hxxps://url6[.]mailanyone[.]net/scanner?m=1s9UFM-000CiC-67&d=4%7Cmail%2F90%2F1716316200%2F1s9UFM-000CiC-67%7Cin6e%7C57e1b682%7C26023477%7C10839452%7C664CE828D09A29E749862A491AAAC3E1&o=%2Fphta%3A%2Fptspbinrllytaonozz[.]c[.]oeigc%2Fa&s=IY823YGYdPj0VexD71Fh81X9-uM

Analysis

max time kernel
3s
max time network
18s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 19:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://url6.mailanyone.net/scanner?m=1s9UFM-000CiC-67&d=4%7Cmail%2F90%2F1716316200%2F1s9UFM-000CiC-67%7Cin6e%7C57e1b682%7C26023477%7C10839452%7C664CE828D09A29E749862A491AAAC3E1&o=%2Fphta%3A%2Fptspbinrllytaonozz.c.oeigc%2Fa&s=IY823YGYdPj0VexD71Fh81X9-uM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2136	2140	chrome.exe	29
PID 2140 wrote to memory of 2136	2140	chrome.exe	29
PID 2140 wrote to memory of 2136	2140	chrome.exe	29
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 2820	2140	chrome.exe	30
PID 2140 wrote to memory of 3012	2140	chrome.exe	31
PID 2140 wrote to memory of 3012	2140	chrome.exe	31
PID 2140 wrote to memory of 3012	2140	chrome.exe	31
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32
PID 2140 wrote to memory of 2592	2140	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url6.mailanyone.net/scanner?m=1s9UFM-000CiC-67&d=4%7Cmail%2F90%2F1716316200%2F1s9UFM-000CiC-67%7Cin6e%7C57e1b682%7C26023477%7C10839452%7C664CE828D09A29E749862A491AAAC3E1&o=%2Fphta%3A%2Fptspbinrllytaonozz.c.oeigc%2Fa&s=IY823YGYdPj0VexD71Fh81X9-uM
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7039758,0x7fef7039768,0x7fef7039778
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1280,i,7271230463788092697,5002311759883462031,131072 /prefetch:2
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1280,i,7271230463788092697,5002311759883462031,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1280,i,7271230463788092697,5002311759883462031,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2200 --field-trial-handle=1280,i,7271230463788092697,5002311759883462031,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2216 --field-trial-handle=1280,i,7271230463788092697,5002311759883462031,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=976 --field-trial-handle=1280,i,7271230463788092697,5002311759883462031,131072 /prefetch:2
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 --field-trial-handle=1280,i,7271230463788092697,5002311759883462031,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3384 --field-trial-handle=1280,i,7271230463788092697,5002311759883462031,131072 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3616 --field-trial-handle=1280,i,7271230463788092697,5002311759883462031,131072 /prefetch:1
  2⤵
  PID:1924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
9a6463de900cb4acf07a7d7420c1f194

SHA1
868bf028eb40236cc25123241c4ccb9a31b7c449

SHA256
1fceb04cca2b3c1bb3da0864b074e2cd4f9f2b1623e303c207ef6d3454723b47

SHA512
52cfe737e7fd50ce693f2c0512461f2ae5c8da2f16f2638d0ea165684dfe255225f11b4d6074a8907bb5c235b96ffa06c4b478c9ce272a43801b6eb92c7b6c43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5051ec48af80e6f51979bcdc16e191e6

SHA1
7e7ee5e7c2f575a290287a6d213651e0d5b20a1a

SHA256
e338d91e88b228298b43b766ec3f1718996b9e5fe28eb8c29ca281746bb98277

SHA512
c5904516d4708fb2463cb3b5d9bb6b483b93d45e5fc1704d971c749fa9389a1694c149a9f5eef0e19a41de3d96b60db7ddbd60fb7325a7a935480f9d8a63eadf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b11364fd69c6123ed3e01241f1ab41a

SHA1
18c28ef91f99fc155669e5a26e4b7285b808d3e5

SHA256
1e9c64c254f31ac05c022960962ea8752596a63b2bb8c26d9db5d20ad3a1dcac

SHA512
29872595e5f3e568b1be98b271d6f6c8936fca406f3bc9db27630e7c067fd3063a9d7927fade2617178109296bcf29a8280a97783a14d18ec7e212cbb553bccd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f25b3b3845ed5c8a49637b2fd47db03

SHA1
461f1c87032bab9522239aef1fddad675d0e1a62

SHA256
deae42ae417419cab5fcebdd70ab3e388b62217bd165bffb9a327f26ac9b1c3f

SHA512
24320819868d22829dc1dcaa047ab0b12df58a9d452128eda2d6f733cee32dfa5fa460f41b8076e7cce64b0723f5411af5891aa0b4c1da3689486b917d32fb58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e06b0ee81e84aec5b71ed0672eddc932

SHA1
7e7f80491f8fa1fb306e7d0888e1b5b0773849ac

SHA256
a45bb07317959d179c2096a11183c4942f209af655cd31d4e585754adcc973a2

SHA512
553709331cd1bd8477d75c55a1ac0c0d770fbd57ce554b5aac9f990d5575e664d1c84cef358cc19d94459cc16437c669d5291e5237acdf23601780396f914b16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
810320e631935cbdebe050fcd53ad8ff

SHA1
c362125a396162e78e262d4ad78ded40aa7ddabf

SHA256
bd4585c6b56d9622d3f6d775503c8c19c4efb571e2c09b6fc277a627a6ff454d

SHA512
c394cdbde441e04ca842a8400de1dfb21951f9c484ef67f336560204322d05a27ee4749635ff85372d18f71d2fb45f94d1a20ed9315638937abd19dba7239434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fae2e1ccde4c636757a0509af46e1b6

SHA1
b07230a136e06326fb19659c77ad22762036b1f7

SHA256
31243e06feec9507fb69efcde0c1db77a79479f35fb0d520578d9d8504c8e935

SHA512
167ded37d86f3b26e6beefef9827553ce254775dde16920c58fce4242fd2e130fbcd263febb1af38c5a81cb60b32a17b43b5699257b6ade9e614c6db87c24876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab42FB.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar435C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit