hxxp://email[.]signupgenius[.]com/ls/click?upn=u001[.]FkPohkfojkUvE3RHQ7-2FK6zLGFIg5E-2BVpRIVNi-2Fi33FehVRwkqPiRzPNDKbOZlYIto6C9NsUR49Vp2MLfMQEkp1oS-2BL1Z0JI934UccYQ660fYT-2Fc5pYCe2jTVrzsGqKdD44nbwrpGbH2MJ2VSXgX7kkl-2Fa7Cu7NXz-2BDaam-2FNGd0NCgDJQACouKmCkfR60hfY7ZnmS1MS-2BeO-2Fy-2BZTArui-2FqsQjvNCB27RgPGrUIVSioqkG5H62M1R3Ng88FnUHyqdTuJ1UG58T6kHh-2FdlnH1vIHyak-2BdJGnEE-2FnrGk0vcZje5WmaA00QdrwEuK-2BCv5v-2FC8GhY7q9wDH2iOoaDHW9XDu3G3urL-2BkBuU5K7JzfrqUZlYoPnVdHzc6y7DrOdcdmrkfHKERN-2F9si8K-2Bbu1FTevmXs7O74lveczX-2BuONW-2BC8f2gpzclQimaOc0ZFzSf-2FtiUCd2CIWuHyBb8Z2I0fiWBwLu8Iz4v4ZM6zTMhr0H-2FgvlED8ANXrRPxwVgm9-2F5-2FPKfXDeRZ7TlPTOB5GvP9UZXNu1AMfG699TC4DkWwQ-2FbPTIvvt25NDCW6I4CBTRD2EGjEV5MBeGquh0tVvo-2FBe2yC9VvnWVP4q9R0EG8rE7aZYWeYnu7FrDJ0rr50D0mbFeXnJJFiN8kolQQT-2Fayee77im6LysDiZXSHPoe9lY5siWNk3CWLn-2B0mvNxSvUgrFFTbujLhGEsXJOGG3ThdtNei0wzacAhFRhYoudBZOX-2BLDgk-3DF2PV_4XWOrrRSMRwyoYFuhGrt7GwY4iCKI-2BcFpARIKoC2-2FGE8MrSGIXM2XWZxbwa5YBV3OAeh3QZY5d-2FoUNMjMM-2FGLf5GoPgf1v38G4mJnlbEWs59lLo7oFtxBxri-2B9XZM-2BhLyL0Dc35UbDpJL8Lfa5V6kmcGewdT8kGmD6iXx053C1gOz19UdjmmEC1zQO8ZJu8wLbM3JS7odEuP5DCSwthzzBd3JC08xts-2FWQV-2B6x4M8vQAiiQeLS0OAkhYZiYabwhRNqt997WM7Ssq3o1piNyIgzfpQzIWYkI5NVv9bELF-2FbDzIyPJ4-2BdN5pd77NB6sb4OcwSM6EJNbOIxisf3pz97WCP9BC97X7DFjsPEJ258JtncbDLPKvXBnQeYww4NdW-2Fvfz-2BQeyZ2i3lXwZOUV2V74NlfFTT2I1crA4JxsAksZW2T8r52EtaYlCu80ZEcB1dC3Sk16OfIJbELrLZsr48OiScGEEXzvhtLRx748WtmmhkA5fJKG45UZcoGVcn6MNg07bYRLtGAfN9BWAg1UUrzEOvR7yri4MzgC-2BfPjvmFgSYVhE20VCPpk0SVwQN8pJNH6ShGo1jaZ06HKQhyEGlIHQKqqZY1HNfS3OWkz3Kg6FnOjDB5ry3Zz9zryZZjrrpducmKbdFd613c3cMxIxT7jIbizOaaKHZHU3EDEIBE2aNCTYg54U3Oo2O2iveMbJREMg5wdtU9hjK9KRVs8tla-2F7yqcsWzb01Whzf11L7xTQ9WexcuMNFEMTuNAeQfNwSbYj-2B9XhfsojP65iC-2FXhLsPRjqRkG9Cwj2nWsSCrycDOhkw4-2FXGidvKSVTCHc0y-2B-2BrnAzoz-2FdPycKSh-2FpecNs9TmDQG5Ufh-2FKJpI-2FLcap4o8XL134nDGtOxPs6Fo961IGvFoOPlyCfMHY-2FuLnoM0tYoV2G5GifkE8fEpnI8QNQqn-2BXk22o3y9x-2BzD-2Fyci4tcbGEc3dAG3kSJlJg6w-2Fhl2WXG79vyG-2BBBjRd9siVKHLZSVUDX4JfuP9PuEqFJIE2LPKp4FZtXubdiIl0OEwKp-2BjQ6SGJNt2TvSRtvXyWU6E2nUXlxF71Cfc6y5UyIbfq-2F5y

Analysis

max time kernel
38s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-09-2024 15:23

Sharing

Behavioral task

behavioral1

Sample

http://email.signupgenius.com/ls/click?upn=u001.FkPohkfojkUvE3RHQ7-2FK6zLGFIg5E-2BVpRIVNi-2Fi33FehVRwkqPiRzPNDKbOZlYIto6C9NsUR49Vp2MLfMQEkp1oS-2BL1Z0JI934UccYQ660fYT-2Fc5pYCe2jTVrzsGqKdD44nbwrpGbH2MJ2VSXgX7kkl-2Fa7Cu7NXz-2BDaam-2FNGd0NCgDJQACouKmCkfR60hfY7ZnmS1MS-2BeO-2Fy-2BZTArui-2FqsQjvNCB27RgPGrUIVSioqkG5H62M1R3Ng88FnUHyqdTuJ1UG58T6kHh-2FdlnH1vIHyak-2BdJGnEE-2FnrGk0vcZje5WmaA00QdrwEuK-2BCv5v-2FC8GhY7q9wDH2iOoaDHW9XDu3G3urL-2BkBuU5K7JzfrqUZlYoPnVdHzc6y7DrOdcdmrkfHKERN-2F9si8K-2Bbu1FTevmXs7O74lveczX-2BuONW-2BC8f2gpzclQimaOc0ZFzSf-2FtiUCd2CIWuHyBb8Z2I0fiWBwLu8Iz4v4ZM6zTMhr0H-2FgvlED8ANXrRPxwVgm9-2F5-2FPKfXDeRZ7TlPTOB5GvP9UZXNu1AMfG699TC4DkWwQ-2FbPTIvvt25NDCW6I4CBTRD2EGjEV5MBeGquh0tVvo-2FBe2yC9VvnWVP4q9R0EG8rE7aZYWeYnu7FrDJ0rr50D0mbFeXnJJFiN8kolQQT-2Fayee77im6LysDiZXSHPoe9lY5siWNk3CWLn-2B0mvNxSvUgrFFTbujLhGEsXJOGG3ThdtNei0wzacAhFRhYoudBZOX-2BLDgk-3DF2PV_4XWOrrRSMRwyoYFuhGrt7GwY4iCKI-2BcFpARIKoC2-2FGE8MrSGIXM2XWZxbwa5YBV3OAeh3QZY5d-2FoUNMjMM-2FGLf5GoPgf1v38G4mJnlbEWs59lLo7oFtxBxri-2B9XZM-2BhLyL0Dc35UbDpJL8Lfa5V6kmcGewdT8kGmD6iXx053C1gOz19UdjmmEC1zQO8ZJu8wLbM3JS7odEuP5DCSwthzzBd3JC08xts-2FWQV-2B6x4M8vQAiiQeLS0OAkhYZiYabwhRNqt997WM7Ssq3o1piNyIgzfpQzIWYkI5NVv9bELF-2FbDzIyPJ4-2BdN5pd77NB6sb4OcwSM6EJNbOIxisf3pz97WCP9BC97X7DFjsPEJ258JtncbDLPKvXBnQeYww4NdW-2Fvfz-2BQeyZ2i3lXwZOUV2V74NlfFTT2I1crA4JxsAksZW2T8r52EtaYlCu80ZEcB1dC3Sk16OfIJbELrLZsr48OiScGEEXzvhtLRx748WtmmhkA5fJKG45UZcoGVcn6MNg07bYRLtGAfN9BWAg1UUrzEOvR7yri4MzgC-2BfPjvmFgSYVhE20VCPpk0SVwQN8pJNH6ShGo1jaZ06HKQhyEGlIHQKqqZY1HNfS3OWkz3Kg6FnOjDB5ry3Zz9zryZZjrrpducmKbdFd613c3cMxIxT7jIbizOaaKHZHU3EDEIBE2aNCTYg54U3Oo2O2iveMbJREMg5wdtU9hjK9KRVs8tla-2F7yqcsWzb01Whzf11L7xTQ9WexcuMNFEMTuNAeQfNwSbYj-2B9XhfsojP65iC-2FXhLsPRjqRkG9Cwj2nWsSCrycDOhkw4-2FXGidvKSVTCHc0y-2B-2BrnAzoz-2FdPycKSh-2FpecNs9TmDQG5Ufh-2FKJpI-2FLcap4o8XL134nDGtOxPs6Fo961IGvFoOPlyCfMHY-2FuLnoM0tYoV2G5GifkE8fEpnI8QNQqn-2BXk22o3y9x-2BzD-2Fyci4tcbGEc3dAG3kSJlJg6w-2Fhl2WXG79vyG-2BBBjRd9siVKHLZSVUDX4JfuP9PuEqFJIE2LPKp4FZtXubdiIl0OEwKp-2BjQ6SGJNt2TvSRtvXyWU6E2nUXlxF71Cfc6y5UyIbfq-2F5y

Resource

win10v2004-20240802-en

discovery

windows10-2004-x64

9 signatures

150 seconds

Report Analysis Logs

General

Target

http://email.signupgenius.com/ls/click?upn=u001.FkPohkfojkUvE3RHQ7-2FK6zLGFIg5E-2BVpRIVNi-2Fi33FehVRwkqPiRzPNDKbOZlYIto6C9NsUR49Vp2MLfMQEkp1oS-2BL1Z0JI934UccYQ660fYT-2Fc5pYCe2jTVrzsGqKdD44nbwrpGbH2MJ2VSXgX7kkl-2Fa7Cu7NXz-2BDaam-2FNGd0NCgDJQACouKmCkfR60hfY7ZnmS1MS-2BeO-2Fy-2BZTArui-2FqsQjvNCB27RgPGrUIVSioqkG5H62M1R3Ng88FnUHyqdTuJ1UG58T6kHh-2FdlnH1vIHyak-2BdJGnEE-2FnrGk0vcZje5WmaA00QdrwEuK-2BCv5v-2FC8GhY7q9wDH2iOoaDHW9XDu3G3urL-2BkBuU5K7JzfrqUZlYoPnVdHzc6y7DrOdcdmrkfHKERN-2F9si8K-2Bbu1FTevmXs7O74lveczX-2BuONW-2BC8f2gpzclQimaOc0ZFzSf-2FtiUCd2CIWuHyBb8Z2I0fiWBwLu8Iz4v4ZM6zTMhr0H-2FgvlED8ANXrRPxwVgm9-2F5-2FPKfXDeRZ7TlPTOB5GvP9UZXNu1AMfG699TC4DkWwQ-2FbPTIvvt25NDCW6I4CBTRD2EGjEV5MBeGquh0tVvo-2FBe2yC9VvnWVP4q9R0EG8rE7aZYWeYnu7FrDJ0rr50D0mbFeXnJJFiN8kolQQT-2Fayee77im6LysDiZXSHPoe9lY5siWNk3CWLn-2B0mvNxSvUgrFFTbujLhGEsXJOGG3ThdtNei0wzacAhFRhYoudBZOX-2BLDgk-3DF2PV_4XWOrrRSMRwyoYFuhGrt7GwY4iCKI-2BcFpARIKoC2-2FGE8MrSGIXM2XWZxbwa5YBV3OAeh3QZY5d-2FoUNMjMM-2FGLf5GoPgf1v38G4mJnlbEWs59lLo7oFtxBxri-2B9XZM-2BhLyL0Dc35UbDpJL8Lfa5V6kmcGewdT8kGmD6iXx053C1gOz19UdjmmEC1zQO8ZJu8wLbM3JS7odEuP5DCSwthzzBd3JC08xts-2FWQV-2B6x4M8vQAiiQeLS0OAkhYZiYabwhRNqt997WM7Ssq3o1piNyIgzfpQzIWYkI5NVv9bELF-2FbDzIyPJ4-2BdN5pd77NB6sb4OcwSM6EJNbOIxisf3pz97WCP9BC97X7DFjsPEJ258JtncbDLPKvXBnQeYww4NdW-2Fvfz-2BQeyZ2i3lXwZOUV2V74NlfFTT2I1crA4JxsAksZW2T8r52EtaYlCu80ZEcB1dC3Sk16OfIJbELrLZsr48OiScGEEXzvhtLRx748WtmmhkA5fJKG45UZcoGVcn6MNg07bYRLtGAfN9BWAg1UUrzEOvR7yri4MzgC-2BfPjvmFgSYVhE20VCPpk0SVwQN8pJNH6ShGo1jaZ06HKQhyEGlIHQKqqZY1HNfS3OWkz3Kg6FnOjDB5ry3Zz9zryZZjrrpducmKbdFd613c3cMxIxT7jIbizOaaKHZHU3EDEIBE2aNCTYg54U3Oo2O2iveMbJREMg5wdtU9hjK9KRVs8tla-2F7yqcsWzb01Whzf11L7xTQ9WexcuMNFEMTuNAeQfNwSbYj-2B9XhfsojP65iC-2FXhLsPRjqRkG9Cwj2nWsSCrycDOhkw4-2FXGidvKSVTCHc0y-2B-2BrnAzoz-2FdPycKSh-2FpecNs9TmDQG5Ufh-2FKJpI-2FLcap4o8XL134nDGtOxPs6Fo961IGvFoOPlyCfMHY-2FuLnoM0tYoV2G5GifkE8fEpnI8QNQqn-2BXk22o3y9x-2BzD-2Fyci4tcbGEc3dAG3kSJlJg6w-2Fhl2WXG79vyG-2BBBjRd9siVKHLZSVUDX4JfuP9PuEqFJIE2LPKp4FZtXubdiIl0OEwKp-2BjQ6SGJNt2TvSRtvXyWU6E2nUXlxF71Cfc6y5UyIbfq-2F5y

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133697642429377418"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3156	chrome.exe
3156	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe
3156	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 556	3156	chrome.exe	83
PID 3156 wrote to memory of 556	3156	chrome.exe	83
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3372	3156	chrome.exe	84
PID 3156 wrote to memory of 3416	3156	chrome.exe	85
PID 3156 wrote to memory of 3416	3156	chrome.exe	85
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86
PID 3156 wrote to memory of 1244	3156	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://email.signupgenius.com/ls/click?upn=u001.FkPohkfojkUvE3RHQ7-2FK6zLGFIg5E-2BVpRIVNi-2Fi33FehVRwkqPiRzPNDKbOZlYIto6C9NsUR49Vp2MLfMQEkp1oS-2BL1Z0JI934UccYQ660fYT-2Fc5pYCe2jTVrzsGqKdD44nbwrpGbH2MJ2VSXgX7kkl-2Fa7Cu7NXz-2BDaam-2FNGd0NCgDJQACouKmCkfR60hfY7ZnmS1MS-2BeO-2Fy-2BZTArui-2FqsQjvNCB27RgPGrUIVSioqkG5H62M1R3Ng88FnUHyqdTuJ1UG58T6kHh-2FdlnH1vIHyak-2BdJGnEE-2FnrGk0vcZje5WmaA00QdrwEuK-2BCv5v-2FC8GhY7q9wDH2iOoaDHW9XDu3G3urL-2BkBuU5K7JzfrqUZlYoPnVdHzc6y7DrOdcdmrkfHKERN-2F9si8K-2Bbu1FTevmXs7O74lveczX-2BuONW-2BC8f2gpzclQimaOc0ZFzSf-2FtiUCd2CIWuHyBb8Z2I0fiWBwLu8Iz4v4ZM6zTMhr0H-2FgvlED8ANXrRPxwVgm9-2F5-2FPKfXDeRZ7TlPTOB5GvP9UZXNu1AMfG699TC4DkWwQ-2FbPTIvvt25NDCW6I4CBTRD2EGjEV5MBeGquh0tVvo-2FBe2yC9VvnWVP4q9R0EG8rE7aZYWeYnu7FrDJ0rr50D0mbFeXnJJFiN8kolQQT-2Fayee77im6LysDiZXSHPoe9lY5siWNk3CWLn-2B0mvNxSvUgrFFTbujLhGEsXJOGG3ThdtNei0wzacAhFRhYoudBZOX-2BLDgk-3DF2PV_4XWOrrRSMRwyoYFuhGrt7GwY4iCKI-2BcFpARIKoC2-2FGE8MrSGIXM2XWZxbwa5YBV3OAeh3QZY5d-2FoUNMjMM-2FGLf5GoPgf1v38G4mJnlbEWs59lLo7oFtxBxri-2B9XZM-2BhLyL0Dc35UbDpJL8Lfa5V6kmcGewdT8kGmD6iXx053C1gOz19UdjmmEC1zQO8ZJu8wLbM3JS7odEuP5DCSwthzzBd3JC08xts-2FWQV-2B6x4M8vQAiiQeLS0OAkhYZiYabwhRNqt997WM7Ssq3o1piNyIgzfpQzIWYkI5NVv9bELF-2FbDzIyPJ4-2BdN5pd77NB6sb4OcwSM6EJNbOIxisf3pz97WCP9BC97X7DFjsPEJ258JtncbDLPKvXBnQeYww4NdW-2Fvfz-2BQeyZ2i3lXwZOUV2V74NlfFTT2I1crA4JxsAksZW2T8r52EtaYlCu80ZEcB1dC3Sk16OfIJbELrLZsr48OiScGEEXzvhtLRx748WtmmhkA5fJKG45UZcoGVcn6MNg07bYRLtGAfN9BWAg1UUrzEOvR7yri4MzgC-2BfPjvmFgSYVhE20VCPpk0SVwQN8pJNH6ShGo1jaZ06HKQhyEGlIHQKqqZY1HNfS3OWkz3Kg6FnOjDB5ry3Zz9zryZZjrrpducmKbdFd613c3cMxIxT7jIbizOaaKHZHU3EDEIBE2aNCTYg54U3Oo2O2iveMbJREMg5wdtU9hjK9KRVs8tla-2F7yqcsWzb01Whzf11L7xTQ9WexcuMNFEMTuNAeQfNwSbYj-2B9XhfsojP65iC-2FXhLsPRjqRkG9Cwj2nWsSCrycDOhkw4-2FXGidvKSVTCHc0y-2B-2BrnAzoz-2FdPycKSh-2FpecNs9TmDQG5Ufh-2FKJpI-2FLcap4o8XL134nDGtOxPs6Fo961IGvFoOPlyCfMHY-2FuLnoM0tYoV2G5GifkE8fEpnI8QNQqn-2BXk22o3y9x-2BzD-2Fyci4tcbGEc3dAG3kSJlJg6w-2Fhl2WXG79vyG-2BBBjRd9siVKHLZSVUDX4JfuP9PuEqFJIE2LPKp4FZtXubdiIl0OEwKp-2BjQ6SGJNt2TvSRtvXyWU6E2nUXlxF71Cfc6y5UyIbfq-2F5y
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffafd94cc40,0x7ffafd94cc4c,0x7ffafd94cc58
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,4805376239342058208,1083723559974332398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,4805376239342058208,1083723559974332398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,4805376239342058208,1083723559974332398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1840 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3032,i,4805376239342058208,1083723559974332398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3036,i,4805376239342058208,1083723559974332398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3024,i,4805376239342058208,1083723559974332398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3400,i,4805376239342058208,1083723559974332398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3376 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4332,i,4805376239342058208,1083723559974332398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4516,i,4805376239342058208,1083723559974332398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4948,i,4805376239342058208,1083723559974332398,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3660

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1e984d9a25e5494fe99203eaa762931f

SHA1
27899493a85b460fc9fa36685226b063ace856ea

SHA256
8661ffcf34a5306fbde4fa391a96aea1be04916c383754829269405826e012ea

SHA512
3a3c322ab75bbe886065805c22187c90e6a09f1fa2337ad2294d3be0b5fc27e5a95489a9a6bb9e69208bc65c45a6e0707f308f70afba4d20b974d0b315ada57f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
e595d6b1da4cdf32861e8d4844b81294

SHA1
72a517fd068d75aef2113ff82bdbba6d8829d2da

SHA256
86e6ca793703b54c5e62cc116932c66c06a5ffd7cf7265b50abaacfd1050e7d7

SHA512
ddd08cdc2275fe9ef3063b316cde599ef47e451ff4ea04f724f75becd243e67076074bc0bcb41f89f822748c2c978d18c309a61c599782814346263a71c4654d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
e12a27f373615129797c0414bf5f4996

SHA1
6723a1b5f5f6563f10d16505ce85b5e0059a8c19

SHA256
36d42b1626e5a349590bb85e3985f43e5babbfeaafad89cc8a2ebdb65e06fa21

SHA512
d48626ad9844675ba99ef8886235fb56620588de7de5e94b0fe2f8624c58f8b249087f77cd8693612df33186ac767cbf5fc83e57be72213b64de4aad53c375ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93fff4974959b87fcc88284ec44e03ad

SHA1
14354e04126dbbfda6eda0f295da6abc24d2fe96

SHA256
7be11c1c3c52756e742bfd4293f86a600e38930601a8c93a6ff971907f313123

SHA512
849f34af0089abb43ece49bcc463265ab0cd3c70a85454ab9f1a59fd218e8e01b8cb4eea8e8c66105c02b1e8a3f5e5f719ec8735e2e09fd9b97d3216924c82eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e600d5bd093e96a93b83d1c904e7c3e5

SHA1
74159a3bfc4c74077e1f6d46587e30745ecbdc6a

SHA256
34eef7cc2dfa5cff1f4bf1d0fdd24a414c43238e196c90d7216718feec240cdb

SHA512
32111252c13d8ee4aa60f21d110731f68b92c33616a04332a49550112abb22ac86fc803a5e101629cab9d21159a20c455e6fe847e1be245c8c46ed349059de1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c09cff14f262f6522dc7c6a0dc475208

SHA1
cd5943a56008fddbbf4cc3be47b6cb49cbf66573

SHA256
7d8744635f611acec0aadb91eb772bae665196951feab28789c30d7aa63f082f

SHA512
3f17bb30c5c861fc3dbd1900607804f807f1e9b7ab462cc7e1889ef2ea9f74bdf561a19b168b3e0cf4e5123be6e9f644239324aaf20326e5c29fd7593c7f408d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
74591e42289c16a4f3ee1a7551a27429

SHA1
eec86997ea222b72da6498c02fab85064c131cc9

SHA256
5464c3be872bd7f482feaaffd8ee5677ed5c6d4a40e8666926a766678a8562f7

SHA512
44db0b75f4b3c1afe2f7e95c4c462f53bc6cffbae3707e2af1d9a55ba79c82f4447574e5047075360228a7402dcd18ceba5727b6dcd9dc3f2f3f6e90e6950fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ba6486c91f44d51af4344b2ee8411ec7

SHA1
c211cbc908a996c8126dfdc96a0ad11392afbf4a

SHA256
2cc38243c87fd16e5a97c81b2f68463409afb60ba93e7d3c4c85fe6ccc9b899d

SHA512
841f637a60979b60bf113ac4fc44e78fe2b77b980fbe6b1a8eb79fd40a9bd9ecd6db3ff6d1bda771fcef5fee4df4e222c3af5e9fee7bc7e411219ff93ab62560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
81ad33579008548d6226b61db383c0b2

SHA1
7e962451515865db54ac2b88f1f1ddac5d921e4a

SHA256
47cbd1efdae31d2db3643c1f8273d061d744518edf88232b43f265a93e0e8b2b

SHA512
de12b54857be6d923fa80db84ecc76e66c21695c2ced1d428877c2cba0cf32a3c45cb8ac39baf422340e111b1d9abf824d018c04e63999f85200e357e2d74676

Download Submit