Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 07:34

General

  • Target

    https://jenniferbrownconsulting.lt.acemlnb.com/Prod/link-tracker?notrack=1&notrack=1&redirectUrl=aHR0cHMlM0ElMkYlMkZ3d3cuYW1hem9uLmNvbSUyRkluY2x1c2lvbi1EaXZlcnNpdHktV29ya3BsYWNlLVdpbGwtQ2hhbmdlJTJGZHAlMkYxOTQ2Mzg0MDk3JTJGcmVmJTNEdG1tX3BhcF9zd2F0Y2hfMCUzRl9lbmNvZGluZyUzRFVURjglMjZxaWQlM0QlMjZzciUzRCUyNnV0bV9zb3VyY2UlM0RBY3RpdmVDYW1wYWlnbiUyNnV0bV9tZWRpdW0lM0RlbWFpbCUyNnV0bV9jb250ZW50JTNET3VyJTJCQ29tbXVuaXR5JTJCQ2FsbHMlMkJSZXR1cm4lMkJUb21vcnJvdyUyNTJDJTJCVGh1cnNkYXklMjUyQyUyQkZlYXR1cmluZyUyQkNBTCUyQkZJUkUlMjZ1dG1fY2FtcGFpZ24lM0RDb21tdW5pdHklMkJDYWxsJTJCUmVtaW5kZXIlMkIyJTI1MkYxNyUyNTJGMjAyMg%3D%3D&sig=FcdRkqtV63eW6Muvz78X6Synh44M7V8hqhruar3SMMw&iat=1647441228&a=%7C%7C66406802%7C%7C&account=jenniferbrownconsulting.activehosted.com&email=LRRV6glqIfcVPcYsJBrMHi%2FZD%2BmsUFpJrc5fHf6IoVE%3D&s=bad97c655476f96a390a72c05a742011&i=562A822A24A6141&utm_source=hs_email&utm_medium=email&_hsenc=p2ANqtz-8a9pt4WRMGzLmExAyHPkOR09vMrgrzh7KK6sbwtG-0dTz71uH9nk3acRx2VcxsnQ6NXWTi

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://jenniferbrownconsulting.lt.acemlnb.com/Prod/link-tracker?notrack=1&notrack=1&redirectUrl=aHR0cHMlM0ElMkYlMkZ3d3cuYW1hem9uLmNvbSUyRkluY2x1c2lvbi1EaXZlcnNpdHktV29ya3BsYWNlLVdpbGwtQ2hhbmdlJTJGZHAlMkYxOTQ2Mzg0MDk3JTJGcmVmJTNEdG1tX3BhcF9zd2F0Y2hfMCUzRl9lbmNvZGluZyUzRFVURjglMjZxaWQlM0QlMjZzciUzRCUyNnV0bV9zb3VyY2UlM0RBY3RpdmVDYW1wYWlnbiUyNnV0bV9tZWRpdW0lM0RlbWFpbCUyNnV0bV9jb250ZW50JTNET3VyJTJCQ29tbXVuaXR5JTJCQ2FsbHMlMkJSZXR1cm4lMkJUb21vcnJvdyUyNTJDJTJCVGh1cnNkYXklMjUyQyUyQkZlYXR1cmluZyUyQkNBTCUyQkZJUkUlMjZ1dG1fY2FtcGFpZ24lM0RDb21tdW5pdHklMkJDYWxsJTJCUmVtaW5kZXIlMkIyJTI1MkYxNyUyNTJGMjAyMg%3D%3D&sig=FcdRkqtV63eW6Muvz78X6Synh44M7V8hqhruar3SMMw&iat=1647441228&a=%7C%7C66406802%7C%7C&account=jenniferbrownconsulting.activehosted.com&email=LRRV6glqIfcVPcYsJBrMHi%2FZD%2BmsUFpJrc5fHf6IoVE%3D&s=bad97c655476f96a390a72c05a742011&i=562A822A24A6141&utm_source=hs_email&utm_medium=email&_hsenc=p2ANqtz-8a9pt4WRMGzLmExAyHPkOR09vMrgrzh7KK6sbwtG-0dTz71uH9nk3acRx2VcxsnQ6NXWTi
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb9edab58,0x7ffdb9edab68,0x7ffdb9edab78
      2⤵
        PID:3152
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1000 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:2
        2⤵
          PID:4232
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:8
          2⤵
            PID:3784
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:8
            2⤵
              PID:2700
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:1
              2⤵
                PID:1896
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:1
                2⤵
                  PID:2292
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:1
                  2⤵
                    PID:388
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4680 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:1
                    2⤵
                      PID:2288
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4840 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:1
                      2⤵
                        PID:680
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:8
                        2⤵
                          PID:3788
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:8
                          2⤵
                            PID:2220
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2548 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5008
                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                          1⤵
                            PID:4508

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            1KB

                            MD5

                            89562b3717a125d8a30d3a6c861deae6

                            SHA1

                            cb1e4713c83e7ffd0c8eff80b90b57e9c6e58c51

                            SHA256

                            ef09b150728777a5c2244116d500726f89c92da9bc32dc9284c1f562b9258d1d

                            SHA512

                            d1e5c66bb9b3068aaba61a22714c494c64e0339ef9e7975e2e1f3f005d329b6e62072d5fa790f2d75daad8ac5f61d69422e3b5c3197748fb104391538f5424f0

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            6KB

                            MD5

                            3983009d17b6775882e856c5b3776056

                            SHA1

                            98e43a85d9cc750c49bd7a11620a476f2862d626

                            SHA256

                            837b164976d7ff8b5b1b4921ca7a9c59ba97ddc0033cc6be1d1ae1f74e65486a

                            SHA512

                            0a2d35a2a18a34d81908455689927f3fcde6e13ef5162d5fa1a2cbc547aa37b5b5e9d055101d42aa4b601b4d272d59839c3d7c68a804effdc93176c3661912a5

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                            Filesize

                            2B

                            MD5

                            d751713988987e9331980363e24189ce

                            SHA1

                            97d170e1550eee4afc0af065b78cda302a97674c

                            SHA256

                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                            SHA512

                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            3KB

                            MD5

                            f5a65c039bdc13d0875226c3f7190890

                            SHA1

                            f0b47373aa7c934557e6098dd2199417c3e19fe0

                            SHA256

                            3b68d146276582ccc5dcf57ef4139d3ba5fa2357b65d837242a2e67b67926b52

                            SHA512

                            7d61280b2ed819a37ccace1fb5b685eb495d76c6e29218af78306ac1ef730c60bed71c1c085a78a86554429cbc8a5b89541761a50eafd7beb8a5bafa8a2784ec

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            3KB

                            MD5

                            7ae0c7007dc9c2e4dab465aa082f2fb3

                            SHA1

                            d7c2725e55a18adff6ffbaa46d046e29a2ebab5b

                            SHA256

                            3a460de6cdb15f0ff57fb77c04989223d320f4a34c228f619f98a717ff9c41d2

                            SHA512

                            ab77880fe20974df1d5d32171cedf99c8aad0e2a32b08229d7061cdeed7c689251af2a6e7746b85a0b1a36630feb609dbab9932118e78534c723f8041f7bedc4

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            3KB

                            MD5

                            1e24f3e80e2d86e7c5d57ca76fe2a359

                            SHA1

                            0fefee7ab7252a25f0d74f5a744e994d501c7b9f

                            SHA256

                            ec8c964f692bc809032987e7014928cc7c0be03ff3085d4a3764564bea9520be

                            SHA512

                            4c5c32657c43ddd86531f068feae7288fed5684108588500f2bc298f773398da2140a5722b3124bfa791f67f3d612a4efe57ef9482d0b547a47e378cd88cfedb

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            3KB

                            MD5

                            6811de2e5ccbeb7a05b7ad8bc32cfc23

                            SHA1

                            fe1faae92648cacfd728444cba7d2258039b92ea

                            SHA256

                            90def8c68a5d1665184515dbdfae4dbde31c64853e3c4c3c41bbc8cfd760aa2f

                            SHA512

                            a06ffc36494319a70417507fcb9f83f13eeaf9d5aceee405a9ed222a1f6a18ab3bce62e1db140b9f10d52977e060c3ff6023dea91e28ef1a14a5569c5f60c1b3

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            3KB

                            MD5

                            07f115adb791ceb37397ea7b78ead162

                            SHA1

                            ef1949cec8e423c531bcc072949344acc5dc30f3

                            SHA256

                            c8caa78168ce4cb721ed8c0b7d47d0aa20f0886c4cda9c63282776fe315e2cf1

                            SHA512

                            36693e6239716becd2b26b733d2437686b562d7799e15267d1b23fcfc9080ea0b6aa35d7c709a0b2d577eee6c7a0ec470eee402f0a279f1b0da2fa61af917cda

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            3KB

                            MD5

                            e617a5c0e4d7c5ca2133ee00cc53524f

                            SHA1

                            6f19fe4f7709b0d61076de5bd01d214c144530c0

                            SHA256

                            517bf55ea0482a21ed656aeb417d4da7009d41cba5e47a58b07f9b588c5af517

                            SHA512

                            206042b368ad6076a7f2c6a9a8b36a6a2b754e61ff8fadfb8305ae84d2a64d68fd36b4a12cb0c8ff2832e7af40d0b695f33ddf463b878ef5a0a02deed0301b38

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            3KB

                            MD5

                            a97467354dec1c5a2872c14a9b0cf56a

                            SHA1

                            26cd2cdf55cc43cfcf012112788147354255f280

                            SHA256

                            2b60bfedc5b9dde438d21791dd7f7091ce357d32f914f22a9e33bcbc81ef45a3

                            SHA512

                            30b2d1e81de36fb737adb5add5169ae7bc2d28a87c3fbdcf030015f1cb45f9e66e78ab9c2e6e2916f37df051250f11f1286130575555f73ec64596c1470c6a4e

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            9b0f7dd92f3d3721e04dc54e3f2946cf

                            SHA1

                            ca563cfae5bd510fe03e7d70b4a507bde46deade

                            SHA256

                            26e55e1c36aa83564216435eec357abbfa4d41944c8f980dfa1869b42efd42c5

                            SHA512

                            02cdd1061ecd9cad73c6f29b22687600b9f1526394cb3437489e64b5aa87992e42decb4be3131e6f709d4f3907903e2abc38091e293c1f14ff772ac9621d924e

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                            Filesize

                            96B

                            MD5

                            7b53874c820c377991fbe4c5f9fbe79e

                            SHA1

                            867e26c755396334f788bb6757efd26cf7b3950e

                            SHA256

                            48568882f0afbac8706f27d959b0e5c0aa45eba48ba69922f085e64aa93b92ba

                            SHA512

                            319f7bf43a852922b8663541573717cef3e25c220e2904c92d743dadef52939cf439aeab72585942aa591a47b70780ef186e9d38eb62721ffcf6f8fc380dc7fe

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            138KB

                            MD5

                            e5051583caca1832f85a99f144e1e34d

                            SHA1

                            780898e7bad3b602ab8e003ccb2e6396eb303506

                            SHA256

                            fb308411207493c808a77aa9d48df42e55527b825bafb9a4253bdc91fb5c7f1f

                            SHA512

                            df6d91f24deb77c8704f0b82f396b75ed6b4bd384de13ed370ae7d4597f33aec459b3dafcf6839719e5a906b22bb27ec6b281533d98fdc6294b17ffeb71418fc