hxxps://memetica[.]us17[.]list-manage[.]com/profile?u=e9882e556f68c816df7e14495&id=d019f5ec6d&e=8c489e0d3a&c=0ad94006bd

Analysis

max time kernel
92s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://memetica.us17.list-manage.com/profile?u=e9882e556f68c816df7e14495&id=d019f5ec6d&e=8c489e0d3a&c=0ad94006bd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640054837822928"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 3260	3068	chrome.exe	88
PID 3068 wrote to memory of 3260	3068	chrome.exe	88
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 2132	3068	chrome.exe	89
PID 3068 wrote to memory of 5092	3068	chrome.exe	90
PID 3068 wrote to memory of 5092	3068	chrome.exe	90
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91
PID 3068 wrote to memory of 2552	3068	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://memetica.us17.list-manage.com/profile?u=e9882e556f68c816df7e14495&id=d019f5ec6d&e=8c489e0d3a&c=0ad94006bd
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff852f1ab58,0x7ff852f1ab68,0x7ff852f1ab78
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1936,i,9618201545084843410,12163727417200454371,131072 /prefetch:2
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1936,i,9618201545084843410,12163727417200454371,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1936,i,9618201545084843410,12163727417200454371,131072 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1936,i,9618201545084843410,12163727417200454371,131072 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1936,i,9618201545084843410,12163727417200454371,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1936,i,9618201545084843410,12163727417200454371,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1936,i,9618201545084843410,12163727417200454371,131072 /prefetch:8
  2⤵
  PID:2572

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4312,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4296 /prefetch:8
1⤵
PID:4488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
e4a3340f088166983a5218b749215447

SHA1
ba02f2de03c7de1e07ba794759ac63db9678af47

SHA256
8fe84d87aca4839943b4f5aaf431a40bceadcd4e8671f4be9495de157765433b

SHA512
b7c0e41376091fe602fdbac8cdbcf4e24d7f7af17508553b225d9bd27cb7a444d2eb8d66433244b6e1c00a90f59665d956037f653fa3bdbfb1dff82eeb0b6ae5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
03cbf01d891f2125c419a3778790c12f

SHA1
3ccd1ec8db3dba83cccafa4d37c2ff437b799fca

SHA256
cd846e25fff2cc5fcc0aa547868a6d575e476d2fa7902d950c7442876c0040d1

SHA512
7c12e79e93b03faf54a9d5f8df2657ccc8efcda7108b295fcc3b23738f1760ec829d8ad8bed7f56ab499dff94bfb257e4a7f80bc997b10d22b851560acfae4b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
d34e07aab468e5b06336fed3c39b41e8

SHA1
db38de3f2cad74ca5a2997479a88a6b8feab1cce

SHA256
c6c31b5e4eb64ca278131e4c7f0121c72b577243bd9133689a1c0dbb22328080

SHA512
1b722123be4a0676251f18abe3e2bf468b2b4816eebf9d2156718252c3647b0bb1cc1b1176507f07b70e2e1b10cd5fe550f2aecb2a5663498746e3eaf07516f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5e0e25a8b0175f0caf2aa61bf673e3b3

SHA1
a09cf05ac36956ec7a1fa2fe860b9588382b43ef

SHA256
c7728b258b88f4efacc4a0a8b25cab5bf53c41c09ff0f5a115d4d57018a18748

SHA512
17968a5800ca1e20467a3e52bad19159cf30832ec1f3e4b7285665c2fa12204020294aad5c9638c67d3b4c8eee5f4b298e9aeebd25ea90772c8fb9a00926690f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
663f430a61dfc60e7a67f42b9dc6853f

SHA1
29a98229943532bb85682fca4f192d15e8a5c067

SHA256
f3d1c678cdc1622c725213713caa22b7076b5a3052378ee28b8b5bd92539855b

SHA512
71b30f733ad107f62ba2da6133a6aab8ba7c6917f6591489fea0da1268ec94e9845eac2ce6b5d055c2ff92e51539944a0b5bc13819a5943b845d5611600a82c2

Download Submit