Analysis Overview
Threat Level: Likely malicious
The file https://secure.virtru.com/start/?c=custom&t=verizon-1-0-2&s=businesscollections%40verizon.com&p=c826f4fd-040c-4f40-9094-3181fbdcadbc#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2Fc826f4fd-040c-4f40-9094-3181fbdcadbc%2Fdata%2Fmetadata&dk=ptaOq1YTD99joalaVUF%2Bg6nCax6LRUunbunLTLiT3Eo%3D was found to be: Likely malicious.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Drops file in Windows directory
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-27 15:06
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-27 15:06
Reported
2024-06-27 15:07
Platform
win11-20240419-en
Max time kernel
77s
Max time network
79s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639743939412282" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://secure.virtru.com/start/?c=custom&t=verizon-1-0-2&s=businesscollections%40verizon.com&p=c826f4fd-040c-4f40-9094-3181fbdcadbc#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2Fc826f4fd-040c-4f40-9094-3181fbdcadbc%2Fdata%2Fmetadata&dk=ptaOq1YTD99joalaVUF%2Bg6nCax6LRUunbunLTLiT3Eo%3D
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb850fcc40,0x7ffb850fcc4c,0x7ffb850fcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1804 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2116 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2360 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3060,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3124 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4868 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4368,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4592,i,12772192452491702868,1280547092610618587,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4968 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | secure.virtru.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 34.160.98.162:443 | secure.virtru.com | tcp |
| US | 34.160.98.162:443 | secure.virtru.com | tcp |
| US | 34.160.98.162:443 | secure.virtru.com | udp |
| US | 130.211.46.139:443 | api.virtru.com | tcp |
| US | 130.211.46.139:443 | api.virtru.com | udp |
| US | 3.233.158.29:443 | session-replay.browser-intake-datadoghq.com | tcp |
| US | 34.209.101.169:443 | api.amplitude.com | tcp |
| US | 3.233.158.33:443 | rum.browser-intake-datadoghq.com | tcp |
| US | 130.211.46.139:443 | api.virtru.com | udp |
| US | 8.8.8.8:53 | 139.46.211.130.in-addr.arpa | udp |
| US | 130.211.46.139:443 | api.virtru.com | tcp |
| US | 8.8.8.8:53 | 169.101.209.34.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 3.233.158.33:443 | rum.browser-intake-datadoghq.com | tcp |
| US | 3.233.158.29:443 | session-replay.browser-intake-datadoghq.com | tcp |
| FR | 20.190.177.21:443 | login.windows.net | tcp |
| SE | 40.126.53.16:443 | login.microsoftonline.com | tcp |
| US | 13.107.253.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.253.64:443 | aadcdn.msauth.net | tcp |
| US | 130.211.46.139:443 | api.virtru.com | tcp |
| FR | 20.190.177.21:443 | login.windows.net | tcp |
| US | 8.8.8.8:53 | 16.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| BE | 23.14.90.107:443 | identity.nel.measure.office.net | tcp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | tcp |
| US | 34.160.98.162:443 | secure.virtru.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | tcp |
Files
\??\pipe\crashpad_748_EZLXGSLCQJMERJCW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1afde13acf1de7bbcd6fd0c731e6f516 |
| SHA1 | 8c57ce30d6e8d1e93ca1ebb05a012a6e8da98bce |
| SHA256 | 94457b295aec07087d7fdbc308d48fcb5749d5a9d9d80e0a8b29cfcb0bf8fd4f |
| SHA512 | 0be4d6faba2c0d2ad8c43d49ad8764cb21aacf03c30b867dfa3e9aa973c163eed64fcff0865538545cfad90e6e76fda032cb96c6c70044371209d337efc505af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0987ba28ca549993aef7917483f61374 |
| SHA1 | 0aa5b2fb6e1dee4de959808bb3330d1319ca293e |
| SHA256 | a2b3cb1bf078b826fcffe5e345693d0fb8c9beb805f4925bad13df30e96a6bda |
| SHA512 | 7ec04ed8097b2ded9866d466f6f005a529cd586c429758ffd4564de6f89ca263f12ffd7731f3f50e4de78c6a63e2461c79b683bba06a910fa185dd289d727e89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | e2f4d3dfa4fb667da28e047a9b7256e7 |
| SHA1 | 96d05ec35212b071836469faa2184f38bc41426b |
| SHA256 | 21f455718ea4c9d8f9bdddaa46ad0e1db93cc341db7336eca0bdbf121838ffe5 |
| SHA512 | 7b677c489e7b9079a8aa0b9376374395eb9e283080a19f80b0a0f717501b3e5366afee14c8fa7564a5de21fd66a98999426ba2f760fbfd2a5f2aacb652d1b058 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2dc5f79f502b7dc5b0a7b3137d516fe8 |
| SHA1 | 0fcf8c81da7c1619f329f6a11954ae10d57f9cec |
| SHA256 | 7b948f3246498647e5d1c8b15dc116c90f586dcacb83b0f13069dc6b20a58b25 |
| SHA512 | f713effb642b5979a1d736339817aa5aa6eec1a5803780af14831661e265db2b9fe4115edc4b2886de443db193675cbce6d5070637c853c791d19d63604408dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 41e2801f4ea70d7c7bf26546dcfa2fa2 |
| SHA1 | b5a63dbe01a786c8da50ab4a2398b2534d4ffa19 |
| SHA256 | 365049ad3b31a5664cb7f2791460f3bbdce39c6c0abc41fbc8372dc1b0d37293 |
| SHA512 | 9231d25f09c8aa1fc3e14a1a26d78f501a4a46dacced773e75fc7313c3280432374e75892fee14cb4c47ad58bf1b6465598871fbc8cb9fbd80224baeafbf679f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 59af595b17064baca255be7aa3e4354c |
| SHA1 | c52ae94d84c0be9108e7a8c443529fc1e67fef05 |
| SHA256 | ed3c64ab38a78517c1a29b0ebb945e00ec47c2980d64b95904891463fcf022f3 |
| SHA512 | 0f4b2479c9fe63a268e92fedc0a22a093f8039cdd270c7d275e4b624d38979ec021733672f954dce8ee096e6ff7cefd26dcccd1ca64721b672d4eea06b93d4df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f6030da74e8b4bfdc48e6324f6be5dad |
| SHA1 | f10e024d33dee81e10d31145a2205f2b863a3954 |
| SHA256 | 4b2285ef84289e12713de8cecf53a74912abdabe586b087d87a4eb6b13d43870 |
| SHA512 | 063173e4311e95832e5513c8552bb29a17a9cb6668bbbc0430c1b1617fed13f348bc017b9a555bb9f19ec355e8601bce1b9b038ced75b1bdb58446b58e78c49d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 126c9fb69a6c42676831d61c4b7e4442 |
| SHA1 | 47cbfaba258a8ab1d58f500a95388b6a63ddaf29 |
| SHA256 | f97561f95bd57072d3b1214f1a2b8f3f1aae8c2d899f0ff6cfae1e2924d5cce5 |
| SHA512 | 46da0c7964c900ef4901c7a4d2b771934ffc25809a7126791c7ce194a5b78832f1036ca6e43f2f2a944e215ebf8c5c82dc128625a97ba83daab742146a629ef2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d332fa97e03c3f7cb8e2cec0d537144d |
| SHA1 | 31373f25b8624c82cf9227a595883622881ea96c |
| SHA256 | a2f3690815ec4ed2217df5c98f6a0584c7a2125ceeb9717bf51efc417f0e0a55 |
| SHA512 | adbd2d4d7d7aeda8ff67af6b5735f28cdfc37cac63eaaba2716e2be0b2b65283dae16a59118a0a8ea59bf0df39f6959f9f11c3a06268ef3b441fa53f73c26598 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c336771c59d077e80179e9b793c1d45d |
| SHA1 | e7d52ced3823bb1aa453d6b7109e4b60d1554015 |
| SHA256 | e3fab63f619386859a19dde90560bd2d55d709a4aaa1159aaaa6cc761e4713f9 |
| SHA512 | c7c86f414768b134dd0785fd575e107e1684386fb86322030c886191888eae66bcec67411ae2002d40acb7ed00b5307e4f6b119b4e923baa3a5b7ba69cda5443 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f5150568492629d569e6751f438e629f |
| SHA1 | c4deea1f1d624e1624ba7ad9ac2e8e04947167da |
| SHA256 | ebcc5847250f6b6cb251b4c1a41b2c3e6154239594e210e2defd860a7231fb35 |
| SHA512 | c8d00b4f004ab165f0246de2985a06c4cfa24fd519b4c0287945252c0c6bc641462723b8552787b07d94849763664d8163c4aa293df201ad44786092716ed7b5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 12a5d9436a4c0361d7aee9ecfc30a819 |
| SHA1 | 276a0d94a2c9d476c0f4305b8d33b89be15766cc |
| SHA256 | b3062f620002a61c0675d30f3be764a12d993ec331dd9f7b6d8afabf1d74d2f0 |
| SHA512 | 67c65d080b1586bd38f59cccb41f80daba371b92785d7f1cd554c2be5cee848063acc9efef46955406863c0be9b0e17a33a1a5c22b74e66822b85ec9b19a3203 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b8196662-a209-421d-a726-238b0f22fc8c.tmp
| MD5 | c17930872f348333ca71bf09f3ffc727 |
| SHA1 | f38b4808da4dc93688f4727351abeceff680dbbe |
| SHA256 | fc5b07960ed293c3667ba2f91fab6ba0041eefe9f70c0c695db9705aed2f0775 |
| SHA512 | 17f7e7fa7771112851eb3a1ba1236406003324e09d77cd1861c56e76145b321480c18a34ac856592a8daaadf8a0e4f7e2a4f7ca192935732022cd2dd272ba207 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e01d5541fb784f56e08200a822dd973a |
| SHA1 | ee6a09a064e063594e7cdd8570b1bc63f8050988 |
| SHA256 | 0cbc3e4287c14bf0e8b1afb9ddb59a3541fb5d0c1734920ce6a5af8296d3c1b3 |
| SHA512 | 327b11f2d92a85489ea9a7ac1146bb6f4e1e71bc99391e3273c77579c51d3705cf866f9f4712eec449b8ff6c3eb6b597baed9d39aa06e4f9fe31c5ac302c82fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 541306097639e76502790f8adb206968 |
| SHA1 | ba35182d47f81168542f2d38e24c9ac8162acedd |
| SHA256 | 6d2e1120ddaf21e5c278d67beebffa75ebf524bdfc7ac60fdaa70350e963671c |
| SHA512 | 15a0a7f0887332da11d906c0bfcf2af09ee38db035449abe89f9be8acc662d240e093f845aa08cfccafbe5bc58f5a8211c2290999cc3664a330836627efcbdf8 |