Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-06-2024 08:38

General

  • Target

    https://cromwellpaperplus.co.nz/zohoverify/first.html?email=c2thbWJoYW1wYXRpQGRlbG9pdHRlLmNvbQ==

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cromwellpaperplus.co.nz/zohoverify/first.html?email=c2thbWJoYW1wYXRpQGRlbG9pdHRlLmNvbQ==
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ad38ab58,0x7ff8ad38ab68,0x7ff8ad38ab78
      2⤵
        PID:712
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:2
        2⤵
          PID:4256
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:8
          2⤵
            PID:2460
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2100 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:8
            2⤵
              PID:3168
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:1
              2⤵
                PID:8
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:1
                2⤵
                  PID:3988
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:8
                  2⤵
                    PID:4104
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:8
                    2⤵
                      PID:3144
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:8
                      2⤵
                        PID:2656
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4076 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:1
                        2⤵
                          PID:1648
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4844 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:1
                          2⤵
                            PID:4456
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:8
                            2⤵
                              PID:544
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:8
                              2⤵
                                PID:3956
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:8
                                2⤵
                                  PID:3512
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4996 --field-trial-handle=1884,i,7460579867927938974,852868794540247106,131072 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1440
                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                1⤵
                                  PID:3972

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  96B

                                  MD5

                                  2a4e3d0554330af293fe957132174410

                                  SHA1

                                  4cf025ce996a0fe252e663789079e2a0c43803e1

                                  SHA256

                                  0570ea4c3ac4d4060f251bb3f58ec16cabb2a6ec4af46f9e946f2ab0fbaf76e8

                                  SHA512

                                  cf75e8a110c67c1180415a5606ae10ef2f04779e77e1350533c5b998f4873fc16b9b4dd7d09028f4c14a2f8d2b920d401bdab3961a0e5485c347c85cb56ae09e

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  67e32386ac0cba2423773acc6f0c784e

                                  SHA1

                                  f43326985f8d3fe03e5e628d2570f14d5b815e06

                                  SHA256

                                  3420c482b9a16940448134b953a99be84589c8634552301042a6a6bdf62546c5

                                  SHA512

                                  84e583b5accfc97769760a9862755727a0731d9f106334cdce9d4ec5ccc74e2c10cd483b32db69f1af107de86a3aaa0dd28564753fa2d5708015c04fcae26563

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  6e1a10119aa16b856fb72846e0c7e56f

                                  SHA1

                                  1dadbfe3f5b2096e496284ad97c859409fc87bd6

                                  SHA256

                                  02fd8e09c107b5acba8ab37ca1ec28211181b3c4aed744924bb375f2eb229dcd

                                  SHA512

                                  19f5c9ef69462c37fc4c5591e2bd2930caa32e246d5ec0fcbc9bed31abbe073583efecb4f81ba2d7644eeb86103012a4c7b55561a3bc24094c7a2d6957938d78

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  2KB

                                  MD5

                                  a9b9ac8937998e1aee82361a6f40d0ac

                                  SHA1

                                  b4a077dce1fb7e7f91e2929484a3545630cad6d7

                                  SHA256

                                  f999037e355858c14bc01a6ad87006d5f4449860744473c647b0816bfbc6d0c4

                                  SHA512

                                  0a1270dc6e286e839c5f21995abfbd9153c1215a2fee27a77f4ae0c72e9c1023c471373f014cb7c8d51e447835cb98b1ec28462eddfcbf6100cbf72c3b2249b7

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                  Filesize

                                  2B

                                  MD5

                                  d751713988987e9331980363e24189ce

                                  SHA1

                                  97d170e1550eee4afc0af065b78cda302a97674c

                                  SHA256

                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                  SHA512

                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  95bab886c5bff605e018442a67a7ea07

                                  SHA1

                                  f3c4eee9b4ec8cb13770c559a3c2327debe78b98

                                  SHA256

                                  3a07455e613cc15c160b64a7513bc047ec2c1739b0a9ddb70665d53ca7a8eb00

                                  SHA512

                                  955af48e5089e6a93b1dfe09f28b79c992627e50b6882464c7db20e888eda0160ca14d07f6fcbf29a01704e5edddb09e0c8bf92715df9fdd4b48627c68df4d6a

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  ed626a71581251a72736c67ed4510970

                                  SHA1

                                  f9b84b2b79d7284a011238c97e1bdd9a7c598520

                                  SHA256

                                  3ddffa286f04fa78e3b3928e6489324f4a82056d009b9cf1d38d4dd5ad8fcd44

                                  SHA512

                                  000c12fb8064c87ca58f239d8b78412b7259da94a268e342e800650fe846bd9dc5d5b244bbd57cfbd2e5a7a5fc47ba6847b1d92c85d1313d2be1afaceee20687

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  a4731acae54ab0e33b5603c8193de3d8

                                  SHA1

                                  805af96b3643d5ea62b7be1c51e1f4be8e3c8568

                                  SHA256

                                  9e397db9e89620b73929d41f708ade8a21a09430ce91d0e44dfe6d50b0f02fcb

                                  SHA512

                                  fa5e0cb64b71711e16c3f4331de264f8cc9c6c53fac20118fc6d51050f54f6088ccf0a3d256d83913ed0b9eeaf3846cc0be1c51a87d438ed9ed128e3f9316381

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  257KB

                                  MD5

                                  1fbbd6e756a8c590aee05d73bf6d03a4

                                  SHA1

                                  a3221ad7d3d8b50fbebea933273be2c84469fc79

                                  SHA256

                                  7bbaf0cb65c7a4d330d8239acd6f33d329e46256885b43600b347ade9ea029e9

                                  SHA512

                                  0ceb20ee18e0b7cca820bb4a6f4426329cde0318e1caf8b136c97ff3b8459c5207b6c4dc8037f282de5669d8867955f0973ba977e6385934892253fa3834d67f

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  257KB

                                  MD5

                                  ff7ecb06896d6726752909d8857ce481

                                  SHA1

                                  498ac67bd26880412d4e300e9d0094835bea21b1

                                  SHA256

                                  858f670de6ec190b9422da00c8be7caf4cd1794aaca9082598e51d377d18ef32

                                  SHA512

                                  02c05f38c0cd1816a77fc3c8b150446fb4c9cbe12d5d34365de5f0c2fe9f2ccf824e8b953e0bdb1bc3859b6b092e206c5dee7b4d187d9991765a547b57a9d0db

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  257KB

                                  MD5

                                  79c7931c123852ea7c47f6c7be0bba87

                                  SHA1

                                  afd9c520d1f0c4ae6cd5d8c1fef69cebb0664362

                                  SHA256

                                  53f9dbf4aadcf79a24fb873b1259f8f807971cecd73488f5eb0569897ee370fc

                                  SHA512

                                  d719c13a660c274ace4834ffaa58059146b7ba07db0f2e1d431cbb11868512425025be3c71161e91c24c9063191423331f7ed5ee7425da2d5d7cde225df482f5

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  292KB

                                  MD5

                                  78d49b95b2caaff222dfcbd70f47e37e

                                  SHA1

                                  65b6ea31cc27613e36e8ffb19ae930cbb7b9dbc1

                                  SHA256

                                  b557f6f4bb5082c446c21a13781bde88b0d25172e0ef201f7bdd00fc44209f82

                                  SHA512

                                  2e63d9fb5e7a99b8b26feda2c40357df88446ce51227d852a9bc83a87cc04acb7909dac7490376dcb1c4a82602693292b7e88efe75ff6f0c8ff3168a9087c657

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                  Filesize

                                  92KB

                                  MD5

                                  4d3d5e12433333e62c0b5d0e2d25f2ac

                                  SHA1

                                  98f9ee0a966c409ac70e02810c056d67e2b790fc

                                  SHA256

                                  e6ea7715db1ad7e0379c037de21129b6130b1c689f2020096e702f581825ba90

                                  SHA512

                                  b282a84baaf1d10401c32dc09c2470ab342209c26e342bb42089f41e8219d5af3c9e6953b8fbfd2add50667bedc26d63b73c4370ebbf21cc9500b4b7f62d31d5

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e167.TMP

                                  Filesize

                                  89KB

                                  MD5

                                  5f48047493ed2a00af3d9bf9ef8a4b08

                                  SHA1

                                  bc762db123fce6817837c370a473304948c4f93e

                                  SHA256

                                  2f2900bd48fd23e46fab0b84068d2ad4aeebf65f8eb97c9ab59b97f648374080

                                  SHA512

                                  e2b901f81b0d20f97daa32219297bb85e49f76f629e12bf7b36388db606084b9f787431a414b42cdb2cec88ce3a49304e16b3c35e18e5b897e2f922d006a4360

                                • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                  Filesize

                                  2B

                                  MD5

                                  f3b25701fe362ec84616a93a45ce9998

                                  SHA1

                                  d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                  SHA256

                                  b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                  SHA512

                                  98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                • \??\pipe\crashpad_1180_LCYNGDIOITESEOOU

                                  MD5

                                  d41d8cd98f00b204e9800998ecf8427e

                                  SHA1

                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                  SHA256

                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                  SHA512

                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e