Analysis

  • max time kernel
    149s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-06-2024 02:47

General

  • Target

    http://www.agora-mailing.com/clients/icsi/risk-management-covid-19-international-perspectives-on-the-safety-of-tomorrow/28070/[email protected]?lien=https://ceylininsaat.com.tr/supersend/nub/sxl5a7211zkab7icekzxglwh30gpbxsd6oytb5d2njaubnguokoexpvjucrbjlhr3qxk4br4a2dhzexe

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.agora-mailing.com/clients/icsi/risk-management-covid-19-international-perspectives-on-the-safety-of-tomorrow/28070/[email protected]?lien=https://ceylininsaat.com.tr/supersend/nub/sxl5a7211zkab7icekzxglwh30gpbxsd6oytb5d2njaubnguokoexpvjucrbjlhr3qxk4br4a2dhzexe
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4776
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb610fab58,0x7ffb610fab68,0x7ffb610fab78
      2⤵
        PID:184
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1968,i,566442243546638116,4766716074142813626,131072 /prefetch:2
        2⤵
          PID:4560
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1968,i,566442243546638116,4766716074142813626,131072 /prefetch:8
          2⤵
            PID:1020
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1968,i,566442243546638116,4766716074142813626,131072 /prefetch:8
            2⤵
              PID:920
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1968,i,566442243546638116,4766716074142813626,131072 /prefetch:1
              2⤵
                PID:4652
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2736 --field-trial-handle=1968,i,566442243546638116,4766716074142813626,131072 /prefetch:1
                2⤵
                  PID:4496
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4024 --field-trial-handle=1968,i,566442243546638116,4766716074142813626,131072 /prefetch:1
                  2⤵
                    PID:4624
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3300 --field-trial-handle=1968,i,566442243546638116,4766716074142813626,131072 /prefetch:1
                    2⤵
                      PID:3412
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1968,i,566442243546638116,4766716074142813626,131072 /prefetch:8
                      2⤵
                        PID:2100
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1968,i,566442243546638116,4766716074142813626,131072 /prefetch:8
                        2⤵
                          PID:4456
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2776 --field-trial-handle=1968,i,566442243546638116,4766716074142813626,131072 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2304
                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                        1⤵
                          PID:5112

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          432B

                          MD5

                          6720b2cf5f764a61a2f65901630c74a7

                          SHA1

                          59922faeda789116ef18a651e99b6f1e05c49c04

                          SHA256

                          850452fa30bca8170b430907aa03e89eb9782d73e95d890261aea5b31870195a

                          SHA512

                          605beaef98e24514946ec0ab8eb505f0b613a447ed2df96bae3530519635eba956e09909fb1d09d0f0058dc07a4a94b6ca0a4512649b3bb6865b64ec5613f76c

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_devicebind.ebay.com_0.indexeddb.leveldb\CURRENT

                          Filesize

                          16B

                          MD5

                          46295cac801e5d4857d09837238a6394

                          SHA1

                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                          SHA256

                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                          SHA512

                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_devicebind.ebay.com_0.indexeddb.leveldb\MANIFEST-000001

                          Filesize

                          23B

                          MD5

                          3fd11ff447c1ee23538dc4d9724427a3

                          SHA1

                          1335e6f71cc4e3cf7025233523b4760f8893e9c9

                          SHA256

                          720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                          SHA512

                          10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          3KB

                          MD5

                          b5456dcfa9048405707d1d076dfc64e5

                          SHA1

                          f2a147091a9589faf42210a867318187bde95400

                          SHA256

                          69d695a2ec1359a072b28434f8b2bcbaf25b55824447f181068853748d109565

                          SHA512

                          7ec9939b29002e9330f48e02eab682da7144903f78c8b5f197209beb92b6d1568416bbb6369ba491bfcc047acbf8b531ce346c8f471a5f0c23debac9755feaf8

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          3KB

                          MD5

                          3114fdd0cb45aa3f7c7d96c04564867a

                          SHA1

                          a59ee6f8505c3eb2e89c2809618ff6c7be5b67f3

                          SHA256

                          3e539e49c15ae3605cc23285cf8a762254ae722702a87712ded34d084160366e

                          SHA512

                          10b55751bd3b463ba3bd177ced00e65c13b909530e655c97e4806923c8cc7c4435ea47d33a061225d7da7e5e368a12c2ca4bbfa7077dd8e965d1d33cdc7254b8

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          1KB

                          MD5

                          4b548a8524a9947b8af3128e68d9b7e1

                          SHA1

                          59fc275db4aa146e67c7116523059294461e09c8

                          SHA256

                          a433041bc208649539e025ef20eb2982361fe78544cc53cb9e9cf5294ba7e211

                          SHA512

                          78a0e6408badaebc3b5ca7d20d866e4de851ba0711169d12352dd7a5c1f312a64fa2b2a191ee5615014b86cc14e44e490e8d17913e774f9a1611c6c2c65beddb

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                          Filesize

                          2B

                          MD5

                          d751713988987e9331980363e24189ce

                          SHA1

                          97d170e1550eee4afc0af065b78cda302a97674c

                          SHA256

                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                          SHA512

                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          1KB

                          MD5

                          97c6e018290b6f84d6ee85f2413b531e

                          SHA1

                          eedfeebb06356d36a620ae4cfb19ef5b150b9825

                          SHA256

                          27b98c8748d1ffb7fe817073de090ee4200ac97edb334cf5585748515358301c

                          SHA512

                          220fe887fa4ec880090b355eb0928589b4058825f895558d6930daacc40e30fe9ba1c96832ea7fad258fef557e4e8d9532c03990d1c7eaacf6d516661bdc8d5e

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          1KB

                          MD5

                          d1befc7af608ae0c046943b1c586999e

                          SHA1

                          0eee44859d96d203adf1bda9640ff6dda41ddd75

                          SHA256

                          dccea2a23227becc9018ba51d33ddb6b9e873e7e9ef3da8eda0abc6363af1919

                          SHA512

                          d99869e65c5617b3ed7c01ba0f02b24eabb53548b51001fe8ebe67d356e3b44ec9eeffb9ee68221d8b40472e5892ad1655707af8b97117acd90781847a4589f1

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          7KB

                          MD5

                          dc508a886471587b4a6af7153c2850ff

                          SHA1

                          763061ed0c1c11f6a0ab502af68a539df9a911eb

                          SHA256

                          fd6a8e5b3deb491e2556e3a21b72083d4b060143b7694728927e0feb008e9890

                          SHA512

                          2f67a6535e535f8846baf32fc8908a7a4fdef277d93dd4a1a801d2bda8e3b3235787ba544062afff61d506929148f08f4a8cc7635940401dbffc127efee3c7dc

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          255KB

                          MD5

                          3381bc86c79371e1bfa1f0b0cb77ccf6

                          SHA1

                          4eef8831ddc0e01592de0a632194933fc9ea909c

                          SHA256

                          b9ee57ba0497e11f4b6135b9c686f91d6887ae4aa611dae41269f3ebe1528123

                          SHA512

                          847bf2d0ea05de5575b2fbd2604f6be84b697ed978193bd47547ac6953ff0da6a5e243cf64350868c3d3fa14ee22415a41d84dd62de858734724e8d7e09865a6