Analysis
-
max time kernel
149s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05-09-2024 22:20
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://secure-mail.web.magnetonics.com
Resource
win10v2004-20240802-en
windows10-2004-x64
10 signatures
150 seconds
General
-
Target
https://secure-mail.web.magnetonics.com
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700484360623086" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3156 chrome.exe 3156 chrome.exe 2580 chrome.exe 2580 chrome.exe 2580 chrome.exe 2580 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3156 chrome.exe 3156 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe Token: SeShutdownPrivilege 3156 chrome.exe Token: SeCreatePagefilePrivilege 3156 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe 3156 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3156 wrote to memory of 3480 3156 chrome.exe 83 PID 3156 wrote to memory of 3480 3156 chrome.exe 83 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 4648 3156 chrome.exe 84 PID 3156 wrote to memory of 3048 3156 chrome.exe 85 PID 3156 wrote to memory of 3048 3156 chrome.exe 85 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86 PID 3156 wrote to memory of 3460 3156 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://secure-mail.web.magnetonics.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3156 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd49ffcc40,0x7ffd49ffcc4c,0x7ffd49ffcc582⤵PID:3480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,5960214346695009981,5415953602080110487,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1952 /prefetch:22⤵PID:4648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,5960214346695009981,5415953602080110487,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:32⤵PID:3048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,5960214346695009981,5415953602080110487,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2384 /prefetch:82⤵PID:3460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,5960214346695009981,5415953602080110487,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:12⤵PID:232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,5960214346695009981,5415953602080110487,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:12⤵PID:4800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4444,i,5960214346695009981,5415953602080110487,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:82⤵PID:4184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4716,i,5960214346695009981,5415953602080110487,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:2580
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2456
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3136
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD533546f9b4ab33038e3280d70335e51ae
SHA116ab28c9bfadd04739a986bc46684f213a310adc
SHA256b715918d79fe453637865d5b06f839e20c909d9ac9d3ca0f4ada0ca757ebea1d
SHA512e72f5a2a72b30b0f0e9582880778643c3a9b8b3a238f75076ab4de32fde0f3e999ea8bf01d1afa56cda1ea392c8a24e98dc3b43096f4f88d6c91b715f6937627
-
Filesize
1KB
MD55b69dfc7971fa1e2b0da17e382f83732
SHA1e7bba27f96f7ca48a9b7c1bc5b68053367b2057a
SHA2563d5a0a51bd8c68c5f5f7d8620784bde20f6c61156ef9a7c96b7ced7037cd576e
SHA5125b2427cb44a4238f3faca904d0a6ee17e5082cd7e8da2a490bd664efe21ebbfdd981ee3048ec6eef4ef7bdc13ccb813e76a2b055dc1d2394724db8239a323f5b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
691B
MD53735311e668fc0edd45772eeab80a85a
SHA15fe2c14e96729393a95d88c1876bad8644a329eb
SHA25689c3cd72ffdc0ab2a61000d06a8e9e8a934c7026ff76b045c2a227cd4d534ba7
SHA512092b7467e24e491c49430c4f4ddbc9e8400c7f93ab15c4a6421e7f0bcb0679bb7ffc5fce656fb09b1b8012aed95771234eba20783118dd4047c7c042a0c715d6
-
Filesize
9KB
MD591ed5c363965fe569bcf6c07ee05b1f4
SHA137056601eb3164049fc41b69e07bf5c568ec3a1d
SHA256b23cebf8424c5fc1cbb946a844757b384858836f1a53b718bd7b845fe893e07f
SHA512addf5232482e526e1d6c8f8e2d0be5b9dd03019fb2bea3ba6272e47a8d45338dc88aa1ec5ad4584e550e943e509fe84184705c40816ba7dc39b984432c8c3e01
-
Filesize
9KB
MD52ad5a511b8b263a82a98ac485b465c56
SHA1f70c2d366dd30aa9f1ade683db53497e3e600de1
SHA256ec5d8b61e07e810ce908391ae27d80c1fae850cc629c8ef16dab48c09c2cf4f5
SHA512215fd1574642cea530d7af66a0ffe123d05449807fbe6a2ed3611176f2cb710ccf673740ec05bb96a75ad86fda67ee4d4f3fd6fb8221844b95daa2516dbfb492
-
Filesize
9KB
MD514a247a30cd968dea9c3fa2672addc62
SHA1537dbafe52dcdcd26d95e78ea0d8d26462458a1b
SHA25641ffa9f1fccd3961cb20227b6b5eb2c947b28c6e514898c4c240f520402ccfcf
SHA512b9bf84e5e8f9d247fde2da76ecf17e38d3544e79b65c8a525144c4fe333008243f80d00b12a57ee1b0f9a40fdbe9317e57752e32f8e771f58831c0e4be40ce11
-
Filesize
9KB
MD5ce3097739d7866e200a7e7af1d2ef18b
SHA1bef1df068e02839842f53672f2372301887f7b88
SHA256983764e435532a063c2b6fb98fb7840917061a1421a4a4add41fbffeca7fd9e7
SHA51222a34376bf408f00f1ad5239c917b720f47c0f7c52b82c2b2b961151488b3efae5807dd83f56e539257dda92edfa4d892c7a84ed03a8e28e0d4dc2d914715d65
-
Filesize
9KB
MD5486daddb5414f2763a29366b1d0394c8
SHA175bed945f023ef3371bbcddc5a39397f0fe8d81e
SHA256e583261b086832e11b86a309ed7a344ddefcce4ae594213067d0232653bf0023
SHA51251db9ffdd58c525bf5fba37538aaf1093ac1fc9a8f2ad9b50285eb516de6d22798501eadc3c6f48bb0e66321e8a945dfd99fc8f2c0b8bdbf175d6e907d567975
-
Filesize
99KB
MD5be2120d36060d14612c580107c7f39c8
SHA143dad3bdad01012bf252f4d57e877acb3659a647
SHA2562825ff603f349f401f4c0a64ad297a1e23f11c777b7c1b840ece3a37427ca1c6
SHA512da88b9b8a17d094d8f8a9269f430bc39c44c1b6a9c266e52a5f38ce3718f15cca0c1662971e67a0170293c634108d4c53b28d06695551f555dfaefd9e60cb525
-
Filesize
99KB
MD55a4d6301bc84b59fa4e2fcf441a0ffec
SHA1760bdf2cfb5a7f1d4e3bb88dc5976b8195baeb03
SHA256c71a2a00296021a29b6e4d5ccac5b7d2766900305c3567bd960c3d3556212aa5
SHA5124d5192f3be74ca36a92d5b6cb63b2670356eddfbde014cd975c57d4b19c4d668be895b45a06369ff9db4b79ff044aab89cb9697368ef8244e349bd633ea14b72