hxxps://edisoninteractive[.]us18[.]list-manage[.]com/vcard?u=adb8cabcece6f7b67f990974f&id=9aaa55c627

Analysis

max time kernel
7s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://edisoninteractive.us18.list-manage.com/vcard?u=adb8cabcece6f7b67f990974f&id=9aaa55c627

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 4184	4188	chrome.exe	91
PID 4188 wrote to memory of 4184	4188	chrome.exe	91
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 5088	4188	chrome.exe	93
PID 4188 wrote to memory of 4780	4188	chrome.exe	94
PID 4188 wrote to memory of 4780	4188	chrome.exe	94
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95
PID 4188 wrote to memory of 5020	4188	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://edisoninteractive.us18.list-manage.com/vcard?u=adb8cabcece6f7b67f990974f&id=9aaa55c627
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffdbaa39758,0x7ffdbaa39768,0x7ffdbaa39778
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:2
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5212 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3716 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:2
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5304 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 --field-trial-handle=1908,i,2650377352438466561,5408836271379523563,131072 /prefetch:8
  2⤵
  PID:3100

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:708

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
579B

MD5
fb7f913b353e3c0a8cabef2186436bc9

SHA1
a38384c89c706cd0edcf0cb30a4654b0a626366c

SHA256
70e8f84985245983b5190d1c84002c34cec939afa82b9f2b7dc3145d2b94d170

SHA512
8e93b0386f14f224b9b291669838c60ec3c8f3c68ccd8888e07944821a1fb090703871390183b19b3f998d6d7bb8a4e95437b94c23c2db9bbfc1c4084611f992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
06c5b21c88d00cc363c15ddf49698c4d

SHA1
07c4a2bfada808910c782bda2e0960078432a6d0

SHA256
01134eac596146facd8d642a01d042d7fef673483d26784ab0149690d3c5e8cb

SHA512
01477aa566c15ba275987f06fca6757f84ec8f0d06738b0830838113db3f6b9d98f99ec6b07a850a5b677e27678b7ab5588630b17abbc727f4bdd0e425624ce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e57c95542487cb5b97fddcda87884dd2

SHA1
1342c59393817785e42ca5caae3e6b1a7110b318

SHA256
9b5f422a375f6ada0161d308ef9ecb74a6f345a4fb7d10510d6c5919bc850d48

SHA512
ca13d62de7015934cb4d88909c6363dccae45366dfca44c70cd44535a9395f763880426ce28b3168848b47d2f48861ed66db11afb49470f92f788169e83d3ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f009bb53cafbefefeece335760860b9b

SHA1
4c1d5978ad537ef03ae9be35d73240c10a6906e4

SHA256
c4c1ea81d6a9b3b7c5768a80224800c848905708f6415120c61347b1f6a0cc2c

SHA512
e318a750007bd0f5f419e0045b818494c4bcd5b23866954f8ce112034813945974c1578d84f8bbfbc5e15a5a99114010633c054933fc8e11ceb49e9c8e1553d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6e1a8c7a4db6e8152b7bf2c659ed2b1e

SHA1
9cd9af1a02b13f55fbac2b28cc5a14dad2dd8343

SHA256
1a52d9fdd1da7d854b953c5f88482b7b6d497523c79b89e5c041f80a409ceaa5

SHA512
d7514741d0bb367902f9ffd3592458f5caa702494a690e0631f80cf76af14828d879d2470d8731763a6e56fec22e462d3780028014112d3c23856f05b3811b8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f84e582e91306479d259ef23c0c34950

SHA1
3b508bd82dfc04a78302301eac5ec9951bb45c3c

SHA256
23b88217863a42632d949804983bda1abe780f13d7b9c54507be62e7a1309ef8

SHA512
06c4b85f0df65ea6b805451fb9db20cc573b63f5b2f3252b82efc5fdd2e3aa3c14642984c7473681256532bf7e254c762eb2164373723735ca0f46a891c61c80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
29ba437364e6cdcb447fea2c7f370eee

SHA1
c764b043dba58a6915b1490a75967c68451712a6

SHA256
cc8953f98ff53105fde2685f26b48ea4b5b55fea84b8ec306b783a23b072cef1

SHA512
626aafbb16afa65c499cb2fb8fac1650a87f366293ba7644190e501132760d64e314f790c2b04d75cac87733750ed1c5ab60f3099efca575d69d5a0a8132448b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
0ed862aca52c1f8da1e810740a1c565d

SHA1
8c8ba32da1c46c5c0303b50dea2d933e9b3955a5

SHA256
22c94b51e8247f8e87029962efcb94bdde71197fc5570e6516bcf76b7ed28882

SHA512
8461c2526efe1970d790619a3e9ba4a66d993b1402771cb65e30188c60ecae23754d805c2e151935912efdb863463074669ac453ae76db643948ea250f066e8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
474a80294739bfb79f4042dead7c33bb

SHA1
30eef9a82ce8a7a72a1d94f4f01e1969e651acbb

SHA256
7eeee4a74568086ebce15eefacb086bd07e2994aab7276ad966969782958bf53

SHA512
4dcfe9c2410407fc53f3216f30dea0dbb39518b73adb6b809ec602a99bb401a0e206d55957081a862b10cdb16b7ec2650c843bb48531237f1d33e279e9357c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5933e7.TMP

Filesize
103KB

MD5
14595c9638b4b428d6fa8c0b0ea265a5

SHA1
db3115f8b77048a2b35cbeb9f020a822e298993c

SHA256
4e81542005649b6edb80d3869c0d03d590d4eb1bc11f9f59f326bf7f6bab47b1

SHA512
85844e3fe544dc9585e2e98d9e7811ec2aa27ac4f2efd1d1c763948e86bacbd7fddc95527b328ab923fb9ea61cf35269a4b26c79ba4ea731efcf275b2c45d6ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bd4b20f4-2740-4fb0-8b0e-63e985978123.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\1fcc0b3b-1ce4-4fd8-9006-3cf65a234647.tmp

Filesize
285B

MD5
578d033000af6637d2b342c69f66e586

SHA1
854342cf799fa178c29b0e83cf0b1fba96869c74

SHA256
5b39cf112af6365d2afcf1921d721b8e3206d3e1344ab5686e0b19089ba6a1e8

SHA512
714bdda6e8c688b5614c930cd7de48c8c72d4149d682b39dec914741d5e5547c7d6a1b792fa6ff3e31307e282203dc2b313e2661b442662a3ce98aa546a60b5e

Download Submit