41a68709513422d964d84ad386347585a08badd4b24bfe3e1457bcaa69bfb923

Analysis

max time kernel
28s
max time network
27s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-11-2024 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Secured Audlo_evolent.com_0482840555.html
Size

3KB
MD5

810f1057d61b594cc4cb049123e656bd
SHA1

81a2ea2fb0ba6e2a0f10fb0a70753ab3d75a8673
SHA256

41a68709513422d964d84ad386347585a08badd4b24bfe3e1457bcaa69bfb923
SHA512

3fc0b025c27554c000a1783c143f13046f9130a9f59d230fc9d3c692fbe5c4476cef3e1ade8e5e7b171156ccfc830fe48c1a1ffd718d95bcad514d48f4f61b5a

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760873223170182"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3804	chrome.exe
3804	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3804	chrome.exe
3804	chrome.exe

Suspicious use of AdjustPrivilegeToken 56 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe
Token: SeShutdownPrivilege	3804	chrome.exe
Token: SeCreatePagefilePrivilege	3804	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe
3804	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3804 wrote to memory of 4052	3804	chrome.exe	83
PID 3804 wrote to memory of 4052	3804	chrome.exe	83
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 3552	3804	chrome.exe	84
PID 3804 wrote to memory of 1220	3804	chrome.exe	85
PID 3804 wrote to memory of 1220	3804	chrome.exe	85
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86
PID 3804 wrote to memory of 2148	3804	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Secured Audlo_evolent.com_0482840555.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffc02b3cc40,0x7ffc02b3cc4c,0x7ffc02b3cc58
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,14387063504708315879,11581998047684843247,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,14387063504708315879,11581998047684843247,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,14387063504708315879,11581998047684843247,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2336 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,14387063504708315879,11581998047684843247,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,14387063504708315879,11581998047684843247,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,14387063504708315879,11581998047684843247,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:1796

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8591243812435743be558cf9458ffe4c

SHA1
3af6a2529da8db99821df0f3115f026bb103bd43

SHA256
fb7e5bb324ffed5c352049d2dedd87d57388dc271fc07b0bda55521823b0e1d8

SHA512
c8f0af17c2598de8d4401ca64e424a7e780cd0c6f6efa5225fd1de57458d72d60d08a3ce62b27cbb6982549d918a5b104c160015baab64fd667e70e1b18039ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7eec4b105ed31f92ce7e9fbd62f19df5

SHA1
512428f9a5ba569ebd3ac181de9790881b739875

SHA256
028edc86af70d0543f4c4a4e3714235d67cc605d943db004018da327c0d85c35

SHA512
837a74a39073ea0b02fb28d63a641d8bb27a6b0ba07d79efbde39ee205ef38e81d871b29c2a6c9c68c255cb34e368dddc5227323299e2f8f19d1cbddd5d8c086

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c2d06d2d9844f14efd0111eaf9d2508

SHA1
c8746ec437155a9ebee6dede9f32d6c2bdbfcb68

SHA256
84cc296d0e82885bc3b328d49e348e185df3669378693b5d8c7747993929d42d

SHA512
ebca4b4109dd4730b638de41bda617b845e28b634fcba54b14eba4c2d27e38e13d6713437c705e43c5e67277d48b265d3cdd6cc469397232fc204896f6da3e58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9a994f64ea6f0354709a4c1614f5bb9e

SHA1
6fd7fbecbe91ba7278b4c00f6a3664243c4e5618

SHA256
2932ae6443560b60afa5f8c06fc6a4d3cd74e8840e2d6167ec617bf2522703ed

SHA512
63b190b9bff82534a397e4a87f9d476453a0f81af8ceccd7f5faba5e5b3962b355bedad97c53a79684d7d13532e29951f4e7fc320ac3f43c5b10ba89b5054963

Download Submit