Analysis

  • max time kernel
    102s
  • max time network
    100s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21-05-2024 18:32

General

  • Target

    https://url10.mailanyone.net/scanner?m=1s8z7t-0002A5-5E&d=4%7Cmail%2F90%2F1716196200%2F1s8z7t-0002A5-5E%7Cin10h%7C57e1b682%7C12862802%7C10019077%7C664B14DDFA97C2480D36A914DC8176EA&o=%2Fphtn%3A%2Fotsiieme.lfalesco0ac%2F.pt9j6l.hm-h&s=ND3mzSgHPho0VomhfR2wTMfllf8

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url10.mailanyone.net/scanner?m=1s8z7t-0002A5-5E&d=4%7Cmail%2F90%2F1716196200%2F1s8z7t-0002A5-5E%7Cin10h%7C57e1b682%7C12862802%7C10019077%7C664B14DDFA97C2480D36A914DC8176EA&o=%2Fphtn%3A%2Fotsiieme.lfalesco0ac%2F.pt9j6l.hm-h&s=ND3mzSgHPho0VomhfR2wTMfllf8
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff865859758,0x7ff865859768,0x7ff865859778
      2⤵
        PID:2640
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:2
        2⤵
          PID:4476
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:8
          2⤵
            PID:2392
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1848 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:8
            2⤵
              PID:344
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:1
              2⤵
                PID:3596
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:1
                2⤵
                  PID:3336
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:8
                  2⤵
                    PID:2928
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:8
                    2⤵
                      PID:2436
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:8
                      2⤵
                        PID:4896
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2472 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:1
                        2⤵
                          PID:3752
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5032 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:1
                          2⤵
                            PID:4184
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4976 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:1
                            2⤵
                              PID:1976
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1668 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:8
                              2⤵
                                PID:4940
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1668 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:1
                                2⤵
                                  PID:5052
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4980 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:1
                                  2⤵
                                    PID:5020
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4852 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:1
                                    2⤵
                                      PID:2724
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=2124,i,14447320917259681466,7778297815343400613,131072 /prefetch:8
                                      2⤵
                                        PID:2340
                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                      1⤵
                                        PID:3836

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        240B

                                        MD5

                                        8b7a1e831d07a71848c26f327a40f5f9

                                        SHA1

                                        5b7fc0fc9c84d4f545091d7ffe0ca2a6510a76b9

                                        SHA256

                                        6e28d2af5ee6aa7eae373823c4686618b1b8f434cab3df9e9bc6759eeda3b033

                                        SHA512

                                        18e293b24a110ee715e5bff53412003639fb71cd67eecbe1ad6938fc48290dff8a5c6563c1819f70573585e98404ddfdf4b6dd9262503ce0effd71dda1f81464

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        288B

                                        MD5

                                        87406730620792a2ff9be98b40ed9ca8

                                        SHA1

                                        5bf60d2272d423b1710fe9c0ba54ba03dc8f8fb1

                                        SHA256

                                        352193e7d5d3dd0f3aefa70a034101074653a9eab5c317a68fdc8de7cfb3b573

                                        SHA512

                                        15d289a6040c83c31ec7f98b4c6f5a420ab04c08cde001dbb2f7fe6d06d64ccf37b4e2f74c8b4aaf364be6ce022049a95dd5d6da735b0a9032d02ac79cb95a5c

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        168B

                                        MD5

                                        939b8a0ffb992f5b4bcfc4d5b2669d21

                                        SHA1

                                        9f19c2ccccfbc80ee49e4816240ad2014e731665

                                        SHA256

                                        0da10a30e38439f6b2219e78e5589c1d6c92d28e39bd534120737fa59142b6f4

                                        SHA512

                                        43aa748ad7f54e47748c9312ffe8da76c1047142e2f604d5dd8311d34e8f6fa8c7a4b4bcfc67dfd86044067405c0fdababcf9f194623ec62ac19f2c276bb8ad7

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        1KB

                                        MD5

                                        7470875a0f12c3a282449147260a5f66

                                        SHA1

                                        0dfa45e06b4461cab499f7fe0df0f5cf8df09e8e

                                        SHA256

                                        f5c87a7ac4c8aadd74fc89e21e5cee4dd5fdac32110e9ae1c902bee941f84458

                                        SHA512

                                        607f871fa02fee911cb04e8dcaf6008a69b8207291021e1c5a384971ed4021d5cede4bd87d09fe9e80eb88671a72ce77b1524b3a5845a1b3cfd417396b26fea5

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        706B

                                        MD5

                                        7bf75f92aa1f0944c551dfaca4713683

                                        SHA1

                                        bd4b185f2e0ae862bb006392159f7fdf63347570

                                        SHA256

                                        62fa4768ae4228eb6a5140970fa032e155bb522f9eedf5285db6ed87d2c3ed03

                                        SHA512

                                        ac30a26acd4df197e3ced4ae031d89d39206b61f8662ce43cb819b3c6655f1cd056564a80d1821d394e58703cf01f3f105abf0f80982a1e91234a2296fa56d70

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        538B

                                        MD5

                                        e3b71e91ce000f87e4313f682f88b7be

                                        SHA1

                                        bcd5cd8f69f3a61cf7320195ffd441ed4f0cb91f

                                        SHA256

                                        a4807e106aceba75bbe2a1bcb25e0d18969b1fbf0686997da40f80b5dd95b0ac

                                        SHA512

                                        bd3ce5182d84b134cd9f1dce12fbbedf8a513bed9ff3fa7c03d5a290ba869d087d726fcb28b3791d64034ae64443b3511144d951a5b0b897c896e1d71b419301

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        c697a93de7138faebd457efba2e21e88

                                        SHA1

                                        84ed53e2b27bf9f21a080329e792db2fd1522b1b

                                        SHA256

                                        ee0d841084b3f8d3e4226fbdef44f0175318f8e6c32327819e54090d0051747b

                                        SHA512

                                        51e1b1bbb89903b13af4d95d58bc544f6b9befdc1d1b86745662c853c623cbbd40c67b8658cda82b73b699b98faeafc47ad19872ae34b995c930da0f313544c6

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        c1d099996601eccb6567100a9393c46d

                                        SHA1

                                        e9095ca475b8fd860d5422f09722fbf49c8401f2

                                        SHA256

                                        04f2955c5562bf239393e137a920a8d30c7d24d0b6f4f99eb095f43f5deb72bb

                                        SHA512

                                        f5726d86c5e7f4e73ca6c84482c6ffbe4f18f1c7824ee05741eeaa6843b472a0c6ccabcef191d431d9ca7b967feaffd85bc01b97aff057c9defda780fdc75f6e

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        613f41d78a67cba77f2bb69940c25011

                                        SHA1

                                        5d87964babef3197e6cb7a106d02e9c3d62e80cc

                                        SHA256

                                        50f5206899377080f3855aba7dc9c4c9bc2fc8fdfcdc5e8a29a127efee7645c0

                                        SHA512

                                        d2a1aef157f73bf41f876bb7c6ec28965e20c8215ad2dee902f0dc8565b5bd949e658f5edf93a4208a41a1d238a1391af852581062cad746c5b81bc064c16a89

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        7KB

                                        MD5

                                        a112ac6c2f26cd08215e6f4350e62a87

                                        SHA1

                                        2c7081fa591f690dc18a2eb457bec7dd3147f099

                                        SHA256

                                        50c3bafcf24bae2387b01a4530ed4baf055e962166dc5a45d002254ac2856d82

                                        SHA512

                                        c754277beb8af3c2b21cc1d78a8babc9461357b60f3bf2acf7e2698be83aeb02292021dfd5ac8b4ddf1028db63015f3b45cc299ef0f517512ae85984d620d337

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        136KB

                                        MD5

                                        d91bef451ddf77943597227a2dd85b3c

                                        SHA1

                                        bd53d743b0429ba6c733f16d10dcb8161840dea3

                                        SHA256

                                        fe43a7fad9bf677286e38833017fd9c49346dd92fae766e9e74ae60a59c66ae9

                                        SHA512

                                        f0ac4d9ecdaacb7b4efc8779ae4461902719843c8d5b5866724bfde5cc561361bbb7bc4fca1b1eaf9be3943dab0531f4c8ce1126f764263410d8f2c2b5d8fb8a

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                        Filesize

                                        100KB

                                        MD5

                                        9d7bfa60b9d8454ff3ee3e5405f4ff79

                                        SHA1

                                        da66ff9d2188b931ab805e7d40d09dedfdc9ae68

                                        SHA256

                                        222ece5fbe95393ace1a7b0699a5fcff5183926a7a18f827ead6f0c8d6b37716

                                        SHA512

                                        c5862a303bb5c5c2242646c00a583442c53ce3d1175c86163798b1acea9f32c22a7747b0d71fb232e5611f0a4001f081fcb76680d04187d8111c83193e9f2950

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                        Filesize

                                        98KB

                                        MD5

                                        48de3f4aae5caa8164ab07b5f59f21bc

                                        SHA1

                                        92327d7a3a66798b50cea2db54e63cbaeb8a2428

                                        SHA256

                                        80035eff244f79e5d47dadc622197e77b9d5eee5e6dd9bcf929d3e710fc4e748

                                        SHA512

                                        02f963e5c0ba0dcccbd6859e06b0c04c94bb9558ac6127e4930fd22b99becf6e70358a999ea60f64e6ea7e1b13af944606faa52d233797a6af41b4978060166e

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                        Filesize

                                        101KB

                                        MD5

                                        457afd7de4112274b2881505d53007b0

                                        SHA1

                                        0dc9c00749d4e5998f99f53597883da8d6d011f2

                                        SHA256

                                        ce3a6c65b1523535cf1dcbc733accc04d5cdc99c25656639a4998f2c51891d4f

                                        SHA512

                                        262fdc811d63fd51594938f69b64ebcd39a82affeb68ce74b2a0cf3c082ac531d87389d7500785c0cf6825bc5862954d64dbde142d5fd4f5842cbef4c5f45b6f

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58146d.TMP

                                        Filesize

                                        93KB

                                        MD5

                                        3c0d99e3b75057224dfc6a65956feed1

                                        SHA1

                                        5b6ed908b44f5afb7a4fb089ac17cd8adb6db35e

                                        SHA256

                                        ff84470e153cabb042b97611d007894b5bc1fcd5c07f3784a823a4b27d914bb2

                                        SHA512

                                        f87a611bcda9283b015b254ac3eaf07b665aaa5225db88cc598893358d7ddfaf489159547a8eb2e7c55ba0ec9b0ad84f958469f4a76eddf41c11ed8e6593814d

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                        Filesize

                                        2B

                                        MD5

                                        99914b932bd37a50b983c5e7c90ae93b

                                        SHA1

                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                        SHA256

                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                        SHA512

                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                      • \??\pipe\crashpad_1912_DGDUJNBVLFOODNAR

                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e