hxxps://phisher-parts-production-eu-west-1[.]s3[.]eu-west-1[.]amazonaws[.]com/331f1185-2a2d-4d80-a09c-a778676cd6f5/2024-11-22/8tfq095asgh6fhbrpcf9q28k2jqll0f1ded0kd01/46e19ed94329b486452f1ab01aca65641617e96b8d86fd9c563ec8eeac8336d7?response-content-disposition=attachment%3B%20filename%3D%22Ahoit%20Salary%20New%20Bonus%202024-2025[.]pdf%22%3B%20filename%2A%3DUTF-8%27%27Ahoit%2520Salary%2520New%2520Bonus%25202024-2025[.]pdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QL6CE46WF%2F20241122%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20241122T171118Z&X-Amz-Expires=18517&X-Amz-Security-Token=IQoJb3JpZ2luX2VjECkaCWV1LXdlc3QtMSJIMEYCIQDjM4XNPKvA7v9Ctgp4V5R52xtFLUeVRlrC86zHQKHFOAIhAP%2B8P4LicwaLqkorQ2HeGGvxoCFMJZ2hPjOSFvMa4siTKogECMH%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgzLYNlg9Z5%2BHLca3Xcq3ANJD7s1D1ySMJT3yGBZAb%2BpwF9XEjrszCkOk6gNS2JAqlraNKcUPPsrbRY1MSjtR21xrbIoGT7BlmDsmFudAOKQeCDqRiATRq%2FLBgouu%2B3XBQa0oXTTfd2aqSu1PK%2FnCTvigU46CUkDSZYD2n8c%2BaGh%2BuGJygzuQEWHy5V%2B6%2Bu5Qn0SbFJpHsM4AC4uheiM7WYsqQdiQAAWmr4tZ87rSy%2BppNprwuh0wt7eYkHsk7PmSUhSV457ulfZHSSs%2BWoAlq86PWxwiUa8yA5pjlI4Z0M0Gb%2FTeqDQu0r3jb%2F85G7nbva7Ca%2FXjYcSdQiE%2BM3ILRjsqB2ssfsY1AU1E%2B1RgL5enLqNuUxxjnNNFTly%2BHwFHaOQmt1la4teik%2FlDyxDcT60YfbQkjX5KE7MclCoNT7vbDZPHm3H6GNC70mn3AApUZrs8b7%2FU%2Brb0d09ahx%2FhGWTFSOfozC5F7jhnfOu7DXq%2FzkHuW2Kb%2B%2FUOBtOl6XBfGHB8NbGbNNq9QQJ5FJeKLdl1TcUZgqOrKymPcG1PQ%2BPn0Q4MyPAfGdUjP2tDMvyYzM6hhdY3jx6sviHRKWTnuaI7qp%2BF7bZe8ilqdCOodNdv8415yeRSw1E%2FJgDtl6%2BaGtMAGxm1v44%2FlivyDCr3oK6BjqkAfC12if9uMTMkMV%2FFLLSvMXe5%2FydzBzGMQqlR8kpS7LITnQbT6e4x7u3vwLQdjPYYadNvCF95IMv27Vo8zlrv3Gap6DCCYmDTCUZXIGcwSiC%2FTOI3Kd4wOrSr2OILFbnn%2FeC9SQ6P8vJv7fqD2DF8mD5vc7YeNHn6YcTAoX8gsw1ELS9cUt1icPHpxMMzlCKw5Q5Aq74eWdZuxJYLbuX7ASs4ARC&X-Amz-SignedHeaders=host&X-Amz-Signature=0df2936eff7136233e02f6eb5e291554fb0152cd65d68dc7bb7b7de1b085d9a7

Analysis

max time kernel
42s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2024 17:11

Sharing

Behavioral task

behavioral1

Sample

https://phisher-parts-production-eu-west-1.s3.eu-west-1.amazonaws.com/331f1185-2a2d-4d80-a09c-a778676cd6f5/2024-11-22/8tfq095asgh6fhbrpcf9q28k2jqll0f1ded0kd01/46e19ed94329b486452f1ab01aca65641617e96b8d86fd9c563ec8eeac8336d7?response-content-disposition=attachment%3B%20filename%3D%22Ahoit%20Salary%20New%20Bonus%202024-2025.pdf%22%3B%20filename%2A%3DUTF-8%27%27Ahoit%2520Salary%2520New%2520Bonus%25202024-2025.pdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QL6CE46WF%2F20241122%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20241122T171118Z&X-Amz-Expires=18517&X-Amz-Security-Token=IQoJb3JpZ2luX2VjECkaCWV1LXdlc3QtMSJIMEYCIQDjM4XNPKvA7v9Ctgp4V5R52xtFLUeVRlrC86zHQKHFOAIhAP%2B8P4LicwaLqkorQ2HeGGvxoCFMJZ2hPjOSFvMa4siTKogECMH%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgzLYNlg9Z5%2BHLca3Xcq3ANJD7s1D1ySMJT3yGBZAb%2BpwF9XEjrszCkOk6gNS2JAqlraNKcUPPsrbRY1MSjtR21xrbIoGT7BlmDsmFudAOKQeCDqRiATRq%2FLBgouu%2B3XBQa0oXTTfd2aqSu1PK%2FnCTvigU46CUkDSZYD2n8c%2BaGh%2BuGJygzuQEWHy5V%2B6%2Bu5Qn0SbFJpHsM4AC4uheiM7WYsqQdiQAAWmr4tZ87rSy%2BppNprwuh0wt7eYkHsk7PmSUhSV457ulfZHSSs%2BWoAlq86PWxwiUa8yA5pjlI4Z0M0Gb%2FTeqDQu0r3jb%2F85G7nbva7Ca%2FXjYcSdQiE%2BM3ILRjsqB2ssfsY1AU1E%2B1RgL5enLqNuUxxjnNNFTly%2BHwFHaOQmt1la4teik%2FlDyxDcT60YfbQkjX5KE7MclCoNT7vbDZPHm3H6GNC70mn3AApUZrs8b7%2FU%2Brb0d09ahx%2FhGWTFSOfozC5F7jhnfOu7DXq%2FzkHuW2Kb%2B%2FUOBtOl6XBfGHB8NbGbNNq9QQJ5FJeKLdl1TcUZgqOrKymPcG1PQ%2BPn0Q4MyPAfGdUjP2tDMvyYzM6hhdY3jx6sviHRKWTnuaI7qp%2BF7bZe8ilqdCOodNdv8415yeRSw1E%2FJgDtl6%2BaGtMAGxm1v44%2FlivyDCr3oK6BjqkAfC12if9uMTMkMV%2FFLLSvMXe5%2FydzBzGMQqlR8kpS7LITnQbT6e4x7u3vwLQdjPYYadNvCF95IMv27Vo8zlrv3Gap6DCCYmDTCUZXIGcwSiC%2FTOI3Kd4wOrSr2OILFbnn%2FeC9SQ6P8vJv7fqD2DF8mD5vc7YeNHn6YcTAoX8gsw1ELS9cUt1icPHpxMMzlCKw5Q5Aq74eWdZuxJYLbuX7ASs4ARC&X-Amz-SignedHeaders=host&X-Amz-Signature=0df2936eff7136233e02f6eb5e291554fb0152cd65d68dc7bb7b7de1b085d9a7

Resource

win10v2004-20241007-en

windows10-2004-x64

10 signatures

150 seconds

Report Analysis Logs

General

Target

https://phisher-parts-production-eu-west-1.s3.eu-west-1.amazonaws.com/331f1185-2a2d-4d80-a09c-a778676cd6f5/2024-11-22/8tfq095asgh6fhbrpcf9q28k2jqll0f1ded0kd01/46e19ed94329b486452f1ab01aca65641617e96b8d86fd9c563ec8eeac8336d7?response-content-disposition=attachment%3B%20filename%3D%22Ahoit%20Salary%20New%20Bonus%202024-2025.pdf%22%3B%20filename%2A%3DUTF-8%27%27Ahoit%2520Salary%2520New%2520Bonus%25202024-2025.pdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QL6CE46WF%2F20241122%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20241122T171118Z&X-Amz-Expires=18517&X-Amz-Security-Token=IQoJb3JpZ2luX2VjECkaCWV1LXdlc3QtMSJIMEYCIQDjM4XNPKvA7v9Ctgp4V5R52xtFLUeVRlrC86zHQKHFOAIhAP%2B8P4LicwaLqkorQ2HeGGvxoCFMJZ2hPjOSFvMa4siTKogECMH%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgzLYNlg9Z5%2BHLca3Xcq3ANJD7s1D1ySMJT3yGBZAb%2BpwF9XEjrszCkOk6gNS2JAqlraNKcUPPsrbRY1MSjtR21xrbIoGT7BlmDsmFudAOKQeCDqRiATRq%2FLBgouu%2B3XBQa0oXTTfd2aqSu1PK%2FnCTvigU46CUkDSZYD2n8c%2BaGh%2BuGJygzuQEWHy5V%2B6%2Bu5Qn0SbFJpHsM4AC4uheiM7WYsqQdiQAAWmr4tZ87rSy%2BppNprwuh0wt7eYkHsk7PmSUhSV457ulfZHSSs%2BWoAlq86PWxwiUa8yA5pjlI4Z0M0Gb%2FTeqDQu0r3jb%2F85G7nbva7Ca%2FXjYcSdQiE%2BM3ILRjsqB2ssfsY1AU1E%2B1RgL5enLqNuUxxjnNNFTly%2BHwFHaOQmt1la4teik%2FlDyxDcT60YfbQkjX5KE7MclCoNT7vbDZPHm3H6GNC70mn3AApUZrs8b7%2FU%2Brb0d09ahx%2FhGWTFSOfozC5F7jhnfOu7DXq%2FzkHuW2Kb%2B%2FUOBtOl6XBfGHB8NbGbNNq9QQJ5FJeKLdl1TcUZgqOrKymPcG1PQ%2BPn0Q4MyPAfGdUjP2tDMvyYzM6hhdY3jx6sviHRKWTnuaI7qp%2BF7bZe8ilqdCOodNdv8415yeRSw1E%2FJgDtl6%2BaGtMAGxm1v44%2FlivyDCr3oK6BjqkAfC12if9uMTMkMV%2FFLLSvMXe5%2FydzBzGMQqlR8kpS7LITnQbT6e4x7u3vwLQdjPYYadNvCF95IMv27Vo8zlrv3Gap6DCCYmDTCUZXIGcwSiC%2FTOI3Kd4wOrSr2OILFbnn%2FeC9SQ6P8vJv7fqD2DF8mD5vc7YeNHn6YcTAoX8gsw1ELS9cUt1icPHpxMMzlCKw5Q5Aq74eWdZuxJYLbuX7ASs4ARC&X-Amz-SignedHeaders=host&X-Amz-Signature=0df2936eff7136233e02f6eb5e291554fb0152cd65d68dc7bb7b7de1b085d9a7

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133767691010133688"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2064	chrome.exe
2064	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe
Token: SeShutdownPrivilege	2064	chrome.exe
Token: SeCreatePagefilePrivilege	2064	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe
2064	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 4012	2064	chrome.exe	82
PID 2064 wrote to memory of 4012	2064	chrome.exe	82
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3500	2064	chrome.exe	83
PID 2064 wrote to memory of 3208	2064	chrome.exe	84
PID 2064 wrote to memory of 3208	2064	chrome.exe	84
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85
PID 2064 wrote to memory of 1352	2064	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://phisher-parts-production-eu-west-1.s3.eu-west-1.amazonaws.com/331f1185-2a2d-4d80-a09c-a778676cd6f5/2024-11-22/8tfq095asgh6fhbrpcf9q28k2jqll0f1ded0kd01/46e19ed94329b486452f1ab01aca65641617e96b8d86fd9c563ec8eeac8336d7?response-content-disposition=attachment%3B%20filename%3D%22Ahoit%20Salary%20New%20Bonus%202024-2025.pdf%22%3B%20filename%2A%3DUTF-8%27%27Ahoit%2520Salary%2520New%2520Bonus%25202024-2025.pdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIA37KREM2QL6CE46WF%2F20241122%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20241122T171118Z&X-Amz-Expires=18517&X-Amz-Security-Token=IQoJb3JpZ2luX2VjECkaCWV1LXdlc3QtMSJIMEYCIQDjM4XNPKvA7v9Ctgp4V5R52xtFLUeVRlrC86zHQKHFOAIhAP%2B8P4LicwaLqkorQ2HeGGvxoCFMJZ2hPjOSFvMa4siTKogECMH%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMODIzMTkzMjY1ODI0IgzLYNlg9Z5%2BHLca3Xcq3ANJD7s1D1ySMJT3yGBZAb%2BpwF9XEjrszCkOk6gNS2JAqlraNKcUPPsrbRY1MSjtR21xrbIoGT7BlmDsmFudAOKQeCDqRiATRq%2FLBgouu%2B3XBQa0oXTTfd2aqSu1PK%2FnCTvigU46CUkDSZYD2n8c%2BaGh%2BuGJygzuQEWHy5V%2B6%2Bu5Qn0SbFJpHsM4AC4uheiM7WYsqQdiQAAWmr4tZ87rSy%2BppNprwuh0wt7eYkHsk7PmSUhSV457ulfZHSSs%2BWoAlq86PWxwiUa8yA5pjlI4Z0M0Gb%2FTeqDQu0r3jb%2F85G7nbva7Ca%2FXjYcSdQiE%2BM3ILRjsqB2ssfsY1AU1E%2B1RgL5enLqNuUxxjnNNFTly%2BHwFHaOQmt1la4teik%2FlDyxDcT60YfbQkjX5KE7MclCoNT7vbDZPHm3H6GNC70mn3AApUZrs8b7%2FU%2Brb0d09ahx%2FhGWTFSOfozC5F7jhnfOu7DXq%2FzkHuW2Kb%2B%2FUOBtOl6XBfGHB8NbGbNNq9QQJ5FJeKLdl1TcUZgqOrKymPcG1PQ%2BPn0Q4MyPAfGdUjP2tDMvyYzM6hhdY3jx6sviHRKWTnuaI7qp%2BF7bZe8ilqdCOodNdv8415yeRSw1E%2FJgDtl6%2BaGtMAGxm1v44%2FlivyDCr3oK6BjqkAfC12if9uMTMkMV%2FFLLSvMXe5%2FydzBzGMQqlR8kpS7LITnQbT6e4x7u3vwLQdjPYYadNvCF95IMv27Vo8zlrv3Gap6DCCYmDTCUZXIGcwSiC%2FTOI3Kd4wOrSr2OILFbnn%2FeC9SQ6P8vJv7fqD2DF8mD5vc7YeNHn6YcTAoX8gsw1ELS9cUt1icPHpxMMzlCKw5Q5Aq74eWdZuxJYLbuX7ASs4ARC&X-Amz-SignedHeaders=host&X-Amz-Signature=0df2936eff7136233e02f6eb5e291554fb0152cd65d68dc7bb7b7de1b085d9a7
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffba9dbcc40,0x7ffba9dbcc4c,0x7ffba9dbcc58
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4800,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3128,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5288 /prefetch:2
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4752,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4392,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4812,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4804,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5460,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5304,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3272,i,5006455312850042885,8946654128956086068,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4212

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1584

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\81e8b383-5a3b-4a53-9e8b-6c67eb379fcf.tmp

Filesize
9KB

MD5
00e883027f4543b8039764d1ad2fe909

SHA1
f3c6be63a528a66de3c53ef6e8129043e2967281

SHA256
392d7486008751f2995ebb6c77eae5bb43c07c6e036768cbf478e5cd43f36d54

SHA512
bf3061c5fac64fe882247149ea5e95c53cc6c9ea8030889be9a53b18e86e6382b64d92d10268202e4af0ac70beaa18d37eceffbe2977bb41af842ac4409620d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b4f1d5d2e0c468e19ba3dad2f03b7fba

SHA1
3d10a0d677527558cd2914cab82cd11f7bde48cd

SHA256
4aa7f1d19fd918c90bf77cebc4ffb313f678de51134ebc930a7e53896520aaf0

SHA512
ae10b315d97951adb4f45b137dfd37bc975c4e020561435a7f29c1d52b65d9eca12a0bfa2122a9ea0f90395e09baac01404df55d79a0de02477ac79e59d9cfd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
7e5bb40742fbfb48f66b959bcdbe8147

SHA1
e0b6457e6d02a597012a782fa8e15c1691db74fe

SHA256
8e9a014e446ce191fec4d092cff50e6fa08375ce31c0d319c50d89564b88ef10

SHA512
1062db1ad507366b52354468caa4cbd8d75151c8c9dacf2137055241dc69b334993149e951b0b5c51af45e0c945146e861291bfa9f948e9d24f8d14e8263fbbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2648998b109f30f32018c27f43b1f8b0

SHA1
ce526d92eb218cff4d38880ffab2549383f9db41

SHA256
b43e6f7cf2af6a37a719e86793693bee7c848bba3211f1ce94cdab31e5fd74d1

SHA512
022fd018bbe09e59f9753cfcd6b639985a67780e2fc50aaa40ce32a810d053a3246f7190c678390d6b030fb79eecff645f08597879d045411cee96312092f71c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
673ddef8c9d55ac2955120eb633045ff

SHA1
9e0b943dd1b85b811f1a558bc08e048e290877a9

SHA256
7387ab2b14767e6c6a9409aa6421ba83877768b467149066f9fadebf8e4fd84c

SHA512
a09b0c520f4e23e83ce6fdfc2eaa019541a73e499f004ae942a57c29cf3e572957209d55dc3f26dbdce772f77c54c6fbd7ba757b4831d4b49823f3637294ca44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
209d92d543aab6985fc4a57987875826

SHA1
0150abf0a6270cd725be943c4cc4fe201c6c3d54

SHA256
66ccf477ac1d94ae2aa49d91b2d6eb2acb24b3edafd8aa88d9c450ed9e703c83

SHA512
1613db3a64135faa6e56d5b7c098102d5ee0d2679195b44f8e93873cdbbf466c8a2a6e87ba47a783ca1405216cc2fea74080e2a435feebfabfd8f582b36ae018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f71ae4858c4ded01717e9ed2551e9a98

SHA1
1e46ffb9dfa2832ad94612c212cdd9536dd31907

SHA256
101a0a04c93e7961f55c6417353059535f8535e71bc8ffaf3996c48bfd00bd7a

SHA512
a9a875d4442915d57bbf6e91c90cae213764241ff856d4ab671a929d91df8e13d63c631d74b611d46f297b19c34d5029d122a8af67d3e0844e2aea54c8b61327

Download Submit
C:\Users\Admin\Downloads\Ahoit Salary New Bonus 2024-2025.pdf.crdownload

Filesize
28KB

MD5
8640385f0ca9cd3ce56ac2ca66e115ce

SHA1
6519638280601008b43bcdc83359f50ee3253aa2

SHA256
46e19ed94329b486452f1ab01aca65641617e96b8d86fd9c563ec8eeac8336d7

SHA512
a915eae7a2cd8a8204234a5422c6b6330c2f78fa432a8125d0083ffab017163704d950906c39714a35c74944f4affad0efc34c9c49263cb3263fa5ece26e4474

Download Submit