8dabfdacc33601f03907a5ee5b2ae0fb8399fbacd1127679c58555992479bbaf

Analysis

max time kernel
47s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2024 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Renewal_Verify_INV-[2755I1LG]_[Q5243].html
Size

3KB
MD5

5c5c3b7edb4e6bacce8e1f170fcc7878
SHA1

d6cc0bdcc6b1b5c9d079acf914868f4646177595
SHA256

8dabfdacc33601f03907a5ee5b2ae0fb8399fbacd1127679c58555992479bbaf
SHA512

e872df7481c42dddaf8ac0bda02923ea1bdf8e0f956909e34862565265af38d6517e8aba390223188a9af1ca2db27249da034c32e95107f42afdfe4ac9401652

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133772909132302008"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2780	chrome.exe
2780	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 3396	2780	chrome.exe	83
PID 2780 wrote to memory of 3396	2780	chrome.exe	83
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 2180	2780	chrome.exe	84
PID 2780 wrote to memory of 1828	2780	chrome.exe	85
PID 2780 wrote to memory of 1828	2780	chrome.exe	85
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86
PID 2780 wrote to memory of 4592	2780	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Renewal_Verify_INV-[2755I1LG]_[Q5243].html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd22fccc40,0x7ffd22fccc4c,0x7ffd22fccc58
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,9668778200748209339,1458919603848512759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,9668778200748209339,1458919603848512759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,9668778200748209339,1458919603848512759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,9668778200748209339,1458919603848512759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,9668778200748209339,1458919603848512759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,9668778200748209339,1458919603848512759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4336,i,9668778200748209339,1458919603848512759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4152

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b1069e94e6239a89c71b70a3c6564531

SHA1
be5f5f1efef782b4708a1a6e7328dced3423cc8a

SHA256
01043fc505a3857cd4905dd9921f12d69573af1397111b27f6e837bbecf59abb

SHA512
ae0c20b158300b3d8648a933c964453e7a839495ac91f675f720ba584e5ce1275b08f357b1f3fa7ac02dd9456bf07f5bb353d948e09d5cb356e90e2c9e62d066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
c00511d8f405887cf750245adfe377dd

SHA1
9b57a8e5054d3018f41fcfb3f5502d1dc10051a7

SHA256
2885cd6ea6918e55f4c14f1a61556a3a2adaed6af89b6515bafc2d4e85b3ea87

SHA512
474c93d72981bd5b26f5a01b4ed5c0315634f10c89fb993f2cb8d9444f037e0d325d4e0d64cf82be2eb4d4343c5c1019e86592c50ef87e434b5b65c9d281443c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7820b4d05382ee505749ac06c0ae5356

SHA1
e29e84a86117e7273593660ec77ff62c8810fe4b

SHA256
ca89020c525578a81799063df31bd8727f5bd196a8d04f8055c874b79acd94c8

SHA512
5b2b205dff6897e5f428210794125d46d184bb567c0131d8c7f22abd22fb6e72122ad45a1cca2e957fdd63096038bf971596a375c2e8c30abfa2580607966d2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f844aab0768ef561e74dbc337bbfb37d

SHA1
ea09a15a0443d761a476e6410aaabb135425daeb

SHA256
352ee125efbdd01e72c742681b7e1f00ad90c218ad5dff9dac43ae11f769d1fb

SHA512
2693efab04efb7f60a5c649807a9d68926bbeb0280457fbb3c470101ae9a590f1db16d99258c276b6904e485c63d18606c46e57cd291e4e944d107ec952301ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc96c55d392aa1f151e45d8308c8b072

SHA1
c667f12af89f3917f488900b32bf49103b67a64b

SHA256
55e580e50309f54599c1a8c7b50d5492909dd5825b902d58eaca84b8466e8c2a

SHA512
c0a8387a10d6254a4b85084f42d854f85371861699a85d15ea51f3507268ff1936584ce07643a57f18eccbb5878cd281ad4e1c4144ac145e0404e59ee7120edf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0f1aabe29e99711784df7628669f66d7

SHA1
dbd10a43bcaf43af2c2d3601a84eb6cf443fca79

SHA256
e70b281f11f4fd6397762f501829cfa0e21a009dd168b2a72670d1857f8de2dc

SHA512
74440e10ba04e9b8d05d53b9ce974b7005ca76b7a3ce446d5f7af4948ee71ca0f0b6676fe7531d1c2ac4e8962a4fbfb70f7d0edd728739fa3bd9049b1f360a21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f665ee14a93807834e95c047d6d7f2e5

SHA1
1e355b9d78f1a2f56d54fdb274a34a9ac426746b

SHA256
9199edf5ea7388bd407370cd3ed4a00dc2a495042b3ea9bb337d951d3450db92

SHA512
ff6ff8c515bd3765fedfb0fd2fec2dd12a56b29a4c77f999f04188ca72b17cdf6d2432a901315c07973a6676634970cb60a53f7fb0b3245ba233e76f17545444

Download Submit