Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
29-05-2024 08:49
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://googleweblight.com/i?u=https://newreceipt.standard.us-east-1.oortech.com/wolf.html?signature=48acb0891e79127b27f17d40ab1a451002ba668ede63caf73e658451ced911907811b0dc16947bdeb5baecc58ab388b2bf2175ce2798aa33e23bfdf12da4e4756b2622b88d82494c2d68e6aab3e6b662be17227904cce35a724392c783a77569&provider=1/#[email protected]
Resource
win11-20240508-en
General
-
Target
https://googleweblight.com/i?u=https://newreceipt.standard.us-east-1.oortech.com/wolf.html?signature=48acb0891e79127b27f17d40ab1a451002ba668ede63caf73e658451ced911907811b0dc16947bdeb5baecc58ab388b2bf2175ce2798aa33e23bfdf12da4e4756b2622b88d82494c2d68e6aab3e6b662be17227904cce35a724392c783a77569&provider=1/#[email protected]
Malware Config
Signatures
-
Detected phishing page
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614462211025638" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3484 chrome.exe 3484 chrome.exe 1412 chrome.exe 1412 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe Token: SeShutdownPrivilege 3484 chrome.exe Token: SeCreatePagefilePrivilege 3484 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe 3484 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3484 wrote to memory of 4284 3484 chrome.exe 81 PID 3484 wrote to memory of 4284 3484 chrome.exe 81 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 5040 3484 chrome.exe 82 PID 3484 wrote to memory of 2092 3484 chrome.exe 83 PID 3484 wrote to memory of 2092 3484 chrome.exe 83 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84 PID 3484 wrote to memory of 1384 3484 chrome.exe 84
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://googleweblight.com/i?u=https://newreceipt.standard.us-east-1.oortech.com/wolf.html?signature=48acb0891e79127b27f17d40ab1a451002ba668ede63caf73e658451ced911907811b0dc16947bdeb5baecc58ab388b2bf2175ce2798aa33e23bfdf12da4e4756b2622b88d82494c2d68e6aab3e6b662be17227904cce35a724392c783a77569&provider=1/#[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3484 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff86503ab58,0x7ff86503ab68,0x7ff86503ab782⤵PID:4284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1500 --field-trial-handle=1816,i,16549208409040292307,3644459229086796881,131072 /prefetch:22⤵PID:5040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1816,i,16549208409040292307,3644459229086796881,131072 /prefetch:82⤵PID:2092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2120 --field-trial-handle=1816,i,16549208409040292307,3644459229086796881,131072 /prefetch:82⤵PID:1384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1816,i,16549208409040292307,3644459229086796881,131072 /prefetch:12⤵PID:1364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1816,i,16549208409040292307,3644459229086796881,131072 /prefetch:12⤵PID:1536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3868 --field-trial-handle=1816,i,16549208409040292307,3644459229086796881,131072 /prefetch:12⤵PID:2496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 --field-trial-handle=1816,i,16549208409040292307,3644459229086796881,131072 /prefetch:82⤵PID:4680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1816,i,16549208409040292307,3644459229086796881,131072 /prefetch:82⤵PID:1368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1820 --field-trial-handle=1816,i,16549208409040292307,3644459229086796881,131072 /prefetch:12⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4172 --field-trial-handle=1816,i,16549208409040292307,3644459229086796881,131072 /prefetch:12⤵PID:3308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4492 --field-trial-handle=1816,i,16549208409040292307,3644459229086796881,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1412
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3232
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
129KB
MD57ae7d584dd6de3dd26a0ef64d3f19caf
SHA1fcd2634e47c1c03d840e9832632b29e3304d1bc2
SHA2569313207d43c219a97b2369d1173ef251081be8756b5e4054ee9fdecab13b2c9a
SHA512812b8e7b83711dd57ab3746520ee9f0b2bfd4165ecb9bd31c0a65d23541188297dc25271dd037027dc9bb37bd7618bfc0fc06fc64bc7e5f9606cb91d20e50b40
-
Filesize
168B
MD54c6bde66dc75cf7659777266a23834e7
SHA114780fc5a5e14946611ac6d31d97d72af65cabe5
SHA256b6c6784793005a2c6bb651e690d67873d9ae03ee10c295c47c375747cbce20a9
SHA51219d045ace0623dc9c8f0439a6bfcf2bccb0cc53c158b8f66339f08080dfd367c7734f7a67e1cd9cb2477580a6f910cfefddd82883966fc99764bfb15ab65f137
-
Filesize
192B
MD5e19599c44d8c906f588f79c15c28a9a9
SHA1bb350d673f029906b4d7587bc15201db6d30e405
SHA256c70b79502bad06e371ed9a187d5e93804953952864ad9079fe6a03f7d187814a
SHA512addcf66765c857d3dca97ebeacb37275e25eab3bed43abb82802ca51d24c6605a9f4ef637181394fbdc1ec188bbcacdfcb00a57f5caf1fb751fadab194e3928d
-
Filesize
3KB
MD55a96485de1d25dfb584fcf853a3a2e00
SHA19fa52f826496d59971f685e27c889b590be66995
SHA256e4a444fc8b543d0aad58b71f7036947528fa54aa73b54be2875d3620f4b59a9b
SHA51202d34a0ed6cebb60df3c88810ee46db4c851db9e714ca5ff80c99798a936945c32213956675a2a545c2d5ea38935c31b250cf3b0d6749fc760d9cbd551ddefc0
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1024B
MD507fe5a4285b3d40da1b49e65693cd57d
SHA17f965662eab0b91191d8f7d45c36c08caba21ae3
SHA256146d88a656b2f4b619f2629791510f903877876ebe1e488500a5b7f8ece33b54
SHA5126b6116224757c31747cef1cd58bd0ccbe2f6fbbf19aeb2800f14bd16c4b32539b6838bd7ca7247ccd27bfefc4d9ca71c085ae5be79693f04ad6f1e2634acdf0a
-
Filesize
1KB
MD517b5ae7085c0ba426105ba68aae879fe
SHA1528335b97be07710a2dde9c4dd01d1ba7796f6a4
SHA256c038044d8cbe807bbab1d41d030798d696ef168d084cbb3e704c6ebc8c252079
SHA512bc5ace161932f0173bd6209d8c53f48eb636258a193513b9106e7c319ea7c3f9046d2b4b4c371068207633330eed465ca4800b78bb4c77b9e32421b1a8d1023e
-
Filesize
7KB
MD5dcb11763c501b4c80aef4051f9170b4a
SHA16306fa12318a2af8d8097c31678b45a60f19a14a
SHA2568af46d2310d7bafbe66c1a1d35989a17648094d5e0e29e43bcfeae1b8b4344c1
SHA512f1ebd978d0b5b2d12a5296fbd40f7a8fb75fa35dd401cdee5d1a4c4297cd064f23892703cc0d65c7f08c29b22ceb70c4ad4348e99d7693ba4be53314f382d17e
-
Filesize
7KB
MD57063a14c3c83c5d4dda406a4571102a9
SHA107aa4f0856fc835ee0bc449a421a78410665c9ac
SHA256d8ec56b30d823064ffbd74e800a2409a0d1614ea97fd6928806e700e24d1d043
SHA51277933ece0a390e06636bebc60c4dc7f05b2323aa107ed08ae983183eb42970f42f28ee24e6441d516ceb299dd585add12530d27982a2b9b3b0484ec37d9e837b