Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-05-2024 01:25

General

  • Target

    https://link.elliottscotthr.com/api/redirect.me?track=d2c3582f-61b4-4656-b2d8-ed8ec48a6d13&url=mailto:[email protected]

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 52 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://link.elliottscotthr.com/api/redirect.me?track=d2c3582f-61b4-4656-b2d8-ed8ec48a6d13&url=mailto:[email protected]
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1212
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaef7eab58,0x7ffaef7eab68,0x7ffaef7eab78
      2⤵
        PID:3248
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=272 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:2
        2⤵
          PID:2732
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:8
          2⤵
            PID:5060
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:8
            2⤵
              PID:4244
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:1
              2⤵
                PID:3616
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:1
                2⤵
                  PID:1368
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:8
                  2⤵
                    PID:4568
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:8
                    2⤵
                      PID:4416
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4960 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:1
                      2⤵
                        PID:4496
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4988 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:1
                        2⤵
                          PID:4664
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5244 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:8
                          2⤵
                            PID:4220
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5380 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:8
                            2⤵
                              PID:4260
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:8
                              2⤵
                                PID:3624
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:8
                                2⤵
                                  PID:1456
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:8
                                  2⤵
                                    PID:3464
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5304 --field-trial-handle=1904,i,6060023194962953642,13117941916158021175,131072 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4040
                                • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                  1⤵
                                    PID:2300
                                  • C:\Windows\system32\OpenWith.exe
                                    C:\Windows\system32\OpenWith.exe -Embedding
                                    1⤵
                                    • Modifies registry class
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of SetWindowsHookEx
                                    PID:4248
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument mailto:[email protected]
                                      2⤵
                                        PID:1004
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaef7eab58,0x7ffaef7eab68,0x7ffaef7eab78
                                          3⤵
                                            PID:2684

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                        Filesize

                                        40B

                                        MD5

                                        772424160a740ab46f10d75ee3f72e87

                                        SHA1

                                        ce1d08ca4145f6a14ce3727642af5a997f73d1e5

                                        SHA256

                                        00ee43ab7fd127a5e0b86cb4db053f67544834eac165db5b54f4b1d406952b84

                                        SHA512

                                        920600c6e67f96b735a40de5e0c4bc1c585f49dc7e92bb07295bc0fed6b1ec3814f5813690d169d574b7184a6cad67cbf97718c224b0cd95cf7df239ab536d88

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        1KB

                                        MD5

                                        8882a615fff5d83ada2cda30ed73bd2f

                                        SHA1

                                        0eacbd79c3e66aaa27ee9c2e2b0b980a900d2a6f

                                        SHA256

                                        9f083c9af0f74bc147e74820fd7751bb072808f45428b2d06065801c34719e01

                                        SHA512

                                        e6fe8d4559a66b486c33b76cf7299966001e551731333262b15e36fc1b4c96f559e96aad8997466de97dea0d0de71932a28110d09bd3a83810d937e7e5dd0591

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        356B

                                        MD5

                                        c6ac6511d65064a7c32d4c133bae30ba

                                        SHA1

                                        bd7cf57d401b81fc81b4b00344494d684befc1db

                                        SHA256

                                        e3cebed989ff92ad066a86a290fff69ebb3d253b12914d513e2badd014b87404

                                        SHA512

                                        689004d7377ddb439fe331c405ea13e9e00ceec99881ded6fd401ca85dcc799428d8006b89f7f05f7943c91af5e8629ea28402373efbcb546e00acd579498bfe

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        7KB

                                        MD5

                                        f7278b3e0c7464633aedbbde72c14259

                                        SHA1

                                        34af7f24b9590b70a4cc1b79732d39fe5b7d9f14

                                        SHA256

                                        699f8e149cafcd72d25147052691e39ac3b66a7be7eda77396d3dc402503f6c2

                                        SHA512

                                        aa16c92b68a612c58917918994006f801d5b22fa811c6f39a5ea102e94eebf44f371da3d7d034fee5bab60cd0852317633e1e907351f9ac0c7488d8b07bbd707

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        7KB

                                        MD5

                                        0ae60d09136a48e80322000e1f84eb20

                                        SHA1

                                        13df2cce59677b4bf92dad5647e68f640b9e4456

                                        SHA256

                                        39f483d355692b637364ed67781b3240b700e0c000af3a00d9bdd85b96f93d30

                                        SHA512

                                        9e14356708a16bb1a6d0a3150f7283de0019deaa61934900c4efe35e7703968af2983c393f267afaa070880606c6ab2d25ec6d37825ffda032437b2299194137

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        131KB

                                        MD5

                                        f0c3f2d63c9d8e844340a8c76bb1c043

                                        SHA1

                                        256faabad49023aeddc484c3c2b8274d13d92181

                                        SHA256

                                        1ed98e59a6236d6abb89154397c537ed777eab1a941a96880e51f63d198989cb

                                        SHA512

                                        02df2be1aa8f5d3f32546c21353a4f8a9fc9ffd90ee24fd5c06c661d32d07cb0e9935ca0b11904ff71a2d1df0d24c4449d2fde4bdc9b6fad7807b271a5dbd495

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        132KB

                                        MD5

                                        359b67cd645f11452de9696c9625bb03

                                        SHA1

                                        e8faa37574d4dc279a0c111746cd78387114c96a

                                        SHA256

                                        dc0c48f98e4bbee8a9e869993f8a6d07782f8550a62ccf85c8ffc43e9eeef2de

                                        SHA512

                                        3097c554e4aedd2d1009c590e8fd614d72d115445ad22c0ad0f67a24d0ba5f4180d5135cd85a0c8d54beb1ea99aa02dd2b6ed47355bdec85be4464c55ff33826

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        131KB

                                        MD5

                                        398448af6d6cde36c81da20f62a65fc3

                                        SHA1

                                        4ace94835bfb9e2d922a361cb6612127273fd65f

                                        SHA256

                                        88cacc3cd5463138755e5beb7896e942573bedd7f5a660d807edd85f20cece6f

                                        SHA512

                                        4e740a364af4a50a730a359e8e1a81a27cb6d4f9933b4cb7855a9baf12928e99bbf4548a5317325b5c2d83606c445899685b603312cb314e29d0e93fa5cd5059

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        152KB

                                        MD5

                                        e885f10303ae2f5d0728d0c363dba108

                                        SHA1

                                        8adc042209332e81d5bdf36a19360acf24d1e0e3

                                        SHA256

                                        ce37e51f7ed6e0c2361c784c367152a9323c167bcfe0c7442cc7d9db65458955

                                        SHA512

                                        c12f2268d819662aff30ee921c06a621d24a4eb8243cf91b4b970563db7da78e6e0d4b4f35eaa51b8ff613117a2ef6b53f74f6ffd72713e68b90ec91eed08540

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        132KB

                                        MD5

                                        8b9fc1d1a23a2f7261be625b611dd027

                                        SHA1

                                        ff869f7d76dcbd2acb91630385ebda1b2093bfbf

                                        SHA256

                                        d1e10097b75e41345ce9f3f6ff98e4534cec04087d2c89e063ea351c676b92cb

                                        SHA512

                                        3c4e2b4bd38b8386d0b02b5925f5b13c2949d15860a72df5c36684945bf66953edcb065c9625953b6f76c4b2980ddd227046e4dbc71aa6526ad8c02af5dd717f

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                        Filesize

                                        99KB

                                        MD5

                                        e653094f39f4dc681380f42e0c125ed7

                                        SHA1

                                        8eec86248aa0320e7976f1cf4987dec2d3d1f6f4

                                        SHA256

                                        fe4d82cf86070891d347a9bff288e2826987d8472ee3ab2dde50d2d76d033e71

                                        SHA512

                                        e589ff63eb2a5bcbe57de31535e40fca43852cfeb39e862faac5b1e8adbf820d917ed926cf43becbe122302e3d9c674ce2cb80d8947bae90975b156d6542cd70

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5816b0.TMP

                                        Filesize

                                        96KB

                                        MD5

                                        f1d045e3005f5e943210270008bd5563

                                        SHA1

                                        9b80d9856efb0876242852cfb1302f0abfc85e79

                                        SHA256

                                        ed83ef13aef876cef0cf189795f20ab0dcdbabcd72063378e951933fd435850f

                                        SHA512

                                        0eb3c9ac408b4b16cab65f83b2404c8f808db7716fa3f3b604b20b9adbd669be8212ba51b68155f2fb9f5c72c981811645203f5021f5a63e19ec8e9e2a6cf235