hxxp://email[.]digimarcon[.]com/tracking/click?d=ab2R5GIPR4RnMi36N0yL-nswwqcJjxDShv96udVMt6C2MHc7kgU7mSvwVMTc8H5cmO6yzk0WgefYmqCQz_5TpYnXNS0PEjJB5NnJlYP4WXNh-U1hzeKBDu2NzBHfQ6Mp-ODDvATFAjhyfBecqtEJMWQ1

Analysis

max time kernel
24s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://email.digimarcon.com/tracking/click?d=ab2R5GIPR4RnMi36N0yL-nswwqcJjxDShv96udVMt6C2MHc7kgU7mSvwVMTc8H5cmO6yzk0WgefYmqCQz_5TpYnXNS0PEjJB5NnJlYP4WXNh-U1hzeKBDu2NzBHfQ6Mp-ODDvATFAjhyfBecqtEJMWQ1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608982651170985"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3728 chrome.exe
3728 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

3728 chrome.exe
3728 chrome.exe
3728 chrome.exe
3728 chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3728 wrote to memory of 5312	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5312	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 2508	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5224	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5224	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 5728	3728	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://email.digimarcon.com/tracking/click?d=ab2R5GIPR4RnMi36N0yL-nswwqcJjxDShv96udVMt6C2MHc7kgU7mSvwVMTc8H5cmO6yzk0WgefYmqCQz_5TpYnXNS0PEjJB5NnJlYP4WXNh-U1hzeKBDu2NzBHfQ6Mp-ODDvATFAjhyfBecqtEJMWQ1
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4271ab58,0x7fff4271ab68,0x7fff4271ab78
2⤵
PID:5312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1940,i,11047319545971157653,15905114007612998348,131072 /prefetch:2
2⤵
PID:2508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,11047319545971157653,15905114007612998348,131072 /prefetch:8
2⤵
PID:5224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1940,i,11047319545971157653,15905114007612998348,131072 /prefetch:8
2⤵
PID:5728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1940,i,11047319545971157653,15905114007612998348,131072 /prefetch:1
2⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1940,i,11047319545971157653,15905114007612998348,131072 /prefetch:1
2⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4276 --field-trial-handle=1940,i,11047319545971157653,15905114007612998348,131072 /prefetch:1
2⤵
PID:452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1940,i,11047319545971157653,15905114007612998348,131072 /prefetch:8
2⤵
PID:5840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1940,i,11047319545971157653,15905114007612998348,131072 /prefetch:8
2⤵
PID:5536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4636 --field-trial-handle=1940,i,11047319545971157653,15905114007612998348,131072 /prefetch:1
2⤵
PID:1176

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5882dcbee4183d4e4de60f08860c0e39

SHA1
4b4edf8b30ce5996b3d8f11951e324850ed43698

SHA256
e203ca7d6f8cc9f7436cc3f7f99834c3e8c86a7196efa07f6b689b037a2e9837

SHA512
c5482f14277d76e9c1b2a3f573cdc1950b4a2480948ec0974744874e417bcb936e666b4e1214b259641472e147cdb945fe4f88eb3af84131cb724a367972538a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
598fdc3b256f86f493c70c32c327d647

SHA1
11e903ace4a92d7cc329376de17142f8e251fccf

SHA256
fedbedd95d74436c860e9376122421d5536b331350ebfdc52e36aecf24635fda

SHA512
df28a62b6799c3030ae8fc60d8530c04b87717033384fe2eaffc4ee9633315637941b2f9e6a64d4db56b32316bde90a3d1af2ad11168f7432c1741e7b73dd4a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\fbd47043-5ae0-4492-87ff-4df5fc876ac1.tmp

Filesize
1KB

MD5
d3ae065f555468683c1444562c0298df

SHA1
0c18f2880cbb612be9a5d6ad343f617c41133107

SHA256
2b47a5d744a6c42eb6b3493ee188f6f469783b6b03265b7b3012ce73a9b3be7e

SHA512
9792ee3a13bc364eb7fe2220107e2297b44e950f6435bf90a1b7511c931b4cfd1ef5da5c1b36cf4ea9cada144d35622e99b938257be2c79f39f0a10bc554f236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
04be3afa83afcc526604f76f4a119560

SHA1
93e29798562943e0dcf88d6e8e3b161e21a81354

SHA256
95b68820aa70d2851139dffba28ceec81db6529716e30c53ce57aabad240647c

SHA512
f245dda19c92fe421044d4ff0a325fd6bd008dea7f327bd2fb5ffe7b1756a53e8288796b88288c9554149017e821ecc56c62551b7f4752f75ad502e28f4c5ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9bb6b1827b92eaa6ac5416af022e3652

SHA1
0317359003d6e55512629359c41fd27c32db88c4

SHA256
0485b70449125f3af02d7252f0a673432839378a2a3a3ae930d00056f48ac956

SHA512
6f8124b07ad8b132f0e4412222cc9adb5dc7f646e1c500ad5f931352551a2aa3c388953e05af6e71c60f46dd2b7ca3db0aefffbb08ffd0a5084f8bcc7ecf5228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
db7439c8559dabc84dd9e3f0a22e4c3c

SHA1
23e5cdabed055b9c7ba837a7691c2f0fe05468f7

SHA256
014ace76ee05ecd1bb9fbfc5629152231ef747d569a3880bf59cd6254a131897

SHA512
191918fd98960df7b8b95a95adec2d50614121cd55f3f662db885d78ce1467921efd3e104be4728031d5e3a17abb9732b03d6df52eb904ed84486d3b0606b5bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
3771bd079faa855384b9bb9d2af1941f

SHA1
8b2a653fff14a82d1e6f976a4bb677155d274c79

SHA256
ad14f3ee74a354c1ea5417f86e2e3c760585cff48a39c457d3fc4ef864d8d34a

SHA512
a603beaee54f9d2506b3bd699190683d705fb548fa38ab833e0e395a2320c8e30d7fd34d9e0c766239b7098d1904b83bffef84eab03ec0b349d03a6f621186b7

Download Submit
\??\pipe\crashpad_3728_DFCMRPEMKRDGUPYE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit