Overview
overview
5Static
static
4External ...18.eml
windows7-x64
5External ...18.eml
windows10-2004-x64
3FZDVFGZE.jpg
windows7-x64
3FZDVFGZE.jpg
windows10-2004-x64
3RingCentra...il.pdf
windows7-x64
1RingCentra...il.pdf
windows10-2004-x64
1email-html-2.html
windows7-x64
1email-html-2.html
windows10-2004-x64
1email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 11:31
Behavioral task
behavioral1
Sample
External A New Audio VN available from Matthew _2112779118.eml
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
External A New Audio VN available from Matthew _2112779118.eml
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
FZDVFGZE.jpg
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
FZDVFGZE.jpg
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
RingCentral_e-Voicemail.pdf
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
RingCentral_e-Voicemail.pdf
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
email-html-2.html
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
email-html-2.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
email-plain-1.txt
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
email-plain-1.txt
Resource
win10v2004-20240611-en
General
-
Target
email-html-2.html
-
Size
1KB
-
MD5
8b4762e2199561c6c406bd317c808f7c
-
SHA1
36260f54f4372a2e07d58a7e007e6dd4c6df45c7
-
SHA256
09673e25489118c4a1fcbb3940224617cbb0f58a48d10e60cf4bb04c5d2119be
-
SHA512
637f57918484c3ff3e8cb482245bbde6612ec6b7ca64dd2ea195b8f2fbcf089cdf28d4b81e7a67ba432a188b3a2dbc2ce39b18bc6f280f6e2129a2f3e6e9648c
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637023251818941" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 1436 chrome.exe 1436 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 1436 chrome.exe 1436 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe Token: SeShutdownPrivilege 1436 chrome.exe Token: SeCreatePagefilePrivilege 1436 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe 1436 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 1436 wrote to memory of 1668 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 1668 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 3372 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 788 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 788 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe PID 1436 wrote to memory of 4068 1436 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee7ce9758,0x7ffee7ce9768,0x7ffee7ce97782⤵PID:1668
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1880,i,8401010653269518684,4884310812029170602,131072 /prefetch:22⤵PID:3372
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1880,i,8401010653269518684,4884310812029170602,131072 /prefetch:82⤵PID:788
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1880,i,8401010653269518684,4884310812029170602,131072 /prefetch:82⤵PID:4068
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1880,i,8401010653269518684,4884310812029170602,131072 /prefetch:12⤵PID:4468
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3240 --field-trial-handle=1880,i,8401010653269518684,4884310812029170602,131072 /prefetch:12⤵PID:2680
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1880,i,8401010653269518684,4884310812029170602,131072 /prefetch:82⤵PID:2124
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1880,i,8401010653269518684,4884310812029170602,131072 /prefetch:82⤵PID:4996
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3696 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:81⤵PID:404
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5fdd1d5d2f1588d04627408d1d5fd93c4
SHA175a0c2dfeb5e0ab7a7491f4f13e32fac4fbffdd1
SHA256c9a1185b10515e67f3c950d9a7d2d582e22800d9edf68b0780b8aea39867df2e
SHA51230ee1b9bb3dab14af03f35473f6891026fc021dffd7edf85620e825abab84474af176d5a1c3f7a1d3e14ea8b5b79d1e786cfcc8251df962da6dcf7d637e83312
-
Filesize
5KB
MD5321af73ec223f7341a2838ff0ac89528
SHA11bb08633382a31adf84540eacb7851978a525c35
SHA256e2c972629b5a096da3bbf8b7b3f99ecb908787d239cb490c0ba0f6cfcb3b1477
SHA512f2f52d8ed8b2563205dd0d8b7039a812ccf467d8567e3937b7aa38fbf856f13d27f5b6ac277aa4c28541fb08262aaac60edacffe95106639cca6e255252332bd
-
Filesize
5KB
MD5d3a483efb866e31ebb9a8a8a20e3990a
SHA1a6a4c2e05b4bca7da898b2950aa13a3aa91566d5
SHA2562dd171f35214eaee7e7eb627b4ca00045a848e6627a32fec2cc4454f790c2209
SHA5123e32d3fe02a4a53aae79040a2f6d4752d38eb1f90ee173fc23d6f0248e590ab57031a1d58fdb38ff4752e4a03e467fa87a0ae206cae000c9098929e519715202
-
Filesize
128KB
MD5072580ffab3061063809b74875b1ad6e
SHA1185eaa5272d410fc2a15928da681ab4b19a9da4c
SHA2568b14986996476fc5979a1fc84d8bc14c7b9a6e94a8a07a31a8e22c091a233fb7
SHA512a015b73362df80d204d2d71a944bb9fd59178519c683de07583f854187e902ca14d99b69a0d7e54b51de5d4292fcb9949b309adab0004a1d2b6a0471baaaf1c1
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e