Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-06-2024 15:52

General

  • Target

    https://app.customerthermometer.com/?template=log_feedback&hash=4078f367&embed_data=dGVtcGVyYXR1cmVfaWQ9MiZ0aGVybW9tZXRlcl9pZD0xMDE3MjAmbnBzX3JhdGluZz0tMQ==&[email protected]&f=&l=&c=&c1=Zilvinas%20Knieza&[email protected]&c3=&c4=&c5=&c6=&c7=&c8=&c9=&c10=

Score
5/10

Malware Config

Signatures

  • Probable phishing domain 1 TTPs 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://app.customerthermometer.com/?template=log_feedback&hash=4078f367&embed_data=dGVtcGVyYXR1cmVfaWQ9MiZ0aGVybW9tZXRlcl9pZD0xMDE3MjAmbnBzX3JhdGluZz0tMQ==&[email protected]&f=&l=&c=&c1=Zilvinas%20Knieza&[email protected]&c3=&c4=&c5=&c6=&c7=&c8=&c9=&c10=
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf845ab58,0x7ffdf845ab68,0x7ffdf845ab78
      2⤵
        PID:4124
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1904,i,2637133853655403389,2650943810859363497,131072 /prefetch:2
        2⤵
          PID:3976
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1904,i,2637133853655403389,2650943810859363497,131072 /prefetch:8
          2⤵
            PID:244
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1904,i,2637133853655403389,2650943810859363497,131072 /prefetch:8
            2⤵
              PID:4608
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1904,i,2637133853655403389,2650943810859363497,131072 /prefetch:1
              2⤵
                PID:1524
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1904,i,2637133853655403389,2650943810859363497,131072 /prefetch:1
                2⤵
                  PID:552
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4348 --field-trial-handle=1904,i,2637133853655403389,2650943810859363497,131072 /prefetch:1
                  2⤵
                    PID:4220
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3036 --field-trial-handle=1904,i,2637133853655403389,2650943810859363497,131072 /prefetch:1
                    2⤵
                      PID:368
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4456 --field-trial-handle=1904,i,2637133853655403389,2650943810859363497,131072 /prefetch:1
                      2⤵
                        PID:4968
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1904,i,2637133853655403389,2650943810859363497,131072 /prefetch:8
                        2⤵
                          PID:4532
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1904,i,2637133853655403389,2650943810859363497,131072 /prefetch:8
                          2⤵
                            PID:3200
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4232 --field-trial-handle=1904,i,2637133853655403389,2650943810859363497,131072 /prefetch:1
                            2⤵
                              PID:4076
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1904,i,2637133853655403389,2650943810859363497,131072 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4744
                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                            1⤵
                              PID:3400

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              264B

                              MD5

                              bdf3bb4259a315a32f6ffcfd28e8eabd

                              SHA1

                              eb787603f636531a30a8c139b212111047108317

                              SHA256

                              3a1eddfe5acdfd3506d3eb7f6fd2700c601f3ff0b4b9b20ac7bed9ff3610bdb6

                              SHA512

                              2959f8ca098249dd4f34035b4a94c7eaa305b20ddd6f90b8c176bcb4dc069c4bc9c747500a79220e5f912e1e889c370d5c9227ad617d62adf1f7eeafcfbfadfc

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              336B

                              MD5

                              e2a734f74686f1d53b8dae7ce891482d

                              SHA1

                              c141926fa3c9908bfa87cad890cbdc22beb0a634

                              SHA256

                              a0041d650b67faa28a96b2cffe9ea00b4a343778318e015b9875ec91811dbee7

                              SHA512

                              47e135c31d034f73113d51259b8424d49badae3f7bce1eb393652afe1fa9ca8571670a738c615a199e15b47981ba8580cc6f466e437390355caa7749fc081820

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              23673a2f1d6912f526cb33c0c60b6b06

                              SHA1

                              9eccfdf58a51eddd1926d83726bf0b6278f222e5

                              SHA256

                              23e795fabda4af76d4fce4b0eade17dd33953b0fcc7529ce9f395fc637c12ecb

                              SHA512

                              76c0da286c366c536448ae292ae02348400eb27f15c951c9f33e7b3da35bfc891bdeeb3891d6ac08ea7195f39aac770b45e808c34b810ec5107574757c8bdf70

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              dafc8a087bdcb9624e299db83b29e864

                              SHA1

                              3a8e9dc3eb0624650ce782b1c306e5213d7c46f8

                              SHA256

                              f4d990e156d5019ef9e2c3ade08c65b449e9b044d0f42efe4e3a28dea44512e4

                              SHA512

                              43f0e8abf0a245af4671a0de86c3abca7ec225da61d41dfc63733d64b0bd55979b46f62d77f8bfebda34f8a9dd93f58aec65da915d85858453e9095b9ae050c6

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              691B

                              MD5

                              4b8096eeb3a777105edf0cd8fe4cf207

                              SHA1

                              b6c8b857b8c6b957f54b1d3e0d8cf20eeca3a081

                              SHA256

                              211e9aff56a635eb0ea0e0d798c63347faa3d5a152d012fc6e76e6e9d7b069da

                              SHA512

                              78f1175f452f755c81f7c03c7331f795a2b81727354787131448dd7fbb414d2a7951e70cf00a607f93e4838f6476449a4c0dcfd4abe82a75681fb5e97fbe1c8e

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              691B

                              MD5

                              eeb3ee65ae5eb307bf01d4b1b8175370

                              SHA1

                              b238b74524460ae0cb56f89cd3d602d209080753

                              SHA256

                              2febd5f498aabc1f34389820244ad6c9acaabeebc5e3d365f689d03fd7fd7341

                              SHA512

                              fe5cc1dd305947474abb89415fd5047e9c9ecc071817e98f496942739843cab25b5c1a272e8b82e54f461b8009bb0d154578c027416208d324b74a2cf47a73d2

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              691B

                              MD5

                              9a5dd99e4c52f7cba3e74ead82182daa

                              SHA1

                              499b1f87426a9874eb54e9f8b74e0216927ca0ea

                              SHA256

                              b0a1a85c6ef77bf86975b3e9a65f8d9c0a441c00c15dc976204d1e14e5dfe7bf

                              SHA512

                              f07d32b7264b05ca640203e58286115a75f9eaacf951f58f22b386d28dbd2a7bd8e840117bc4dd1a8cecdc942177b54b70c6c31923be51b2f0cd20d1194e01f5

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              691B

                              MD5

                              6539c02b3e77dc384a5e263484920ca2

                              SHA1

                              b77b7432b56dc6dcf14b74910a1321247d83e1ee

                              SHA256

                              7dcd727fc6e985ff5ef5377e39001059adc6c409cbd536b31d93522a9b7c5635

                              SHA512

                              7788b8a3010cf8dc04dd44a495564c8b295fd0cd182276a4fd646763a4482ae0de417dc20c2d5e3273c00f3460ff15e7ba97b7fa3fb7d9c0076038c3ed31601d

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              7KB

                              MD5

                              12222b4425fc154f71269e1a10802564

                              SHA1

                              e23218814bcf7b16724d15dc32f8e00a85382594

                              SHA256

                              77c1afaa2b7c159fe22936eca227e5bd23d5968a44d3769921f00cf16bc4d576

                              SHA512

                              882aafb5a39fc9fa7750242bbc4a5784741656e8150626176f7a59c53ef8494744aba5a2da9f1c6deac894323a768bc7a34f5d32aaae1bb7e1f8a59fe9f285e3

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              138KB

                              MD5

                              c8543b48771f0d90d004b6ce87454c6b

                              SHA1

                              c7755f65629cdbe02d96976a6d279523f5233df6

                              SHA256

                              928ccbcc59daa3fbe87e3f0a760aec254065bd6e4ee6046331f82f045f462925

                              SHA512

                              c21ecb2f17efd09328210647c57de903cc8887079adbeb5a981df7e1ceb3a4a04c922c673304d90144918887b75b8364d4249b1a7305ff236225c3fef330472e