Analysis Overview
Threat Level: Likely malicious
The file https://lfsrm.sharepoint.com/:o:/s/Development/ETs2iUlSz81GidHFbN7fP_oBEe8MfgwyJMgWhJ0PBMBgbQ?e=4%3aHf4Uc8&at=9&xsdata=MDV8MDJ8aW5mb3NlY0BhcnVwbGFiLmNvbXw5YTAxNGY0NTM0OGQ0MTI4ZGZjMjA4ZGM5NjE5NGY5ZXw1YmQwZDYyOGQ2ZWE0MDg2OTU0ZjY5NzkyYTVmYWE1N3wwfDB8NjM4NTUwMjgyNjc4NTg2MjcyfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=TzRyWForVWw3cFVHZGtwZ2RQM1NtV2hiWERNOXNxS25kblg5ekc0TDFFWT0%3d was found to be: Likely malicious.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: 05|02|[email protected]|9a014f45348d4128dfc208dc96194f9e|5bd0d628d6ea4086954f69792a5faa57|0|0|638550282678586272|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|0|||
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-26 19:55
Signatures
A potential corporate email address has been identified in the URL: 05|02|[email protected]|9a014f45348d4128dfc208dc96194f9e|5bd0d628d6ea4086954f69792a5faa57|0|0|638550282678586272|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|0|||
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-26 19:55
Reported
2024-06-26 19:58
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639053661895790" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://lfsrm.sharepoint.com/:o:/s/Development/ETs2iUlSz81GidHFbN7fP_oBEe8MfgwyJMgWhJ0PBMBgbQ?e=4%3aHf4Uc8&at=9&xsdata=MDV8MDJ8aW5mb3NlY0BhcnVwbGFiLmNvbXw5YTAxNGY0NTM0OGQ0MTI4ZGZjMjA4ZGM5NjE5NGY5ZXw1YmQwZDYyOGQ2ZWE0MDg2OTU0ZjY5NzkyYTVmYWE1N3wwfDB8NjM4NTUwMjgyNjc4NTg2MjcyfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=TzRyWForVWw3cFVHZGtwZ2RQM1NtV2hiWERNOXNxS25kblg5ekc0TDFFWT0%3d
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0254ab58,0x7ffa0254ab68,0x7ffa0254ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1888,i,6552061744706782222,4372163795123216,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1888,i,6552061744706782222,4372163795123216,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1888,i,6552061744706782222,4372163795123216,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1888,i,6552061744706782222,4372163795123216,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1888,i,6552061744706782222,4372163795123216,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1888,i,6552061744706782222,4372163795123216,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1888,i,6552061744706782222,4372163795123216,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1888,i,6552061744706782222,4372163795123216,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4604 --field-trial-handle=1888,i,6552061744706782222,4372163795123216,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lfsrm.sharepoint.com | udp |
| US | 13.107.138.10:443 | lfsrm.sharepoint.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.138.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | res-1.cdn.office.net | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| SE | 2.21.96.34:443 | res-1.cdn.office.net | tcp |
| SE | 2.21.96.34:443 | res-1.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| SE | 2.21.96.34:443 | res-1.cdn.office.net | tcp |
| SE | 2.21.96.34:443 | res-1.cdn.office.net | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| SE | 2.21.96.34:443 | res-1.cdn.office.net | udp |
| US | 8.8.8.8:53 | m365cdn.nel.measure.office.net | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.96.21.2.in-addr.arpa | udp |
| BE | 104.117.77.56:443 | m365cdn.nel.measure.office.net | tcp |
| BE | 88.221.83.187:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 56.77.117.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4516_DCPVWDEBKKTXPUMI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 69efee3b9d6fac5c64105eade4ed0268 |
| SHA1 | bc297df368274152983684bf079c33c966e6f395 |
| SHA256 | 698e48ec78c7605b7ed3d548e13f3b793402399cd3ec699e44aba7ba812b6644 |
| SHA512 | 57c91827f77e2fad5944b93611032efb2ef9af7f98b99cd802b4d25cffc2ba53689e83b6e6d614bdf6b963099228ff0997be823f8cc67dc2589920251135a346 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 961a4ed4439486429cfc52e9ba247e2f |
| SHA1 | e5fe19d078cf5ff86158c285e32f945fc343847d |
| SHA256 | a6d6452f0def18f6a2f5f731bc61fc04384e80d14646dd7169765d979747fe70 |
| SHA512 | 89e7bb4618d8b39e1f18aeb1835bcd3b6b55a39775f13c2287342044179603f8e17957b3e104237ed369cba7604686dfe815fb71b19142cf433f9df073c3b0b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eef12276855cd445b0344c3a645393fe |
| SHA1 | 512246180219837cc3cbf2095f3ec3c2477617ab |
| SHA256 | 634b37c08d9c0a97d7f166a39cb495c12e2cdf2cc6ee8428aeacfdd5b844658e |
| SHA512 | 0be77ed15b5d3c0428eb2a04bb02cdbdd7e0c97e9f8a66f190a438b8dcfec2ce8c74d497485015b2dab469a2b1ac44241e3d4831af6e804171c22ba0ada1967a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 743a792fab91121f56429c9cfd5d7bc5 |
| SHA1 | 9eda372ef4da460c873d00c73d8c16f0eca7b011 |
| SHA256 | 363074dd9c502eac4c0a03e41271b2ab43d24ca5bcd6a13fe1613b29446b2c70 |
| SHA512 | a78721c1c13eb3a05423e020882582593886706c7524a352f6421f99b50e2fae73ac860647e6e06e1e26d5d077377c625c6d777bd23d1eb4ebeb2bf4f20003a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aa082f3c355705e27b87d63dea5c9be5 |
| SHA1 | 92636d09b1ccafb5e0ba32f9a7ae6039177fa70c |
| SHA256 | ba1a5eb74804da6e0a074d13771e0eca449519e52f8768b256c47e4acc6ac9cb |
| SHA512 | 8b5535d34bc266b413433ccf172d527a2add3d20e9ccc7f5154b0ad7f224955b38f9ed928f2b589d089148b04859402c6ba67e097310e15010a17c7f39d732a1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\685530cb-355c-4050-83cf-8539b9d6544e.tmp
| MD5 | c56b238661becf6834b20426212e88ef |
| SHA1 | 2bc4b4b2cbffd07e1f110c38fff5737c641de4aa |
| SHA256 | f7c7a69cc737b03c03f53acbf3e233334d7f403c76ca635f2829001e2e19330c |
| SHA512 | 9ff2b43df0912cd2b585484c8e555c4be6b26c5c29418f5f9f5f736eb4e0cd6d5e56783990f99e8b89ecb6797410e7997a628e33c9550fcdc98fcc5462972a64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e48faaa47b4ded1d8c577d8899ed5fd0 |
| SHA1 | 4b4403179084c3214f958db6c26b61c7bf9e33b8 |
| SHA256 | 79d652053e6d06e932ce89f2b4eb225d06d8b10d72ad106a7985ac0a5055b692 |
| SHA512 | 22b84e1223234e3bd09f4bda9ce4c610fde6233803d0f4d48f62ba0f742a318bc34977e19523a4dd3cf1a4c954a6c4588b58c0f22c1a0a0da3d3cd0aee21e1cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 194e03372a4ebd706802def34cc0300b |
| SHA1 | 9a79c9b9ccefa9b0c1b430d8a96c0bf34078d869 |
| SHA256 | 07f63603b743ce7c200c746ec50b91febdac1c5b5426bb13d06241e001310a00 |
| SHA512 | 61e19684df051c4034241065f892c6fa61e48f1ff69af2eb6572ef4c572a4a65a87e4923840e5050295dfa2088ab84663187f5506b5dfc9b5832d5b9536a445b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ecd1.TMP
| MD5 | eff0a34ae604b2defec15f6d7a4dd89f |
| SHA1 | 8e64aa223a4c807f380a21404a1b23ca2f4cb760 |
| SHA256 | aed7dd0d4bf1306880f57499d8b01f0098862c242646f85ed00686568ec27ea4 |
| SHA512 | 7a645366e2fe7a8cc124bf099828884d9afe2bb2f855193070a35417fcdd8eea1934888abd392d301b90625cbb24ab310e7229f855087f75b073d3766b0b2e99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2bc241d44046138ae6a8c7afeae1033b |
| SHA1 | 666ed9364bfbb353a62ba620ab8888c04194c49e |
| SHA256 | 6ee854e28dbb094d0d40614318529067fa80acbb9e1d910fa8ca29e4e2a67c44 |
| SHA512 | c6bc1b60630689f6e84e8e30f851325371e4ba4a1cffec558e0a7ac2ebc9be0eed6258df01f289657f13c3e2bb5d45c64e79dc5338d36b7343fe0ad3af83e880 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 63d03081e16217f271bb355692ca12f8 |
| SHA1 | 7e6ef5c93b57e11c564e7462b2ff5bc0b80eb683 |
| SHA256 | 6481c63830df1797463d6c3a835c0a66d1a470028f97945f449868a32455b8c3 |
| SHA512 | ee95532317ac9c2fdd755444797d0ef4929d3fe7e54ce7a5398c9c2772d99d95683c1637d0fa02855e111923094eecfe0604dbf228ea6bfba0944f7ef162e31f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d4c83826c6a4ab2e759f12f1df83f4a4 |
| SHA1 | 012f8ec70036cfe686495c4d984273c27de48aa2 |
| SHA256 | 457be42d654793816cb2a27ac9a802289d42904867db78f6815f1910e582ef52 |
| SHA512 | 64184a2d12dc76bc336cf0911cb71828bd6c4260d306b9f09ef9aa7901d908855f7677b3e3597f38bf1b9d49f5c583d89d5356046425147fa7755f2f580e97bb |