hxxps://www[.]amazon[.]com/gp/r[.]html?C=23J4QFP74FONO&M=urn[:]rtn[:]msg[:]202406101648461a2c1da139d3445b9255913c6b50p0na&R=3LBXAPMGBOEZR&T=C&U=https%3A%2F%2Fwww[.]amazon[.]com%2Fg%2FDX3QB9Y2LEHQ9L%3Fref_%3Dpe_906650_284786740_TC0301BT&H=EES8BQSEJX9HOGZF2XMLLSN6YZEA&ref_=pe_906650_284786740_TC0301BT

Analysis

max time kernel
43s
max time network
29s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
10/06/2024, 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.amazon.com/gp/r.html?C=23J4QFP74FONO&M=urn:rtn:msg:202406101648461a2c1da139d3445b9255913c6b50p0na&R=3LBXAPMGBOEZR&T=C&U=https%3A%2F%2Fwww.amazon.com%2Fg%2FDX3QB9Y2LEHQ9L%3Fref_%3Dpe_906650_284786740_TC0301BT&H=EES8BQSEJX9HOGZF2XMLLSN6YZEA&ref_=pe_906650_284786740_TC0301BT

Score

5^/10

amazon phishing

Malware Config

Signatures

Detected potential entity reuse from brand amazon.
phishing amazon

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625146848876341"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 772	1308	chrome.exe	76
PID 1308 wrote to memory of 772	1308	chrome.exe	76
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 3936	1308	chrome.exe	77
PID 1308 wrote to memory of 664	1308	chrome.exe	78
PID 1308 wrote to memory of 664	1308	chrome.exe	78
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79
PID 1308 wrote to memory of 4140	1308	chrome.exe	79

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.amazon.com/gp/r.html?C=23J4QFP74FONO&M=urn:rtn:msg:202406101648461a2c1da139d3445b9255913c6b50p0na&R=3LBXAPMGBOEZR&T=C&U=https%3A%2F%2Fwww.amazon.com%2Fg%2FDX3QB9Y2LEHQ9L%3Fref_%3Dpe_906650_284786740_TC0301BT&H=EES8BQSEJX9HOGZF2XMLLSN6YZEA&ref_=pe_906650_284786740_TC0301BT
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd3d2fab58,0x7ffd3d2fab68,0x7ffd3d2fab78
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1820,i,5142725709424392495,6550448539703481196,131072 /prefetch:2
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1820,i,5142725709424392495,6550448539703481196,131072 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1820,i,5142725709424392495,6550448539703481196,131072 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1820,i,5142725709424392495,6550448539703481196,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1820,i,5142725709424392495,6550448539703481196,131072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1820,i,5142725709424392495,6550448539703481196,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=1820,i,5142725709424392495,6550448539703481196,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4508 --field-trial-handle=1820,i,5142725709424392495,6550448539703481196,131072 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4516 --field-trial-handle=1820,i,5142725709424392495,6550448539703481196,131072 /prefetch:1
  2⤵
  PID:1864

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
8ea5e2822e973481f247aa8edb7f8f2c

SHA1
40ca66ce8866d61c964b77d923fc93bdd7db1f3c

SHA256
8c33a8a5fbf78e11b3225f6dee340fd937a71ff1b0789119b13fdbfb6db2865c

SHA512
ef989c39781dfe2cab178eff09aa24255dc01a24c5934208ef3d2a279f27d175ef59212a47ae37967d0b85c0eebee0d5ae6b32f7a6ab36876dc0310a1a48d3c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
d870fcf60d8acab7472be307cfad58af

SHA1
fe969cf05e636d6cb1ea745becc148ef2fdc861b

SHA256
571928c20ceebbd116e618c2d632f6fb25a5cb45d0027f8a3dafd971cff8c2e0

SHA512
ebe8199a2ef10653db19c06fa518f306b9f76f1e845f6031f7a5aa5abe4ccf476e0c802d2aa4d91f83733550b2174d5ec4d769b058f5dcbca99609408b3ca2ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
2472ffbec881550485d4b8c995591663

SHA1
1712d16e18f1bca98bdd62ad64b5189ce5f773f9

SHA256
fe52461cb5dc69d746af75ce0f261c9e815c6da9c643e3938e04e762d8c4b345

SHA512
de73abb175c00fb5d5d6673a570cf9ab540602dab31c32ac64c1a5a6e07328793fdefc10f54dcc1ffc380e5429c40a3b8d8e040f0cf8e4e827f48f6dda985377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3acf7fee3bc346b2eed6ede76e558229

SHA1
564dbd18a6c9183173dba9c721fbe6b8446a34ee

SHA256
94ba04eea368c8ef06b86b50a1b554d2694c1961b4c11049933d5907e879560e

SHA512
a72d90289248b7899d56bf65acbbaa91aadc28627fdc022f2450dda795dc79a9be71e75a333b5bb5301db45577ed77d81b0043d205d0d9d2d78dd7969d8886d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a0468194a6bdef444dba1677bc398ad

SHA1
41f6c1113d18326a1efbd36cee7a2e65a2322cac

SHA256
1e72cb5f503a1fc5b6d67355e17125f6ec95ae5d239d9c3eb9df40a8a6e49b6a

SHA512
80ac7fb73811f90e88601fa0039abc6197ad1c07764d29f40ad3c20665a934acc7998a4f8e0d278e0e164dcd4dd20e94f60da2f807be2ebc88c3c0b2d92a9bc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
0e1c1a83bc7f9b356497290dab2d0dfc

SHA1
21df3ae7799a42acb39f3ce1791b7021aee5ecaa

SHA256
b9dc5bda95df8e7ff7f7c4e27fc620083d2e2674addab38c0be2982d92a443ee

SHA512
cc4d7baed6423c98997bae4de4948483bb4675cc4a52d6f76dd086ec028d8998e14a02b59177cf96ae8b4d3e9a9304e1e0de152dba241ea0bcbb18a16250de4b

Download Submit