hxxps://sfo3[.]digitaloceanspaces[.]com/pay1docxfolder2/itemsfoxenpdf/attach[.]html?_kx=EFWFaq8vjRvjdRJzSw1Qyg[.]YvuLmS

Analysis

max time kernel
555s
max time network
548s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
14/11/2024, 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sfo3.digitaloceanspaces.com/pay1docxfolder2/itemsfoxenpdf/attach.html?_kx=EFWFaq8vjRvjdRJzSw1Qyg.YvuLmS

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760689802956673"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 55 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000c1f5fcc06f25db015dde3fe67c25db01554142e67c25db0114000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
392	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 5052	2220	chrome.exe	81
PID 2220 wrote to memory of 5052	2220	chrome.exe	81
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1092	2220	chrome.exe	82
PID 2220 wrote to memory of 1028	2220	chrome.exe	83
PID 2220 wrote to memory of 1028	2220	chrome.exe	83
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84
PID 2220 wrote to memory of 2372	2220	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://sfo3.digitaloceanspaces.com/pay1docxfolder2/itemsfoxenpdf/attach.html?_kx=EFWFaq8vjRvjdRJzSw1Qyg.YvuLmS
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fff76cfcc40,0x7fff76cfcc4c,0x7fff76cfcc58
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,12566755895013635868,9236214290253628378,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=588,i,12566755895013635868,9236214290253628378,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,12566755895013635868,9236214290253628378,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,12566755895013635868,9236214290253628378,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,12566755895013635868,9236214290253628378,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4932,i,12566755895013635868,9236214290253628378,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4792,i,12566755895013635868,9236214290253628378,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4540,i,12566755895013635868,9236214290253628378,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=840,i,12566755895013635868,9236214290253628378,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3496

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1472

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fa025bd866593848663a18d8b123ea5c

SHA1
4f461c7ac3692af121b8cf7bab5288ff496227a9

SHA256
09707d6642fa16a276ed4aaf119e9bd7384b7d3b011e6b49fb9c0644ccca6c9e

SHA512
e1926cd60cfbaafb895a840b0b336e6fa7708d9a147752ec535b74f3d18e56c42ae6aa6ba435dfa3a2bc8835dd9a26c268b2e73278b79c9e9b9929667e99b6ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
69c89d50bf9ed69afd5cca53df130682

SHA1
86c346eb77db897412fd61bb0436307a807f2dbd

SHA256
36930d24f3a56da30461346c59c6b3e8d6fac44b7fda13f8b93e364dc5be51f8

SHA512
81a23dd6d4a0009a3437b160a07aa5c7f70179333728dd53afa57c4bf48563d37e743cf24c08b03abca420008d7cf6d7880d988d8e8e91fb8b22526a26f81ff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
60abf39b02f7cf65d4488191312e936e

SHA1
7194fd5e97d841e260759436b2a836143eb55f40

SHA256
a4df0b88bf2960693f90e1313c13dd737ea61721d02aa6d8f6f8d71f4f6c1cc3

SHA512
a64c91662aa8caf8ce19c9ace596ebece3b783f35b3fa44c28fc30219ba493ba8c7e7c92be3244270e6285328f1723291c33ea6b2c00a2895ae7cc9a3b9b3b88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fd3fcae5aa65fbc52e48efbf0c82e35d

SHA1
5aac9421c577791fdccdf8b38c553384e997f794

SHA256
8d437d036e1249acd45bb8e6bc5d11bab309dae397716b1b06c3e74b5392ecd1

SHA512
b8d76ca4cb82cb06118704c55d90dd7c293ac1aaf9c262caddbc796339f199104c6b9f953ee0841a92fda9946441e1d54a70fd189e4696c7f4dfa9d3330cacf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3b60e31bd36da8dd1bef19d6023e3033

SHA1
04eae5d3d64bede3d58ea9ed39930be6908e98fc

SHA256
9630211c91582b40fd1bcf4ab7e3a46ff2070c14e0bef8d329cb2ddf54ef7ce3

SHA512
53fae1c845e55818ec049b2a91f2bf68f059c3abff6750d65b2c18808092f5e4cd6c7914497abeb0974a46820039419d7abe14711e57a30c3d41c03a3bb2f1f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb79ea8b635e664d71c537290e7bfd54

SHA1
8c77bd3bf38dd6661cb834f6aa723effd471a78c

SHA256
299f6f282240cfae070c34dec9a3ccc086d48f009197758d624d538530c80ee4

SHA512
46fab1609b0a7ec9a6456323d381d3c45c0a30ad91e91dfd65ebd2b9a8ee302f21368549f6e8d1151a1027bb245d0c49ed453a48f3fa25db5da11ae5a666fa63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b45d957fb53c82f7917bc7c64b5c9f63

SHA1
c2b1bc11f0147391112c50bcb433f39b7b48fdf7

SHA256
373825da93ded8b9dcc686e617fb31e20ce8052850d8194a5bfd2ecad8380867

SHA512
f624f2faa39fe16b12f53c20de027193741ac72cd148ae618c0b3e66e20c686ee38a570647c150903cf26d05e69207aab10a4d49573d6e27dd9d02d8891f2aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
4e368db8e0639895551669d6ac4260e4

SHA1
ff40ef59f69b3ade2987c01e7e814433e850337c

SHA256
7fde4d66ca317fbe30b21f62707e2856bd5b49b4423632af6c58ddc6791d434b

SHA512
fde3770424335a2b1cff2a75f8785f2c6c302a2a7025ad19a363572f05fa47b0a0c8f97610a0203952b60d08c9cb9da273627e7f765c132fcfce7a2742d14774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
315d51c18ea9252aff962843ad531f26

SHA1
4d00e53e1b6dd16cb31fc888c58641546e12afb1

SHA256
204361db917e0fc6f29329fe34b797d09f42237ea790d119863a4f06cd0b2f37

SHA512
709edeff6ec5e2832bb6f5adf3d8cbbfe903f90d85779fc0f50f57ca9da8533f989b811b895e3930adab1b63ebd4b91ece15f75b4f28a7cd4b4e117732cb6d75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6a0f9eac253e5207723f38c8f13aef38

SHA1
1b4c802394bfba48d77de822918ebea727f986d8

SHA256
c8cd68c449ce74d110421a14948c17e58aec8368c2bdb8b10bcfce257ec717ee

SHA512
0943b8dc7dd99831dd1b50dcf49a5d4acf3cc3cec508f6ea0ccbb57c90a845c380255f90fb80849cce5098e5324edf748cc9f61226867701b812b6a57266fc38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ce426b82a03166a964154aa3e53c5e8

SHA1
a29fa249efb3e8e7d99fe647e13f5591cf07c021

SHA256
a04d487268b32c2f5174b912e7a15e0e8b88e685f50204b751812a15cc276a4c

SHA512
8a34511c52117ee703a71ca94c75a2bdef13e30f3323d0d8336babe6ce0fcfcbab9a4d83b5e8d79c0de51622ee667e9cb26bf102eabe7b31a2e97a01cc37f396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
34e7c8a7cb54c86e393ae1a33dd0b0b7

SHA1
6f1526f46fa1450ad74c9cfc723b6576c5464d66

SHA256
a4d67f8159a9f7138545d14fb68852bc33acccf2fe721f3224b98f9c16c5ed5f

SHA512
01775f916510959ccb67099ba7fce41d9f56b653a6fc0d821c03d8fa0e5a894383b1ee18fe190b0a2ac4410eca7c656054063a6bb21e68e0f4d23f53a49a5fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
b829c51c6657b7c9a57b588b39f3b641

SHA1
4522c7a5897bee4513f094e11b29cd3a6b882032

SHA256
153a1b358c981c8b44185b30f2c1304ffc40f85b4dc8db1e781a5df9c251466d

SHA512
0e8abdbfc51a3086ba630a38f398a3e7a60b79fa4cfd6cf2574997a7cc22130badaec583edc7252d1033ca2e1bc81517a490779c87e74bdeeac5615119291524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
2cdea07364b3ac1773355d83c5cac997

SHA1
5d95f0aecaef46fa3247df8af101c82ab340fa09

SHA256
32153ce862fee79c536ec2c8d1b4d255ad7ac8b1ffd0524c9701fb5b5417808d

SHA512
b54ebadd608c01fc73d2aebdf8c6187e7a5a615fd2aaed4df1a3d1f62201b6d7bff769137426cfd9690112e8f0a2bf9ae6a0bf2fb43cea3c138adec7ea1296d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
6b8d1811e486a81e87cedd2d94bb687a

SHA1
5ed50a1d98940cd5fbe33e010df9c952994ad1c1

SHA256
17d6ea672844842d8d9454158a61268243c6834102a4a5e6b54bb3882535cfcc

SHA512
6be3646f36db9ca1f49eb2272186d6675718c6eb9696c303dc4384360c7bbc25713c62958b0e0d805f1d3cbb4795fd09ee7f05dbdedb33c9c359a8f21c06be9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
94bc22bd5236f273deffa703ed1a2f8f

SHA1
e1e56dea63a863f5bebe60c7e57c7fe1ac7a1535

SHA256
fe6e194285610a2c741f82efba32e3addcf599ed2138757de893020aeb427b8f

SHA512
9c3eff2226edfc5e443224f6597f94ad192373ded27bd2a83f236c9d2f7c6528dc7fcaef3801be33d0b24ce537105d6ff644f8c029b8b0de51cada305220fdfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
5ac1d6a78ed4cbc1a4596eebab4c24c1

SHA1
f793c1d6a5490db69c86ee143d946d0abc10c763

SHA256
927f0f23d36e6320e460cfb5caffe486aaf8174ad29edea1807e9a514fe649ab

SHA512
f25c13c386788760d3c27870c485809d3c478e974b349cbcc6b5c8b6aaf16785115a562bfb5cd62899458c5953cb7ca9487d17ea88a2a6b25b1679db342a9fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
25a4ab399ba7a8c3c4bc66987a99e438

SHA1
f22da541b891361eada07edbe1f5f4f5f16b2f7a

SHA256
a04febff60ddf91418d9f8bbe31b260cbd023e4a61ce5a7cd933c8a1343dd74a

SHA512
a07f4719a1a0d98a85cd8ef313b1bc972777b15e57e588e488aca075089df9adae8c0f8110e905a1c95f34f93582c61a88f1393a2426f2a99102cd03160d1d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
4e6db9190a0d37dc962311a14cb6b4b9

SHA1
b21650d2f2c8a8cfbb6bb8c5a414c1e1def40a3d

SHA256
6c28023ae3d32a9df778448c57e1ee559a3797026174f9f9e3c4076bfe9038fc

SHA512
87c85c435b2ab9304f0ce0373d021f005b4bface1573663c10743d75a0222ff1781bef002318553e3915a42209d77e65b5642da174671ad3d8902a77ccd11223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
32f4e0c8764171d9596221e6a8dfa2db

SHA1
1fd99a9a40a86e0f96268958e170cb3407b34a8a

SHA256
eacf222a01a572a5caac0e96f679d8f7188ddca98a1807c82ff8ccd36765a7f5

SHA512
9cd9d405174b46b1aae41865a748f2f9406c7ae8bedc664b461668a20046cd66f37d8927317b72775a6ef4825381fbb934933d34ae4657936b73c0e056f8e03b

Download Submit
C:\Users\Admin\Desktop\attach.html

Filesize
364KB

MD5
293c1b57aa1d1c1b3f9de8c746a80723

SHA1
cee16daed70ec96cb8c8df82ac52ee2130123209

SHA256
43c6fec1a5ab9fccd957dccd435f03405d72776127930b0bdabe2e255d7e39e0

SHA512
897bd35b3ea5532e398bd1dd1c301bce2c12b83392da195dd014c1254e27b01662d2b969567eb69fa7cbb1f19ade2296e6fdbb16f6064ffb32f27cfd41e7eba8

Download Submit