Resubmissions

29-05-2024 04:12

240529-eskk7aah67 4

29-05-2024 04:11

240529-esae8aah58 1

Analysis

  • max time kernel
    570s
  • max time network
    530s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-05-2024 04:12

General

  • Target

    https://parrot.us12.list-manage.com/track/click?u=25e3b35d96b1b6ca501298fa7&id=9323fda720&e=dcfcee660a

Score
4/10

Malware Config

Signatures

  • Detected phishing page
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://parrot.us12.list-manage.com/track/click?u=25e3b35d96b1b6ca501298fa7&id=9323fda720&e=dcfcee660a
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9eb4ab58,0x7ffd9eb4ab68,0x7ffd9eb4ab78
      2⤵
        PID:1732
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1920,i,5413623574304897053,11757595974777243654,131072 /prefetch:2
        2⤵
          PID:3520
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1920,i,5413623574304897053,11757595974777243654,131072 /prefetch:8
          2⤵
            PID:4416
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1920,i,5413623574304897053,11757595974777243654,131072 /prefetch:8
            2⤵
              PID:4108
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1920,i,5413623574304897053,11757595974777243654,131072 /prefetch:1
              2⤵
                PID:3524
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1920,i,5413623574304897053,11757595974777243654,131072 /prefetch:1
                2⤵
                  PID:3024
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=1920,i,5413623574304897053,11757595974777243654,131072 /prefetch:1
                  2⤵
                    PID:4080
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4792 --field-trial-handle=1920,i,5413623574304897053,11757595974777243654,131072 /prefetch:1
                    2⤵
                      PID:1940
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=1920,i,5413623574304897053,11757595974777243654,131072 /prefetch:8
                      2⤵
                        PID:4540
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1920,i,5413623574304897053,11757595974777243654,131072 /prefetch:8
                        2⤵
                          PID:4624
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=740 --field-trial-handle=1920,i,5413623574304897053,11757595974777243654,131072 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2640
                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                        1⤵
                          PID:2408

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          744B

                          MD5

                          603f6797cb68b15bdfbd1662aa6b10ef

                          SHA1

                          e2df2e540d9d76c960752dd6c4982c59f4b65726

                          SHA256

                          dcff93cd183dd042ef73aec75717021477a1baf8edf47103f3a048ad97fb501e

                          SHA512

                          64651e8383acbc0eda45a6e4b7eb905cad07a48849e9e3e30bf0f2fa94d568bcdbb53bd8ba28be544a27cb03e4f9cfe7bb1754182cd5bfa2e947419b1dbc1852

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          3KB

                          MD5

                          bbb9dadaddf79cf6ae6d03bf9e3786cd

                          SHA1

                          a3cc220574b331f713ef9b324fae53aea2e933a3

                          SHA256

                          2fda4a31934ceb582b16355ed2115c78a5418f7439047502e085dac004926505

                          SHA512

                          8c1bf77314c74ad8a7b4b63c2ed4b22f5acf6edc88b2fb2a15c3d6518abdac03d97aea4f5f0cfd328c3a9e48fba07245a6c0198e8fd7252bdd8faca364d84aa7

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          1KB

                          MD5

                          785bd7533922c29f1439d5a7ebad1167

                          SHA1

                          c6a3eab9ce871d109720672f2ab6ebcba32217a1

                          SHA256

                          c599f917d9d476ecc29f1e72d2e71501ddfd7ca5607494c34648fcfbd7706edb

                          SHA512

                          984da6b3f5a8624afce0144eb6a246228676bb68cc760f9dd596e83a1097a10352ff284c155377394826d48828c22deb5a9a07c7d5c73a76a1ccda94531c6ae8

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          1KB

                          MD5

                          fa582b591ee2cb46df7e1fc509bb7b37

                          SHA1

                          aa7596ea3ad2998d729e2ed60f2fea022ce0cb8c

                          SHA256

                          e8dd843a44f4b415c1137c71ff7acc6df17ed091ac4953d105fe8f178fc867cf

                          SHA512

                          32ffa1a355712ee6cf3c177375d8f47e613d92446568f5fceaeda86344719bee7c999cc9861a1853f2ab4a09310697b71d45d160f5ee2e5c26eba9fe35ccd954

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          3KB

                          MD5

                          c0d96e2f21f8030ad0ca355fa8970ad1

                          SHA1

                          f66dd6e453195ca2c692e0f44abdfffb1e5d91d9

                          SHA256

                          d35a6d42b44d8203df4e5a7ab1de88fd0fec2971957f0ff63d94ebb5928e603e

                          SHA512

                          c34380d2d50ca45093810017d910d6837a211046acaa29d3f1d0aad8afc43e87d9ea70e33e8951e99ad75efe086439e37c62a0c532fc90d760e1781bddd61bd8

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          3KB

                          MD5

                          3f39b2369419bca858f042383d7fa6cf

                          SHA1

                          0092b28391fe22cb6385dc711dd1d88126614af7

                          SHA256

                          a4352eb057a9ae141926911f1f30d56a3e057449c931bea28bedadf3e7352ebe

                          SHA512

                          ebfb0396d24b538fe578feec03f4dfa001c6053acaf289c28bbdf386426fbeda41e2e86fb64534b1b1a76c363b050635f177dc4d0b8f81e37084964268ecf669

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                          Filesize

                          2B

                          MD5

                          d751713988987e9331980363e24189ce

                          SHA1

                          97d170e1550eee4afc0af065b78cda302a97674c

                          SHA256

                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                          SHA512

                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          854B

                          MD5

                          178530876938e84beb2985ef544b93fe

                          SHA1

                          0dc37fa48a6b9acf12216fd334115e3e0f8dcac9

                          SHA256

                          63290f7bd8bddd606474d8a96fdf4a8d0e2058f65ecdb80b27a0ddb5578dd58d

                          SHA512

                          ddabd0f94015f147a5109a68173efd35dfcfc898704b2ebbc848b73a8168e4871ab6afa0b5a12d6ee6298496099e9ee214198f78ef1f80dd2d4cea4b89f7132c

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          1KB

                          MD5

                          4d99d58b08541781c93dde831e3d4210

                          SHA1

                          ccdf2ced1e23edb3459f16043f07268daf6d2254

                          SHA256

                          bd3264294b0a4af7fc4ed320bedd9b774f86dee3e0a4623a182d4b4bd8b3a901

                          SHA512

                          0885d8592f2f17f0a06af88d27c439d315ea35845d2dba38f6f025efbb0ec7ae525cba66e12e649a879c3ffd9b8702eb65e9c0d07d72235d26f0af9239175c62

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          1022B

                          MD5

                          6b27d8a0915220bfa8271caf75bb9869

                          SHA1

                          c93481f1132a4e1f1f50c9a00349f820d84968d6

                          SHA256

                          5cb678f804f21137353f76cc83c18e5d6718c51f7b71d578d841682a2054cf55

                          SHA512

                          5cc6fd80841c19983b661252067fa1a9054636310778c0f295b175bb18438876b097f37e4dc991ee80c8039d846a9af86fb8f99f1ede72329e9aa94c43d22fef

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          1KB

                          MD5

                          b90b91831c717ddca2594b3e8bc0374b

                          SHA1

                          897bcae7ee7fcd7d8f0d36f8c98d0eeca394d087

                          SHA256

                          d3432db914358b9290003eee311698f9688aa17e96f1c463c46a94cb16a49a25

                          SHA512

                          3942d489dc5d65e79f095d9177f6e8f5c967327e51fdbc8457891c9bd5fa98613df577fadbd90b419f252d9d69d5c4546c0d126fffe7b3f482a1d89038316017

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          6KB

                          MD5

                          71bf967ed70429af4adff1a2a678e14a

                          SHA1

                          aef2b516c4de85c997aa719ae6fe4c51497e6e1b

                          SHA256

                          55ce9dec318f9ca7d884d6f6b5c9b93586f59a1e0219bf1c4f9036bb28827f14

                          SHA512

                          7afc803fa156c5011ec67b87b2b0544301f27b9a413ecc24ae58d396d08ee5b1af557e757460b69891c9e4ddf6509a8b4db0d167c95468ed6066ed38361657b9

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          130KB

                          MD5

                          31efe358132068b9a80a62cd1b3198e4

                          SHA1

                          8caa5f6872bc6b2df4e201dba758a43551cefee3

                          SHA256

                          c705b045208309aa0a30b77bd5f2a6224f2f6c31056b34008183d4b6967040eb

                          SHA512

                          b0a5dc71397a7cfc1b39f59bf2168b00453bfa3e1cd30c902a8fa35412470274c6e3928e7b7f70e9e70ced72feb089d5f98699c204d31a5f819519f238b0ef59