hxxp://test[.]aquamasterplus[.]measurementservice[.]abb[.]com/ABBvoice_W_Bd[.]df4a1e0350afd571[.]ttf?"-->'-->`-->=1

Analysis

max time kernel
0s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://test.aquamasterplus.measurementservice.abb.com/ABBvoice_W_Bd.df4a1e0350afd571.ttf?"-->'-->`-->=1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 1788	2100	chrome.exe	82
PID 2100 wrote to memory of 1788	2100	chrome.exe	82
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 2440	2100	chrome.exe	83
PID 2100 wrote to memory of 4056	2100	chrome.exe	84
PID 2100 wrote to memory of 4056	2100	chrome.exe	84
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85
PID 2100 wrote to memory of 3488	2100	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://test.aquamasterplus.measurementservice.abb.com/ABBvoice_W_Bd.df4a1e0350afd571.ttf?"-->'-->`-->=1
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffed0a2cc40,0x7ffed0a2cc4c,0x7ffed0a2cc58
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,10503116002524597760,9437947319700702735,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,10503116002524597760,9437947319700702735,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2012 /prefetch:3
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,10503116002524597760,9437947319700702735,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,10503116002524597760,9437947319700702735,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,10503116002524597760,9437947319700702735,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4940,i,10503116002524597760,9437947319700702735,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4972,i,10503116002524597760,9437947319700702735,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4804,i,10503116002524597760,9437947319700702735,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1056 /prefetch:8
  2⤵
  PID:3364

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:364

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9af0c2a0adab71178ee4bcce8712edcc

SHA1
335d44e77e66f7915d1098c08765bad68506b9ed

SHA256
4f82c158d7c6b141cfdd192db22f716cc63273989c3adbcf6f7af3073ceee915

SHA512
f77734288a7039e2404d2b982608e40da4540f0acf0c94c757ab36405b7a01f0784e769c9b482b28052aa8af866014497d0299f8b3f200904eb7e330317b76df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
49c6aedd6e56612dcc98605aae1fb422

SHA1
9b5906c0f02f19bf17ddf50daa1b777ed604345a

SHA256
44bf2853053f6762be0a2a8e896e75fc1cb6f1d96fd54e4fded8ea0642926a86

SHA512
750e46fd70149260c5a698639e7919b87248f76ec33fe0c93dd3998f99b6db9750b19cb598a601bedd8286304093ef09b42c767331a0660a219bc1cffe62ee11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
da7cba80e382405e605aa261a06f9cc5

SHA1
cc9f7c596c276e90b0159655fcde5af4b3655aab

SHA256
7ee3e10b983449798dae0008f082dba309e5c58eb30ac409f6dfe9050a2fd1e0

SHA512
282616d6e3f7168a793cc45665fe3e73a5e648f0e2ff45a20efd58db91c042e70017cacae94f428eb1b070fb142a77bb2ac4000bba5d3c6cd452332fa5748e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ebc2ea933ce5df2588487c4d72ebafc0

SHA1
2677c0af4c69277bc5375790fae0589d83b9ce4d

SHA256
20aa32a5c88405576ff9a1f1f399d924007ccce94295c11240fca6a09e75eccf

SHA512
5411e1ef200ec6ee02fd7350b965c3377890de0537e551dab6d17fa32384b223e9fd6f91fae36524e1542cabc779a7802475d30f8d8125017622da51ea64ab70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
641e3493f2a9ff35975c8b0f32becde8

SHA1
cf3b2e583b68f9b53513bd580fcd4a7fd371c560

SHA256
79c34ee8999c12a3290c2df387274e1ec62bb5cb663c3b8660d0791b016c10b0

SHA512
62bce1c51f74d8e50ab706f55f3c6689233ca478fa4229993152ac84285fa0400fb98ebe00684ca6fe96ca48b7c8f26b3727bb91317353f37cc194402fe4dd4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7785daa1574a13f0a84b8979e5e75914

SHA1
1cf2942b78b0eab4085e266e1f150032223ae6a6

SHA256
73b7de320a83a0f4c73a68a985c86b574cdfcbd25434c763cbfd055bbe1772c5

SHA512
a004456a8204a5f1a76b22965c049a550792cc199a8aac0f6338d2d09facdb86c973545b440b138e1cd34a995b1d14be232248ac9664ff73f72093ac1319aab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05a18ba27d1fa6e9c4d49c13c7ca0b5d

SHA1
f425833e1c6057d32d5ababcf6f9d57a1db1c85f

SHA256
5e78065e98d3dc694631566dfd76912852828e35e3d70e5a296fc095aff19b52

SHA512
a7882fa79342984f319489410ffff558369daaa67be2b672aeb0f1ec719747712ae6dd5090bee1eea37500dd9267e107bd4324e692ca5f045bfd80520e25ca20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b000eff7064a8caa4600362a829ae22f

SHA1
8262ac4993de109037adbd342a1e8a41b691e37e

SHA256
2db49d3ba60ed57cd4dff4904c5528732429b1d7ec784cf9a113d0d9ff7bf652

SHA512
54b4dcc916298d3f8657aaaf6c155be41c3cd4bc83b2098bdd5f4e220de73bf01b199419a849d53019825dce4e18611c2886f2720508d4c765dcb8c55bf10ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c0da605adee0939f2502bf27182bade

SHA1
db1b705b060aa8c4d19489120859b929c6e2030f

SHA256
032ea1e6c3b9afe03a35d81b8ee6212f916734160a1c755056d1eb7284bbb35c

SHA512
46848f45896b67cefb71b9cada069fa0b4664163715d7ba43f60f44ea902e82b83052043ed752365d6c1c69ae7ba24589cf6eb1b97339882fec8fb5db7b993bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
2adca290e96e5d640fe5c37058a8577a

SHA1
92dad359db45ad4ac39c6ef5db82554095aa4485

SHA256
3e94e99da59c5a13225eb7b4be88f1a84e520b5aa62281a18701d71150ce2be0

SHA512
aa9b1a896ccbfee6e3d9937214496f445ade43874a96d4a4487345bace6fe43fbf48b8aee94f878fada7c373aabbeacfe0fe103c1ad140d7cbaf38347a2867c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
6e7ebadc8cc8e9001862bd98036181b0

SHA1
f478cfc1811b47377466c7074c430d9e6bc3c810

SHA256
dd70d33fedc7b3eb39bfd7dcca4d125f00506de0fe7d6c36e58ef9170cf5b4f3

SHA512
94a211d7ceed41ccc51ecca8bd0ea7c662d4f389520abcc450f80058d437dad8b7af6f82191cd4eb2d519a1158419300453b1c973326e70cca19dd990201c8c5

Download Submit