Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2024 17:57

General

  • Target

    http://emails.microsoft.com/dc/XEI-Ai2TIOs2yDevUu33A_-UZpYPoxOaK71PgoTSK7CHXgygndrj7wPr7zLWYHtR62rRwyBAVPeaxsI5cyFOufBp3h7hYz2jESZZ4N6hphY=/MTU3LUdRRS0zODIAAAGTMTZ4YF9Sre5wIsyiPy7zsJIfEuQvz_EOS0NgAa9ac_ovQyPqK_8w6-mNSMkgzge1Gb0B3Yc=

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://emails.microsoft.com/dc/XEI-Ai2TIOs2yDevUu33A_-UZpYPoxOaK71PgoTSK7CHXgygndrj7wPr7zLWYHtR62rRwyBAVPeaxsI5cyFOufBp3h7hYz2jESZZ4N6hphY=/MTU3LUdRRS0zODIAAAGTMTZ4YF9Sre5wIsyiPy7zsJIfEuQvz_EOS0NgAa9ac_ovQyPqK_8w6-mNSMkgzge1Gb0B3Yc=
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee95dab58,0x7ffee95dab68,0x7ffee95dab78
      2⤵
        PID:1440
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1912,i,11519094709578887986,9615336451797759794,131072 /prefetch:2
        2⤵
          PID:4004
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1912,i,11519094709578887986,9615336451797759794,131072 /prefetch:8
          2⤵
            PID:1344
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1912,i,11519094709578887986,9615336451797759794,131072 /prefetch:8
            2⤵
              PID:4708
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1912,i,11519094709578887986,9615336451797759794,131072 /prefetch:1
              2⤵
                PID:1480
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1912,i,11519094709578887986,9615336451797759794,131072 /prefetch:1
                2⤵
                  PID:3756
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4416 --field-trial-handle=1912,i,11519094709578887986,9615336451797759794,131072 /prefetch:1
                  2⤵
                    PID:2352
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4564 --field-trial-handle=1912,i,11519094709578887986,9615336451797759794,131072 /prefetch:1
                    2⤵
                      PID:1664
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1912,i,11519094709578887986,9615336451797759794,131072 /prefetch:8
                      2⤵
                        PID:4468
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1912,i,11519094709578887986,9615336451797759794,131072 /prefetch:8
                        2⤵
                          PID:4512
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1912,i,11519094709578887986,9615336451797759794,131072 /prefetch:8
                          2⤵
                            PID:2832
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1912,i,11519094709578887986,9615336451797759794,131072 /prefetch:8
                            2⤵
                              PID:796
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1912,i,11519094709578887986,9615336451797759794,131072 /prefetch:8
                              2⤵
                                PID:3788
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 --field-trial-handle=1912,i,11519094709578887986,9615336451797759794,131072 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4436
                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                              1⤵
                                PID:1388

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                1KB

                                MD5

                                b6ef5fc1553e9022202d6b27e0200575

                                SHA1

                                00f163fbb7b44ffe79c9a5106bb35e3881916c95

                                SHA256

                                2f57e123c9d8096179025a18ddbae1a0fb286739790170d2cc332a200145e106

                                SHA512

                                35d6c8c15c359a9c15a491c41c6aee66a7fa7c298a3909ffb79bfe0c62498386fb7bc644653025b6a298a4ce278eeb109a5327c2f31c19efb12d52c27ad6094b

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                7005d31ea15e1fc37944f2826629a4cc

                                SHA1

                                b3ad2a8d9116854e54ab74cc5660b0d23fa34a50

                                SHA256

                                93e025d99ce396bf54d2ee3541e77289095bbac22d70613bc6bcf482f52f1cd2

                                SHA512

                                8ef1c4e41994a9ea266e5254de7068a3adb6330540a11f7c68a75dd77e195047367f94139552230a7dbb4a8bdcf41fa9a007a9cb1fb72091262ca5cbbb47dfcd

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                1fb6d0223a37f174811611b52978fd4e

                                SHA1

                                0c1383b50514966bb76f38fc50069f02ce52dc45

                                SHA256

                                dfa799d394c2f837de88caa947de16417f8a468c1fb7f32f38e98b5e44d5ae41

                                SHA512

                                f3cf1abd09c37d3fc0bb141152482d9f7b253b16709cd3f0529d677b556023b4ba3ee9d1c8faf04c52134736b650a867ff76f3a2d5f6c0102a0703feac027556

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                Filesize

                                2B

                                MD5

                                d751713988987e9331980363e24189ce

                                SHA1

                                97d170e1550eee4afc0af065b78cda302a97674c

                                SHA256

                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                SHA512

                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                401fd34d7b955b05f17fd0dff04e4410

                                SHA1

                                cdac94415252691ba4cba74806f928b6f6a21658

                                SHA256

                                2a98a3cace6d372641985078bd3f8d53c0eb8b814388367ea107ce59b2ee5b7c

                                SHA512

                                a9190727a677e52cfb0568f96e6ee192b98621f06f25fe4328b61a42a7d1ace461733848238c90650119dc859bca29be64c73d17acdc597f029a1966c7ff5e92

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                0b46307b734b8f21369c5c300ac50557

                                SHA1

                                690a3f05b92a892e003d569e868a991f9860186f

                                SHA256

                                6988da94c9ccb90cd5a863f07fc1cc66fd207132f8d4074fda8ee6b474d1c4e1

                                SHA512

                                504f2489f145b503ab0c71cd8a9b1155809eccd555b8a182125d90d60a2b20f798084c379a2632176562ac3f2c8eddc5cf70b5a2cc1c6f56c2dba5e94e6d8413

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                e2c46f8cbb5580f34a25f7f0e07a9ec7

                                SHA1

                                c09b0f88d4898de9ebb8b8677089cfc60b624ed2

                                SHA256

                                eaf46338b5b6c52bad4aed0bbfaa9893714d6ced04a000957fb6887ca379c8f1

                                SHA512

                                9da06255274a6008a5056e2f67990e9394e9eb178c578554ea0ae76a9bfab54ad9eafdedda6846579bee2d875f0f6f41ec7afdece42661761c3183cb12befa71

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                8KB

                                MD5

                                7498edff820ca991360be33871ee31b0

                                SHA1

                                703077d72d59170fe06207dd27eefe6ee241769c

                                SHA256

                                31239f93b63b07ce9822db4d77c7fe3e984fc75ba997bd395a661b6bdb6c623a

                                SHA512

                                a07fa40c62ca054ad8f186ef5ca9356f45bf9500dd2ff2ea0c9161bcf328070598f7bf44382afa2d905ede0af7ceb90faf77815a62bc5180f0601813df4844a4

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2b24d19af12c35bd6492d700136303490aa63dc6\6f19bcd4-c95b-4870-a2e6-1b2be8a813c0\index-dir\the-real-index

                                Filesize

                                10KB

                                MD5

                                f52d7f1aae3162a5ad75343740cce9e2

                                SHA1

                                e2f7e347be01b78e17a1fcaeb2234fd3c4ed7b3a

                                SHA256

                                e3543183afe1ee3cc0c1dbac5cc6918e98a1584a4459bce108a08bbf2696501e

                                SHA512

                                362c8a3f7214f7b9cefa88812dc119aa2fcf1e4c8285c46989ee3380f18d796f1bace0543c3721bbff817817274a166b4cb4be42678f43f58b7bdccae4fd6434

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2b24d19af12c35bd6492d700136303490aa63dc6\6f19bcd4-c95b-4870-a2e6-1b2be8a813c0\index-dir\the-real-index~RFe580c7e.TMP

                                Filesize

                                48B

                                MD5

                                ed15e7f2f741d03cce42b9e9ba8df187

                                SHA1

                                6d6cfd1266efab3bc38fe530e05e40bc7acb48e3

                                SHA256

                                4d0e54bf1d2180f8bfa715971bd984878fa74b7015b4be53d04db189bd57f4e9

                                SHA512

                                39b9f3cb0eea0782245072933ebc36049ee05575b0c87e669a8441bba1e28d3f7daebda1c053c1281acad07ac4680bd43b35d44bc728caea595b91cd7e47c77f

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2b24d19af12c35bd6492d700136303490aa63dc6\index.txt

                                Filesize

                                163B

                                MD5

                                70ef1221b399271213b5569b75ba4ced

                                SHA1

                                fbf91be13385db71cf97e84afaf4cc6cbc57e6b3

                                SHA256

                                37589d465a9c8edab02075fd21a222baa1e478b131e17fe5820403cdd6883de0

                                SHA512

                                e49a1a11b59e3ef011a519beb90e37f59126933f981c5e1f29b751bea8b4cfdf1f03ce5d940fc768d2b5811620c9de2a27f8c7b1c5de381739728504449b4954

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2b24d19af12c35bd6492d700136303490aa63dc6\index.txt~RFe580cad.TMP

                                Filesize

                                167B

                                MD5

                                cf064015add40b8f4f228a676f50703d

                                SHA1

                                c0600b707ac3f162e7b494b3e0794de899b0bde9

                                SHA256

                                38a4e783936243cdfcadfc2f6177dd347acad9f9b3f39928e12fcdb3a425f91f

                                SHA512

                                f2bf28ab5186af90ee3fcf99a9f3d0a38c8e135c7227fab5ef23396be315d26e90ca7ce2bbb46e355f313e4cc5a4f48a657548a0e5b416c1aea578d3e2a39027

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                Filesize

                                96B

                                MD5

                                c08b990b5c9b169744c40b0d45a5c27d

                                SHA1

                                d715b2a279a421f08147f9181bd47881bd186d3d

                                SHA256

                                99f35f15d8f0b045431d0da8facd5bbaced8ef3c5f8d277173e6845132c45858

                                SHA512

                                9a93f89bf5fd09a8bca677ecae92c5061780c7e6fd1eb1ab37dd9627aba297c6129300bef90c8bccabf9b1d81db77329bed9026d116fe5e95ecb237fc2d1d842

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                131KB

                                MD5

                                bb0d8df6d3e776733e6d29c80541dc00

                                SHA1

                                193ed1f5a4dc0a6cabcce39d03690ec46a24e4cc

                                SHA256

                                91af011127ba0803a0ff52e4fda81a0bf77daa58b2b83b18619263c61a06d66b

                                SHA512

                                60dfbe95ada5cb1646eaa03f2630cf45918d311685974bf6f07ff48c71feec3982d07572be1fc07b970cc297b5aeb1a2b7dd709384dfdc1365a2fd06c10dfb05

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                132KB

                                MD5

                                b7edb738e213163679c439316abf0595

                                SHA1

                                66d9656b4446d494187970bf24d4c95cd9c1bccc

                                SHA256

                                aee036f1f4d296addf6c443ab759aea2d2d365e98d199929c916b85a6f400724

                                SHA512

                                036204cbcea6210726c2c9e0463f603dd03b07a90aa3fc02f7a7bb6f2775b2a154c2c54f9008c793f34fafba46daa2be4eae42d5447615515038ded5dafa9da1

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                152KB

                                MD5

                                30e487506f5418f409e4a7da811baa99

                                SHA1

                                9ca6732856a4092549d6df4eb6eeeb8d0bc6bf4c

                                SHA256

                                0417453b8ef4b4addfd0b387d54e11b89460008e0c5a97fe3be3226c55f74041

                                SHA512

                                3143b4eb69553934c2f232fcd54b6a94f957c75702964b769c046df41b28a851e198f18c2c712b5bdf0faf1332445d722d941c274190758c2358d005bf0b8a52

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                131KB

                                MD5

                                c71e4e096e9457130b4c2067978a1609

                                SHA1

                                c1ca39fc0d105534fd5f185dbd1f760d2fc58032

                                SHA256

                                461d37ed20572e78a48666a30820f329a16436b9ef5cbc8a07f98fcb98ac8f8f

                                SHA512

                                c9b5896bbad9c9d63fae4342086924b52278960a36c71343d65cb305c7da946ac4ccec8041ccdc7298c1a51be8c8bcfea9c35619b59e585860a356a40b1e57c1

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                Filesize

                                95KB

                                MD5

                                de342f5d93e3b2ae1b541899b3209ac1

                                SHA1

                                ff182350f3319081f8609808611e058a27312f4d

                                SHA256

                                f85f22bdef577b2321087d5b05307f60e9f00f9da73efba505ce1191fab36ebc

                                SHA512

                                e42767fb92d50d5ae6b610453fdb602f5697072f59e8392878d45c96cfdd17be72e86dd65817dfed4315a3ee71a97bd1d0099b65b7bc8c00c0b24920004ca1dd

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57def6.TMP

                                Filesize

                                92KB

                                MD5

                                a3d5acc6a992cec1c97ed3d397fa4056

                                SHA1

                                e0a3317044bcc7bae77d0e793268b7ccc076c775

                                SHA256

                                85a78ab371e5c9436b2fd8dff26426e1049878e9500b71510e2f3310f0e6c91d

                                SHA512

                                5d3979e1e8e1f9c50cfcae6354f2e6ffd2c1cda00dd0431f53f09788bdc1b20f1a6c409746f809e4d9b92fc7bea0c49529b07eaa0d3c981318e597fc3bbb4664

                              • \??\pipe\crashpad_740_LWEZPJPAOQIRXMOS

                                MD5

                                d41d8cd98f00b204e9800998ecf8427e

                                SHA1

                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                SHA256

                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                SHA512

                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e