Analysis

  • max time kernel
    77s
  • max time network
    79s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27-06-2024 15:06

General

  • Target

    https://secure.virtru.com/start/?c=custom&t=verizon-1-0-2&s=businesscollections%40verizon.com&p=c826f4fd-040c-4f40-9094-3181fbdcadbc#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2Fc826f4fd-040c-4f40-9094-3181fbdcadbc%2Fdata%2Fmetadata&dk=ptaOq1YTD99joalaVUF%2Bg6nCax6LRUunbunLTLiT3Eo%3D

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://secure.virtru.com/start/?c=custom&t=verizon-1-0-2&s=businesscollections%40verizon.com&p=c826f4fd-040c-4f40-9094-3181fbdcadbc#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2Fc826f4fd-040c-4f40-9094-3181fbdcadbc%2Fdata%2Fmetadata&dk=ptaOq1YTD99joalaVUF%2Bg6nCax6LRUunbunLTLiT3Eo%3D
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:748
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb850fcc40,0x7ffb850fcc4c,0x7ffb850fcc58
      2⤵
        PID:752
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1804 /prefetch:2
        2⤵
          PID:260
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2116 /prefetch:3
          2⤵
            PID:2440
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2360 /prefetch:8
            2⤵
              PID:4016
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3088 /prefetch:1
              2⤵
                PID:4368
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3060,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3124 /prefetch:1
                2⤵
                  PID:1700
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4868 /prefetch:8
                  2⤵
                    PID:4496
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4368,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4864 /prefetch:1
                    2⤵
                      PID:3480
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4592,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4968 /prefetch:1
                      2⤵
                        PID:2936
                    • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                      1⤵
                        PID:3304
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                        1⤵
                          PID:1316

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                          Filesize

                          649B

                          MD5

                          e2f4d3dfa4fb667da28e047a9b7256e7

                          SHA1

                          96d05ec35212b071836469faa2184f38bc41426b

                          SHA256

                          21f455718ea4c9d8f9bdddaa46ad0e1db93cc341db7336eca0bdbf121838ffe5

                          SHA512

                          7b677c489e7b9079a8aa0b9376374395eb9e283080a19f80b0a0f717501b3e5366afee14c8fa7564a5de21fd66a98999426ba2f760fbfd2a5f2aacb652d1b058

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          432B

                          MD5

                          12a5d9436a4c0361d7aee9ecfc30a819

                          SHA1

                          276a0d94a2c9d476c0f4305b8d33b89be15766cc

                          SHA256

                          b3062f620002a61c0675d30f3be764a12d993ec331dd9f7b6d8afabf1d74d2f0

                          SHA512

                          67c65d080b1586bd38f59cccb41f80daba371b92785d7f1cd554c2be5cee848063acc9efef46955406863c0be9b0e17a33a1a5c22b74e66822b85ec9b19a3203

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          240B

                          MD5

                          41e2801f4ea70d7c7bf26546dcfa2fa2

                          SHA1

                          b5a63dbe01a786c8da50ab4a2398b2534d4ffa19

                          SHA256

                          365049ad3b31a5664cb7f2791460f3bbdce39c6c0abc41fbc8372dc1b0d37293

                          SHA512

                          9231d25f09c8aa1fc3e14a1a26d78f501a4a46dacced773e75fc7313c3280432374e75892fee14cb4c47ad58bf1b6465598871fbc8cb9fbd80224baeafbf679f

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          3KB

                          MD5

                          e01d5541fb784f56e08200a822dd973a

                          SHA1

                          ee6a09a064e063594e7cdd8570b1bc63f8050988

                          SHA256

                          0cbc3e4287c14bf0e8b1afb9ddb59a3541fb5d0c1734920ce6a5af8296d3c1b3

                          SHA512

                          327b11f2d92a85489ea9a7ac1146bb6f4e1e71bc99391e3273c77579c51d3705cf866f9f4712eec449b8ff6c3eb6b597baed9d39aa06e4f9fe31c5ac302c82fd

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                          Filesize

                          2B

                          MD5

                          d751713988987e9331980363e24189ce

                          SHA1

                          97d170e1550eee4afc0af065b78cda302a97674c

                          SHA256

                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                          SHA512

                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          1KB

                          MD5

                          2dc5f79f502b7dc5b0a7b3137d516fe8

                          SHA1

                          0fcf8c81da7c1619f329f6a11954ae10d57f9cec

                          SHA256

                          7b948f3246498647e5d1c8b15dc116c90f586dcacb83b0f13069dc6b20a58b25

                          SHA512

                          f713effb642b5979a1d736339817aa5aa6eec1a5803780af14831661e265db2b9fe4115edc4b2886de443db193675cbce6d5070637c853c791d19d63604408dd

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          1KB

                          MD5

                          541306097639e76502790f8adb206968

                          SHA1

                          ba35182d47f81168542f2d38e24c9ac8162acedd

                          SHA256

                          6d2e1120ddaf21e5c278d67beebffa75ebf524bdfc7ac60fdaa70350e963671c

                          SHA512

                          15a0a7f0887332da11d906c0bfcf2af09ee38db035449abe89f9be8acc662d240e093f845aa08cfccafbe5bc58f5a8211c2290999cc3664a330836627efcbdf8

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          1KB

                          MD5

                          f5150568492629d569e6751f438e629f

                          SHA1

                          c4deea1f1d624e1624ba7ad9ac2e8e04947167da

                          SHA256

                          ebcc5847250f6b6cb251b4c1a41b2c3e6154239594e210e2defd860a7231fb35

                          SHA512

                          c8d00b4f004ab165f0246de2985a06c4cfa24fd519b4c0287945252c0c6bc641462723b8552787b07d94849763664d8163c4aa293df201ad44786092716ed7b5

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          1KB

                          MD5

                          d332fa97e03c3f7cb8e2cec0d537144d

                          SHA1

                          31373f25b8624c82cf9227a595883622881ea96c

                          SHA256

                          a2f3690815ec4ed2217df5c98f6a0584c7a2125ceeb9717bf51efc417f0e0a55

                          SHA512

                          adbd2d4d7d7aeda8ff67af6b5735f28cdfc37cac63eaaba2716e2be0b2b65283dae16a59118a0a8ea59bf0df39f6959f9f11c3a06268ef3b441fa53f73c26598

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          59af595b17064baca255be7aa3e4354c

                          SHA1

                          c52ae94d84c0be9108e7a8c443529fc1e67fef05

                          SHA256

                          ed3c64ab38a78517c1a29b0ebb945e00ec47c2980d64b95904891463fcf022f3

                          SHA512

                          0f4b2479c9fe63a268e92fedc0a22a093f8039cdd270c7d275e4b624d38979ec021733672f954dce8ee096e6ff7cefd26dcccd1ca64721b672d4eea06b93d4df

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          0987ba28ca549993aef7917483f61374

                          SHA1

                          0aa5b2fb6e1dee4de959808bb3330d1319ca293e

                          SHA256

                          a2b3cb1bf078b826fcffe5e345693d0fb8c9beb805f4925bad13df30e96a6bda

                          SHA512

                          7ec04ed8097b2ded9866d466f6f005a529cd586c429758ffd4564de6f89ca263f12ffd7731f3f50e4de78c6a63e2461c79b683bba06a910fa185dd289d727e89

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          126c9fb69a6c42676831d61c4b7e4442

                          SHA1

                          47cbfaba258a8ab1d58f500a95388b6a63ddaf29

                          SHA256

                          f97561f95bd57072d3b1214f1a2b8f3f1aae8c2d899f0ff6cfae1e2924d5cce5

                          SHA512

                          46da0c7964c900ef4901c7a4d2b771934ffc25809a7126791c7ce194a5b78832f1036ca6e43f2f2a944e215ebf8c5c82dc128625a97ba83daab742146a629ef2

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          10KB

                          MD5

                          c336771c59d077e80179e9b793c1d45d

                          SHA1

                          e7d52ced3823bb1aa453d6b7109e4b60d1554015

                          SHA256

                          e3fab63f619386859a19dde90560bd2d55d709a4aaa1159aaaa6cc761e4713f9

                          SHA512

                          c7c86f414768b134dd0785fd575e107e1684386fb86322030c886191888eae66bcec67411ae2002d40acb7ed00b5307e4f6b119b4e923baa3a5b7ba69cda5443

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b8196662-a209-421d-a726-238b0f22fc8c.tmp

                          Filesize

                          10KB

                          MD5

                          c17930872f348333ca71bf09f3ffc727

                          SHA1

                          f38b4808da4dc93688f4727351abeceff680dbbe

                          SHA256

                          fc5b07960ed293c3667ba2f91fab6ba0041eefe9f70c0c695db9705aed2f0775

                          SHA512

                          17f7e7fa7771112851eb3a1ba1236406003324e09d77cd1861c56e76145b321480c18a34ac856592a8daaadf8a0e4f7e2a4f7ca192935732022cd2dd272ba207

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          77KB

                          MD5

                          1afde13acf1de7bbcd6fd0c731e6f516

                          SHA1

                          8c57ce30d6e8d1e93ca1ebb05a012a6e8da98bce

                          SHA256

                          94457b295aec07087d7fdbc308d48fcb5749d5a9d9d80e0a8b29cfcb0bf8fd4f

                          SHA512

                          0be4d6faba2c0d2ad8c43d49ad8764cb21aacf03c30b867dfa3e9aa973c163eed64fcff0865538545cfad90e6e76fda032cb96c6c70044371209d337efc505af

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          77KB

                          MD5

                          f6030da74e8b4bfdc48e6324f6be5dad

                          SHA1

                          f10e024d33dee81e10d31145a2205f2b863a3954

                          SHA256

                          4b2285ef84289e12713de8cecf53a74912abdabe586b087d87a4eb6b13d43870

                          SHA512

                          063173e4311e95832e5513c8552bb29a17a9cb6668bbbc0430c1b1617fed13f348bc017b9a555bb9f19ec355e8601bce1b9b038ced75b1bdb58446b58e78c49d

                        • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                          Filesize

                          2B

                          MD5

                          f3b25701fe362ec84616a93a45ce9998

                          SHA1

                          d62636d8caec13f04e28442a0a6fa1afeb024bbb

                          SHA256

                          b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                          SHA512

                          98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84