40357643e684e558e0c8002aef9aa23966448f85ba68f7557b8c08e1bfece4a3d2984d72dcc4709c7eb188a56e26afa18309232b7fd64eb468320c13ce1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
131KB

MD5
124d4def6d2246a8f0e80b8c60f00098

SHA1
42485689aebfbcf8be13f27d7ed016d293f6ed02

SHA256
f684a07ae712733d411c3e02618071535fe4535a43a8b06ac90da8c42b580a79

SHA512
39a12410a28a02664f8f4217d74c8a61addfdc9b8ee18ee334a54fa2e0ec3bc63d6c6adf1c31aa6a09ba142d8ba31655360ff12b84605c5744f0b02c8de0f511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
132KB

MD5
b0a5f36ef237ee90b4fc02afc1a07ba9

SHA1
d1b2da438d3ef41fcae155963a721a0a6a3b488c

SHA256
37407f066cf64407be6eb5e8b7ac015457797ed7b2bf33790559adaad38ab0ad

SHA512
32ffaf3378a2bb8449b1c31f553256880a4d8385e1cda4adef97436ad1ab110a14d17acf3d5a6798f800d29c82d6e340a42d221fb030e37b87949dec4404745b

Download Submit
\??\pipe\crashpad_4780_WKLXWWCSWEOOFVCV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads