hxxps://aka[.]ms/JoinTeamsMeeting?omkt=en-US

General

Target

https://aka.ms/JoinTeamsMeeting?omkt=en-US

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607836364088119"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

932 chrome.exe
932 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

932 chrome.exe
932 chrome.exe
932 chrome.exe
932 chrome.exe
932 chrome.exe
932 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe
Token: SeShutdownPrivilege	932	chrome.exe
Token: SeCreatePagefilePrivilege	932	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe
932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 932 wrote to memory of 2356	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 2356	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 3176	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 4048	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 4048	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe
PID 932 wrote to memory of 1832	932	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aka.ms/JoinTeamsMeeting?omkt=en-US
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca11ab58,0x7fffca11ab68,0x7fffca11ab78
2⤵
PID:2356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1816,i,5968569527306498677,320764604409898199,131072 /prefetch:2
2⤵
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1816,i,5968569527306498677,320764604409898199,131072 /prefetch:8
2⤵
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2060 --field-trial-handle=1816,i,5968569527306498677,320764604409898199,131072 /prefetch:8
2⤵
PID:1832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1816,i,5968569527306498677,320764604409898199,131072 /prefetch:1
2⤵
PID:812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1816,i,5968569527306498677,320764604409898199,131072 /prefetch:1
2⤵
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3912 --field-trial-handle=1816,i,5968569527306498677,320764604409898199,131072 /prefetch:1
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4256 --field-trial-handle=1816,i,5968569527306498677,320764604409898199,131072 /prefetch:1
2⤵
PID:448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2924 --field-trial-handle=1816,i,5968569527306498677,320764604409898199,131072 /prefetch:1
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4588 --field-trial-handle=1816,i,5968569527306498677,320764604409898199,131072 /prefetch:1
2⤵
PID:3320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1816,i,5968569527306498677,320764604409898199,131072 /prefetch:8
2⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3936 --field-trial-handle=1816,i,5968569527306498677,320764604409898199,131072 /prefetch:8
2⤵
PID:876

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2072

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
1692d6e78b476196b1a9a4fcf7542f29

SHA1
a0712ef9bc44a79346ce7aa4b1d52f217e2f7dd9

SHA256
00b757f8708128ee1a17651b566ca0d37dd6ce0ce7bc9cc5b3a36cd61c8bdf96

SHA512
9686f866148b780631fcee7a2add1d6de60ace6ea52d118b6df4d90d2d7c3e3ee3a0023f47e45f0999dbfbfa008d5c4581b2da539062ac07f3b81527d5f0e043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
72fe4f059eed62a7685717de9d0b604a

SHA1
2fbd4e52ff6e62a3fbc76992400214ec4e3616e5

SHA256
054cda532393f0537191776437c5efc3c2d5673619d4950b3f8f60900116b16b

SHA512
c4dbef442652c9d4d818efd965ba4c34f0df254e2de98a6b179bd06367f3dcb39ee362f9b74b474d8e70fbbc2d0995ff2a6abf4234a19e2a3b7450e21aeb0388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
bdf03638c2adf62c8a35803f80768c91

SHA1
9eca59ba6cc78a04b2e988ee7f9817acc956d997

SHA256
ab8eaa945ae917ed8711441ede79834a394c56903df51770172c501d795e83bd

SHA512
1664579ce7b949eeea9e6bf80d68d3fd11c0504c8b002a28b96ab537aa283100b066cb65090dcbcd9a2bc3a02a0bfa95ce9c4de33b05e2e3a2abbac2302f6c01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f852b3d383cb02047e0d703b0b8ac78f

SHA1
18d4c2fd47b0e4daaecf5517596b7d39bd2524e8

SHA256
ca024bb9bdaaf01493b3e1fc12c9d0fd8f22e5390d2f2635af6fb48e2f89d556

SHA512
92ad5d19b70ad880d8a4c4d96306a7fe778d2a6eaff917fa76f6b6d971cc8fc2399f4ec31e1050ae0b94d162e34461a891c209dd7afd83238cd4fc25a785b81b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
c9ba3dae92320510b325fe96968c8af0

SHA1
5e5f11c0085c42d833b041e0fbe5226ea14f93dd

SHA256
81630192d1e94a12dbd5a459af9173bc63d97135cf6babd1c206ed6c251d68e4

SHA512
35abfb5a93fc5382927e30e193a860266b0cbb043fb4f0495adb363b8c6ba0e73ea5baaa39340f1caee09709e2b8158d0f86a8bfe3a8cb4aae9236a2e4db5ef4

Download Submit
\??\pipe\crashpad_932_DCUBUESRTEKCSQPW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads