Overview
overview
5Static
static
43b891f662d...02.eml
windows7-x64
53b891f662d...02.eml
windows10-2004-x64
3attachment-2.eml
windows7-x64
5attachment-2.eml
windows10-2004-x64
3Goncalo Ma...38.pdf
windows7-x64
1Goncalo Ma...38.pdf
windows10-2004-x64
1email-html-2.html
windows7-x64
1email-html-2.html
windows10-2004-x64
1email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1Analysis
-
max time kernel
119s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 06:10
Behavioral task
behavioral1
Sample
3b891f662d3794ffa1d8e08dc923f787dlancecitydadsgro_1728683402.eml
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3b891f662d3794ffa1d8e08dc923f787dlancecitydadsgro_1728683402.eml
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
attachment-2.eml
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
attachment-2.eml
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Goncalo Marques_Transcripts7038.pdf
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
Goncalo Marques_Transcripts7038.pdf
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
email-html-2.html
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
email-html-2.html
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
email-plain-1.txt
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
email-plain-1.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
email-plain-1.txt
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
email-plain-1.txt
Resource
win10v2004-20240508-en
General
-
Target
email-html-2.html
-
Size
102KB
-
MD5
f9230e2fdbd8efddec09c06b150e9d68
-
SHA1
1f8b94a400e9ab31ee2222f6c94a7ae0b5e66539
-
SHA256
6e95846b91d7a185971cfdd9ebc273224464d2dcac40e003f7fb12fb725a6af3
-
SHA512
c4cba9842be9080c0739698acdeb54e673ece29363d8431171163343a9c60a950c973bc91281669eaa3b9d93291a9a15503e43a943711453aec05045eff241fd
-
SSDEEP
3072:4tgsQ8+lFHTF9GHwQc0HvUoreZtH/tU4O:4tzQFfzfMzvmzq4O
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636831260843354" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 4568 chrome.exe 4568 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 4568 chrome.exe 4568 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe Token: SeShutdownPrivilege 4568 chrome.exe Token: SeCreatePagefilePrivilege 4568 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe 4568 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4568 wrote to memory of 1580 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 1580 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2112 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2612 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 2612 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe PID 4568 wrote to memory of 3944 4568 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca75ab58,0x7fffca75ab68,0x7fffca75ab782⤵PID:1580
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1828,i,1662900208317896252,16984014417556093446,131072 /prefetch:22⤵PID:2112
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1828,i,1662900208317896252,16984014417556093446,131072 /prefetch:82⤵PID:2612
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1828,i,1662900208317896252,16984014417556093446,131072 /prefetch:82⤵PID:3944
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1828,i,1662900208317896252,16984014417556093446,131072 /prefetch:12⤵PID:4460
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1828,i,1662900208317896252,16984014417556093446,131072 /prefetch:12⤵PID:1772
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 --field-trial-handle=1828,i,1662900208317896252,16984014417556093446,131072 /prefetch:82⤵PID:3432
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1828,i,1662900208317896252,16984014417556093446,131072 /prefetch:82⤵PID:5048
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1944
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
6KB
MD5ec90361aa17c445e2618f982ff1e5dda
SHA1ee1c3b7da21264b12335095930d7d40491f3f5ed
SHA2561cd2c87b331cd86d545eb89f6e6eb6e8780a9b3b95c396f305df667f963158b1
SHA51250db2cb6a03017c940288b2f0a95156f6f7c4103990e1e9012ad95d51ab1dcdc2703644f6e815f5215adc9d0e618cd4f52a0a7b02aeb054694d6afe8175dbf68
-
Filesize
138KB
MD5fb4fcbdf4081739c3d082f70858e89a0
SHA13bb886b74a5755e8bdeeb4ffd4154856da2285b3
SHA2562f8779adf4e80397faa8b6b8b1ee44a5fa178e63ee60a600b01714e714d48c1d
SHA512740d36aa7e05d84dda271b7e60f64a6285241a268017cdd84bc36a1745e6c5d4d0bcd8af79444a1de0fdc70f14cc325a93078b4e98f8097526818ca4c33b0a01
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e