hxxp://windows[.]com

Analysis

max time kernel
287s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://windows.com

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628596622139328"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2456 chrome.exe
2456 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

2456 chrome.exe
2456 chrome.exe
2456 chrome.exe
2456 chrome.exe
2456 chrome.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2456 wrote to memory of 376	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 376	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 536	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 4772	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 4772	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe
PID 2456 wrote to memory of 2500	2456	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://windows.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb8e0ab58,0x7ffcb8e0ab68,0x7ffcb8e0ab78
2⤵
PID:376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1856,i,13475384118942161350,18341861374957116736,131072 /prefetch:2
2⤵
PID:536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1856,i,13475384118942161350,18341861374957116736,131072 /prefetch:8
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1856,i,13475384118942161350,18341861374957116736,131072 /prefetch:8
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1856,i,13475384118942161350,18341861374957116736,131072 /prefetch:1
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1856,i,13475384118942161350,18341861374957116736,131072 /prefetch:1
2⤵
PID:1360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=1856,i,13475384118942161350,18341861374957116736,131072 /prefetch:1
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4764 --field-trial-handle=1856,i,13475384118942161350,18341861374957116736,131072 /prefetch:1
2⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4964 --field-trial-handle=1856,i,13475384118942161350,18341861374957116736,131072 /prefetch:1
2⤵
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1856,i,13475384118942161350,18341861374957116736,131072 /prefetch:8
2⤵
PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1856,i,13475384118942161350,18341861374957116736,131072 /prefetch:8
2⤵
PID:1936

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4556,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:8
1⤵
PID:5292

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5568

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
624B

MD5
4b31caa6f07d427620f50632cb2c2b00

SHA1
b63bb68ad4dab194be3ab9efbd2455b751fe4b29

SHA256
f3f3ffce6ae11d2da323c11d7d1c98996b8206f6bcc10053660e1ab6e1ca8d11

SHA512
c81b1603707eb107b8e8484dbc55d8560c0d033825ac1288885d7b238345931a8fa751a32a8d43cd66700e77fccb57a39d2749599910d2c628c0b114f3d220f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
3de53a401cf8f25351c2c3b8e8156406

SHA1
5fba6bf5c337c04f4e239e65d4bf6b34bc6a1460

SHA256
a5a572ef5219f8eab32222da4f75114daf2fcefa210a7621e744291501581b19

SHA512
84d3e3fd5369ffa39c74ca7074f64c33b1de7bd401b607a3d20590f778e9e8f8e3a8cd8073792a442f9cd08f09dc32eb3b6e90270433644d1f2a9266e7c5697f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
40b73ab6bc8f6a17e18dbe6e9c7e1a47

SHA1
7a8a310870c2dfb9b26387b23119e2f01f3c8802

SHA256
4bdd6da3c1c6abb6ccdde503550846802b2eb9ea505ac6475a5c1193ac4bc387

SHA512
73b9c5622ffe034f221cbe95699e859d96ff3034e81c87e8bf5286070437369c2a2fee65599e92929ca63ab797a4b253a2bc7448f3a7a6c755e8979157dda260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
0f84f50d81d20cf52296cca5ea2288b7

SHA1
8dbe88112d69e5bfc145ca17756d604855c9a5e3

SHA256
4bc65e69674940297d643a7ad23416306bd2d10ea5f9c512e89b895f6a4b83dc

SHA512
22ead0e63be4e543eab6df32706121212b7c815aae4f02f052a21e910e6915a0068336eef751724d64e3623b4ab21ad43f2f94e78f89fa9734a81bfef1eaa402

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b19701ac131f76002a04cdacf14d7d77

SHA1
1a1e7a1a5030ea5751aa72faaeccb3fed9195212

SHA256
2b387b6987af68719b0f8eefc2ad3bd00f4119e5542afa75d83ef662df54f424

SHA512
a4a6e3bed36341f45fbef7240fe2356293d8630e517862e9a27dc617cd78b74cdf98bdb1cf66c1eb5c8771cc51f34cbdd5192b4404536c08bafec6dae7ea3cb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
952c8bdd3b90c1ab92534de96132dc7a

SHA1
029ec985247ff3f7cb0f291d9aa787f415666ed5

SHA256
6fbbd0f19e7104d66374903e47c68a6eed85bc2391b5b3bfc73d3459c248ff69

SHA512
ee2c02cbd02d009a4a3c864ec3fb231e9698a32a0fd0036887f8e3e378cb779294d5ccb1c03cc3b5f9fc7dcb88f0e6bd42bbde0ea646f0a80bf495d38220484d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
f3b5e77b7c14eb288b5355b17f121d7a

SHA1
ea6247a79df15514ef3ac9e2910f8e8878fc7140

SHA256
fd512b0cdfc3cf1ff75caad46a33a73b4e35a3576299074c29746a5901753d68

SHA512
1b304f82283a184ce1f6664804f1c787ca486a219de3747e4f61d18083207e86ebe6dc25e06dc94c3399db6ae39a49ed1a311207003fac47d8cd3143b34691cb

Download Submit
\??\pipe\crashpad_2456_IDTIKZAPMDPDSUDB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit