hxxps://mailing[.]arpynet[.]com/index[.]php/campaigns/oo737jlyvt4f0/track-url/yt647c0xqx713/f3a3dc38e0af7750f16b364570c0a5ffb8379c90

Analysis

max time kernel
78s
max time network
80s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10/07/2024, 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mailing.arpynet.com/index.php/campaigns/oo737jlyvt4f0/track-url/yt647c0xqx713/f3a3dc38e0af7750f16b364570c0a5ffb8379c90

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133650714811572692"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 992	2948	chrome.exe	73
PID 2948 wrote to memory of 992	2948	chrome.exe	73
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 5036	2948	chrome.exe	75
PID 2948 wrote to memory of 2060	2948	chrome.exe	76
PID 2948 wrote to memory of 2060	2948	chrome.exe	76
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77
PID 2948 wrote to memory of 2056	2948	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mailing.arpynet.com/index.php/campaigns/oo737jlyvt4f0/track-url/yt647c0xqx713/f3a3dc38e0af7750f16b364570c0a5ffb8379c90
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffecc329758,0x7ffecc329768,0x7ffecc329778
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1788,i,5941482754773322507,12757409737666319664,131072 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1788,i,5941482754773322507,12757409737666319664,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1788,i,5941482754773322507,12757409737666319664,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1788,i,5941482754773322507,12757409737666319664,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1788,i,5941482754773322507,12757409737666319664,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4492 --field-trial-handle=1788,i,5941482754773322507,12757409737666319664,131072 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1788,i,5941482754773322507,12757409737666319664,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1788,i,5941482754773322507,12757409737666319664,131072 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1788,i,5941482754773322507,12757409737666319664,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1788,i,5941482754773322507,12757409737666319664,131072 /prefetch:8
  2⤵
  PID:972

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
5f1d8277b8fc4e62277aae6b1d9c48a6

SHA1
a0120bd917d2716b0c711f53880cee2dc18c1faa

SHA256
24533c25f7fddb8a43f226267998a9707241fb6d00a171e5c495221f91e0a8e9

SHA512
fe24bf4bafcf6d217bb9f23b58e63f351a96d3a1415f410cde56a63e9869ed89cc4a24b7233357fc378bb3ee4c7e3492e4ff7ede8c457fcb31e1dff94fd94999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b72f1e48eec3adcc5e4bcdf6357788e8

SHA1
33c28d8694b7e299d74979580f49bdfc1e86c522

SHA256
b604fe323acd3707e00ac092303cced0402ea7b42da612fde5be5b399ba669ae

SHA512
5d423458d926e9fdf7a4752fc4cc7bcda25774db427c64240613808f78376226d0874a7673306d0362b5dd81d8dfdd321b87707bf0304976eb126af6e701fc69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
bdc40f5fbde651c66c85f65eb2beb6e7

SHA1
fcfa1e4800fee989096384aae509755629a9b894

SHA256
2951e9af9a5757672b66e79aef8fe5a7db029ed87278f41d1b43d35529fab160

SHA512
3d33ebae70ac4f41d1c979ce931d1fce738804ee1f7d650d400f1016ad2b315cb0eccc72d23fba7f55351e0c41116bf1616f0cc62e88c01cea3e5ec19dfe13d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
826489d43ece35abeb0d8cc78f8e0760

SHA1
cab6526dc2ff0e382602df006b081425333b999c

SHA256
a6a176dd554c484f44852ed6aed071b8457b2158e4cf24021c18848dd39cbb9d

SHA512
ae9228ed2e2c19899c6b6dd12996f7298d54c6390222d5c1d3509937e0f9120065e8d902daf51341fd69f581ccb0f725a06c59407cee5ffd7715cf3179047492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e305ac628bd9c914c33841409325fe5f

SHA1
0dcee009b0e7e9e2f900327c413831047d82878c

SHA256
0bd119cd0d4887d5dc8d2a09c338c8e2a9cbea278c409d953a58938261b8058b

SHA512
f5b4861af53c2a168da9abefd71be9dcac1db4d59d8661cc857baae9424b5a0eac71a54d80bf1645528082480590a5c7449314dea2d39ff163c693dcf7311ff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
a0d70abaf806f47f246cf2e53c5647f7

SHA1
44f066a30704c5a38ecb09e5d35a273d17201b7b

SHA256
5c41f06ce375ebddab7abbd7100bcf060601996380da2873a83f7e016f5aefa1

SHA512
d2a96c19f025b52f59589d8dcc9965d33917ae25d34a9f10fafcf15a8ee0a22adbec315c867bcd203501ba67234bd0243c9d79c0b8b85bcf8c4483ac32bae364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
168KB

MD5
a607a0a28d9fef97ceee9b817ab59e9e

SHA1
2db97cbe751fed91b79dcf0586bad82670c77fe6

SHA256
d02e9cd2a971e2e9ebe5abf9af7de1a622dee34e289802b3e00edd0ca81463e3

SHA512
1addc313bc5b0db6d11142421ce026af15ff157bae0106e5c9b9fd558e96189779cff787251354a54db8fafd49b3529667db978f54d7e27c42645707a8b19629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
93a1b389828bf1d33c8e970933b9c125

SHA1
d503a80787da23fb72651e0f6bac8c57726350f2

SHA256
1d4e664b4d5e2e5aa48444c90f7e448635fe9121f3e268ca2e0bb65c75fa2674

SHA512
380eec54ee3110812237a734a1b0c627eab97df96064aaa21480a3c27e2e06ed23b61e486f6a8bd6b2fd84f201499d52e97c7de2ea6828b807cff0b410ee9851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit