Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
20/08/2024, 07:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://tracking.ee.mailbpm.com/tracking/click?d=E4QYpDnfZZjQSfehl9x-DVkxatjgV8ti_nzXHz1iXXwUcGziZEPVDDo3TFAOvK5Gg3jwfDNbTHHPVnzOtfhKgNqF6Vqv6yP5bcQEDD7ZfgE1fKjr_pq5Zr4BPpeu23RMsiurDTJiABBznf4r1TUUApbXYim93CDNmzXSkl1DCzvC7RNVsXmoIlQNK514PsvkAneFWxzNbIhhlYuqpEe__amXQatmcNGBKNrNtp3av4w3jUTxGYU6MuNG8h0zl3WYOUf8GH3fTLMfYV
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
https://tracking.ee.mailbpm.com/tracking/click?d=E4QYpDnfZZjQSfehl9x-DVkxatjgV8ti_nzXHz1iXXwUcGziZEPVDDo3TFAOvK5Gg3jwfDNbTHHPVnzOtfhKgNqF6Vqv6yP5bcQEDD7ZfgE1fKjr_pq5Zr4BPpeu23RMsiurDTJiABBznf4r1TUUApbXYim93CDNmzXSkl1DCzvC7RNVsXmoIlQNK514PsvkAneFWxzNbIhhlYuqpEe__amXQatmcNGBKNrNtp3av4w3jUTxGYU6MuNG8h0zl3WYOUf8GH3fTLMfYV
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133686119720156877" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4512 chrome.exe 4512 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4512 chrome.exe 4512 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe Token: SeShutdownPrivilege 4512 chrome.exe Token: SeCreatePagefilePrivilege 4512 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe 4512 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4512 wrote to memory of 5044 4512 chrome.exe 84 PID 4512 wrote to memory of 5044 4512 chrome.exe 84 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 724 4512 chrome.exe 85 PID 4512 wrote to memory of 2276 4512 chrome.exe 86 PID 4512 wrote to memory of 2276 4512 chrome.exe 86 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87 PID 4512 wrote to memory of 5004 4512 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tracking.ee.mailbpm.com/tracking/click?d=E4QYpDnfZZjQSfehl9x-DVkxatjgV8ti_nzXHz1iXXwUcGziZEPVDDo3TFAOvK5Gg3jwfDNbTHHPVnzOtfhKgNqF6Vqv6yP5bcQEDD7ZfgE1fKjr_pq5Zr4BPpeu23RMsiurDTJiABBznf4r1TUUApbXYim93CDNmzXSkl1DCzvC7RNVsXmoIlQNK514PsvkAneFWxzNbIhhlYuqpEe__amXQatmcNGBKNrNtp3av4w3jUTxGYU6MuNG8h0zl3WYOUf8GH3fTLMfYV1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc1908cc40,0x7ffc1908cc4c,0x7ffc1908cc582⤵PID:5044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1864,i,4157847014945155652,2215328690603998060,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1856 /prefetch:22⤵PID:724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1844,i,4157847014945155652,2215328690603998060,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2084 /prefetch:32⤵PID:2276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1976,i,4157847014945155652,2215328690603998060,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:82⤵PID:5004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,4157847014945155652,2215328690603998060,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:12⤵PID:2976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,4157847014945155652,2215328690603998060,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:12⤵PID:1948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,4157847014945155652,2215328690603998060,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:82⤵PID:4416
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4728
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1044
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5b2cad2fa4c83ef3637e5c4bbf0f1f39b
SHA102f4948bf1fe6a4579b61f7a7e01dfd94ccbd2c3
SHA256c3e7029a9aada3a852f79f3ca1e562ecb599f5e8cb6d861f22da458bab6575dd
SHA51270a81f7233d412d456cdee81ad4df3244bb68b753ca111bf11d78bd508585d3a63b1e0cf4ad126079991af96e51befbadc3c74871ccf19939eb48b96d8d5d3e5
-
Filesize
1KB
MD58b29dd72d465dadbdc4a1aa18ba7e6a2
SHA100e18b9cb5d8ce5c95f11c0d2e84e07642e2abf5
SHA2566944b607406540913d95a15d1e376c9fe37f4160876e997eb839fed835385338
SHA5126be5af36b1877a9960c8cc97c1f6c228590d6b18be3706ac656af6d9b1a7f9923872900145632192d5af4739ae0a4d914eb6a72382406ae561436239e0f79686
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD58ce93af52b2a7463caaa124fc0fc4e52
SHA137a347ec9494cbc5c8e8a2b92c0893ff5e0a8cde
SHA2560ed0be014a686e982a8280dd0227e9771630193683b78d5c5da5067f7e2f9cc5
SHA5124ba879846c1e687c3fea3e7b6174cc74c16dd8b580b20ce427b8b38187dacde9deec6064c2be7af8e7032991dc86e0f33b0ed374c755e2d683d67a2b8643e0ed
-
Filesize
9KB
MD593caf5813322fd0c56571f011796587e
SHA19a3c671f313e9417b5d7f73226feab63174df3cb
SHA2563e0e6ba532f5cd55e1b5f2bfece1dd611b85cbc87ababbea3c1bb45d7f775a19
SHA5125791f96a73dd85a9746c16513dd33eacb8863a2862a748995f48a5627dbd827571138bc883a8e81a08fa69fc04bd2bd951bcff729dd00bc2a16cac6728eab0eb
-
Filesize
9KB
MD5f10b95fae52985ed4e09277866e85e9e
SHA1db7ada028b367e3a8b52b7618a343023f2b50811
SHA256fa5195c1a38e9c3bceeebca85322c8b107ee37033fb412e031c56d0535ccd569
SHA512d42afabbb5050deed045090ff3f56d7e5c623ec80f48de3b99649fd65879b026a02f1f1502373c690715e0e8d9b5a4d74f5adbf825cf62454064042f7fe8ad39
-
Filesize
9KB
MD59c8651eaf1d1e33bdaa1a632c4387ba3
SHA124818a19c930512b1460b746a59f0e3f282fe54e
SHA25610e8609603f2676bc79fa1bab9fce62f0012be437516dfeffce56c14530ab804
SHA51227daa4269cad0e0e4521fa6ee0407f2182759dc915e600021f14e4e8372cdbca92aea31a74633e02d2a4994879a0bee51a320c509a8e9f718c8edb0e5836dde9
-
Filesize
9KB
MD5fe05077a53086518d6e3223703309f96
SHA181f095d5e2ffe59bce6531014c8f602f20d0679c
SHA256faef308d59e75f6385102655d8970713977e0c3354814035713cd9a213830d74
SHA512d68442f418d5bba49d75d73419e9d9fa4a8118f5ea1f32c2d389ab923963dfdc019874dd768c28bb54a9e3f26ceb656a65ccd95ecc56dd279d83ec7ffb8e717a
-
Filesize
9KB
MD584549ae72c02892c92b3762e7126ec14
SHA128460aebb4c28412b4c517a094d7eab7bdeffe1e
SHA256db6f8ee14c62a2c549d35267f37ef47f51b3deeb738ae9c345f74456192657ea
SHA51276811960acec802de72280031ad03e1549d98432c6b6312916dc1329b1cea938cbe547490171f4ed7994ffe6927d27334a61be3054b7b6e55c0adf1d77325481
-
Filesize
9KB
MD5158e269cfc1c1684e2f05d5f6a1b235c
SHA1acca0dfdc56d113e7f1a1831765265f91459962e
SHA25648fa4bff752a71aaf9c3e0253c2915175b003ea8adde788a6f64ecddf312bff1
SHA512f396dd0ea4bafc3d94eaa7bf743da1fb6acd806985c044e10e0cc8ba0f87883adb75edda71c8f3385d4ddad2438ece2cf82277389313c424d7948ac6c167f8ad
-
Filesize
99KB
MD53b850e2742f07f2ac2ba68ef2369dbe5
SHA17d6eb647fe3f8db01523be018c33035b86c2d7e9
SHA256d6827132811168070a965788bac5357252620c0dcc3aaab0c77f299b924c3ae9
SHA51290b1d91b95e0388cd9e507967d3b15e0ce8d4479e649df76985ee27cd8d30124b926b464b3818bc87b2b3d12db854234c9b0a8e59ada743ab83edfa52d811c2e
-
Filesize
99KB
MD5783d8eeb8ece22e98cb50facbbe71213
SHA117bc04e2630ead845280e714b955ffad2921b6e6
SHA256f0f106c37c860fb90144c800972ff6a815bca23de500fd900ad27f60f1eb45be
SHA512f948c86215d87a8a08d7291c19e1e1fed6f734d612274da71c4ffbc7e3ac685da9fee2022d1e82a377eaa511ea0f6f33f2cef5cc574d82d47a31ab206de5e874