hxxps://newsletter[.]openpermit[.]org/?erDVT4=mkt&2h!1xlGpGV/5R_J8ITM6TyCbcnVpLnNvdXNhQGthbnRhci5jb20=-11850-0[.]3[.]1[.]1-6601

Analysis

max time kernel
149s
max time network
142s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
28-05-2024 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://newsletter.openpermit.org/?erDVT4=mkt&2h!1xlGpGV/5R_J8ITM6TyCbcnVpLnNvdXNhQGthbnRhci5jb20=-11850-0.3.1.1-6601

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613752387298425"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe
2748	chrome.exe
2748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 4640	4748	chrome.exe	74
PID 4748 wrote to memory of 4640	4748	chrome.exe	74
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 3716	4748	chrome.exe	76
PID 4748 wrote to memory of 4360	4748	chrome.exe	77
PID 4748 wrote to memory of 4360	4748	chrome.exe	77
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78
PID 4748 wrote to memory of 4384	4748	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://newsletter.openpermit.org/?erDVT4=mkt&2h!1xlGpGV/5R_J8ITM6TyCbcnVpLnNvdXNhQGthbnRhci5jb20=-11850-0.3.1.1-6601
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x44,0xd8,0x7ffbc4c59758,0x7ffbc4c59768,0x7ffbc4c59778
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1716,i,462226614203224820,10564509039392752870,131072 /prefetch:2
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1716,i,462226614203224820,10564509039392752870,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1716,i,462226614203224820,10564509039392752870,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1716,i,462226614203224820,10564509039392752870,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1716,i,462226614203224820,10564509039392752870,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1716,i,462226614203224820,10564509039392752870,131072 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1716,i,462226614203224820,10564509039392752870,131072 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4560 --field-trial-handle=1716,i,462226614203224820,10564509039392752870,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
128cfcecb84c6fc0e799221712a2e2ba

SHA1
7b8ee0f5987adeea5676684bbd88c6c4454e2aaa

SHA256
799ecb2397e13e26bb1e610a3446163e4ac39f5ade4aec3ff43757094b99e1b8

SHA512
4ad7448ccf78d6a060d74eead8e230eb562d8ca68b1dd8e341085863ffce936ef8cf020378d8cc9437407504e91f61aadd3d0e40bd695789dac098953ff86692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1d0a52089166515ac62f8780205080c7

SHA1
48159c31f3aacfe6b515563fc2bdc0ec06cf2d1d

SHA256
b5e21f8e6863ef28a85c95bbb22db147c3c83be287c2151323cbce6e8617f720

SHA512
16f2d13a177a3bf7aad7bdebac34d4f9246d2ead4d39b583a933af3455749192b0925c9d28b47595de069a16531111e7f2f4275f3f72f6b72433b581c9dc1239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
9bc2370fd6bdcc768e2cc6de067f43ca

SHA1
0aaf9a626e030c6748005720dd5a2f45ae861d5a

SHA256
e20b47c3ea6eeb87f5b13281ca471cb468a45f19768d25f0915fb7ae3dcb4e04

SHA512
507005945fab5807dbbe7901e62392bf308cb1c1fa25aa1cba774b0f556ca334a20774ae8a599c0d8520c63b3c3cb21ada53f67cfd2ba90c62473aa2a27de9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
3f152c03fc354c1227da33ed120b91e3

SHA1
26e3fab100635bc281fa8a07d124a2e076c6890a

SHA256
f5ace9f0f20bfe20ad777a25d7d81385eb0769442ce16a6c729087f3ea477015

SHA512
577ff370c01354bc257809c56b66a786c944c0413cbdd8f759202d3bc09e495dd342624f07bc0c47b3db82f50e449cc3fc0d076b88f37a133210eed62ee2cd63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6dddabe6f3970529834efaee5e9a9c6e

SHA1
2df121b001e4408386f4abb3afeb56f8854a9df2

SHA256
aae9bf209990aa615ccbd58edb67979a428ca91eeeb9b2f8ec2c322d3e4de342

SHA512
449118f1a6490845eada594ff44838eb30b320b4cfbdefd20e92ccd992d372e3955e02d631bc72bee42c72870bc15ce015c1f84483175d3590cf55534ef92897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
07611cd7d966d0335bf8702361a92a0b

SHA1
186f908d7a1689e4eeb7c63919a3601dcb59961b

SHA256
a7805f202e00aee445b0dbe51effae1e1905ee36b8e85aceafc809577c6d988f

SHA512
f4305f7abc2b9093ec7fdc8481beff2217f51335a84c845e5c27531b2e698c6a027d3f2f09d55b26c1570698c5ef440f9c69d3ce4d99ae163e8ec51a86ae2fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
14dc51eaf9447291cd0c6ce2fc89aaf7

SHA1
5c8cdbd4ca88c9b8115f1909f680bdce20430b25

SHA256
0b5851370b8ed2b76c3925efa6b507d9e80961157739082668ccc02e89b79013

SHA512
066c9448ecbe5eff9378c5a3a0179ce97d816c72614551b186282a62bf168a8e364121784a6c5f5b190672b89cad2154b13bb30969a8f43b917408124cab0648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
7c4882137b86ebc96dbbc9d11b24be82

SHA1
bb94c7d8c7ce70775e257586aa01d7f609b744b0

SHA256
8dd7fca8bef1bea20dce77af9f86f45d286bdccf0d9d3ab3f0ea32fc5b52cbcb

SHA512
537bbf91df8d312c6119d3bb7fa90c701b8ce59b1300f9ac39ea6dc130a436ec891335845ba41cb9cf39bd37f4524793c127b047a1d54cb7176193de11d54ed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit