Analysis

  • max time kernel
    300s
  • max time network
    283s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    02-12-2024 15:59

General

  • Target

    https://url.uk.m.mimecastprotect.com/s/xrQpCRoYpsvLL04vSNhgI1pa_L

Malware Config

Signatures

  • Detected potential entity reuse from brand PAYPAL.
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.uk.m.mimecastprotect.com/s/xrQpCRoYpsvLL04vSNhgI1pa_L
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4896
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff827facc40,0x7ff827facc4c,0x7ff827facc58
      2⤵
        PID:3912
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1632 /prefetch:2
        2⤵
          PID:1412
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1892 /prefetch:3
          2⤵
            PID:828
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2460 /prefetch:8
            2⤵
              PID:656
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3160 /prefetch:1
              2⤵
                PID:3872
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3188 /prefetch:1
                2⤵
                  PID:1192
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4332,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4016 /prefetch:1
                  2⤵
                    PID:2744
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3364,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3408 /prefetch:1
                    2⤵
                      PID:32
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3392,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5000 /prefetch:8
                      2⤵
                        PID:1608
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4588,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4800 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1040
                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                      1⤵
                        PID:3752
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                        1⤵
                          PID:1488

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\754331de-fc70-42b5-adbb-59b24c93190c.tmp

                          Filesize

                          9KB

                          MD5

                          9b4c8d08a0a7dcad51c53b7cf63573b2

                          SHA1

                          3c2a89b08b2e370044b8fd774056f2a698cf8cb8

                          SHA256

                          e7e0b2ef5a46c51873ec96883dfc642d67ef77dfd0d8cb93bba567703d3d65c8

                          SHA512

                          0485d1790071a0fa6df856e2ce5e9c35955f79d80ad5641d49c9132717a0e91d70541e0e68213d9cb5cc586791ac3b76837d4fb89815eb3e95f423341598bbaa

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                          Filesize

                          649B

                          MD5

                          b68db45ae9f314ebffcf87255b1318f4

                          SHA1

                          0e02bee5ce296538564c784df80205084e6dd39c

                          SHA256

                          8d06d34cfe2b0a9f70202d85704d1d44a749be79ca0227baec4fd19bfa98406e

                          SHA512

                          c2a0551370f3159980581282d366886cadbd9c5bb1d749410424ec2eebae0a9e0647bf6f0ab3625a3ddc556538428a54b25fc7d769a846afe15c30ccd02b9b95

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

                          Filesize

                          215KB

                          MD5

                          2be38925751dc3580e84c3af3a87f98d

                          SHA1

                          8a390d24e6588bef5da1d3db713784c11ca58921

                          SHA256

                          1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

                          SHA512

                          1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          624B

                          MD5

                          2ebac598a19a3b7cad6f0bee1975665b

                          SHA1

                          3f3edd11605293e3334de58b70276a5d9a5e13db

                          SHA256

                          d2034edc20dc4ead05aa95bd4ee1df083a950e9bca914e6637d9923a9757d4bd

                          SHA512

                          25f2b9283899449796927dc8159a14a7f9e5310f083ac41df635bdeaf1b56885608ec618c98e181bd1ae0481df90bb38f806807351dc629be051c83cef998d79

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          3KB

                          MD5

                          7a2d8e89fdbaf5c5893d7c3f6211d148

                          SHA1

                          77cbc3d18971d0a85273e9781175939cc0de41e7

                          SHA256

                          1a73b4c1bcc5c72290e5bb8620efd3260eef513f9e04b618725bfc280362fe0b

                          SHA512

                          da53be603b1ab41fc4811b2b00bf10d4260578f1e2c25c7498444ddfb2a19a0aec97ed12892c895865a91b65bd8662c7006263f82bafac43543d83d1126d63f3

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                          Filesize

                          2B

                          MD5

                          d751713988987e9331980363e24189ce

                          SHA1

                          97d170e1550eee4afc0af065b78cda302a97674c

                          SHA256

                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                          SHA512

                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          857B

                          MD5

                          7e2d1489573e44666ec46dabe7811ca1

                          SHA1

                          e82fca85de27e56bb2232e56361ef46c095b4bb7

                          SHA256

                          23cfa3bf9eabcb8752fd74f57f9e8eda0a40096ab070b21090bbaa3e32b947b4

                          SHA512

                          2651565426a551c874a3e6e5a8777dc8af0d8b6308b047422992e4f589c99974fa0daa27e2dd0b3649b751546efd336d24653c3343c4b95ac8dc17d2b4e99c58

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          857B

                          MD5

                          d28b1dbbafe010c33f25f3d7765ac75e

                          SHA1

                          8998039d5d65b372a5a4b3e83bb85af5da6ef351

                          SHA256

                          18af435fcfe14363de4ccf54a35b844f94f2f0cb09634751f4e9ad3471e5bed6

                          SHA512

                          96b3fab92964d70faf608a44bba045cee5ec52f1b3ba2af1b788fe3bd423d31c913d6947aea34d7da7fba7c5e2b372c346eaaca87f9f0fa8e2824da2b542960d

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          daa06fc8c1ce381c3ef347bb3cbfde17

                          SHA1

                          d41057e67a9bd6364ed8dbee388b36b935d4940e

                          SHA256

                          f13549940865186e03eb88d023411e2944d0079eaf3cb307a234385e9ee980e0

                          SHA512

                          e87b8b557a484069a9f2155ebe79cda92da481eb4e8ee8f4b1c0d5f150987a5a257878cafee127dfad01597743f3a4b7493b3f902dac7d768460c679fe5c0050

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          0d995ef93e131a82e0dceb5a11d6ccb5

                          SHA1

                          e82d22c50af04ead9300f6080ff8e69764dec7bb

                          SHA256

                          f8fef8e7c035973d45fef398f14c96321b6f89e422af95122100c9ab2622875c

                          SHA512

                          3176083ac6ef783999acfde2d85a2207227e2fc56aeca65d953318da657248fdd26e57acaa33f16fda8662661d247496377ad8aad38a7213b21f0102379ded8c

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          ac6259335dd20da4965741057bf3c3ea

                          SHA1

                          52129ba08c2e8ea5e193ac4eee2195060ab46373

                          SHA256

                          623c03e373af2fa83828a4f0bfa04775f7fb38aa04ceaf9a0217e0efe9d86ebd

                          SHA512

                          d5eeb5afbc9eea1785962db1cf37352b5d52e6ed79f286af01be641b1459d5cc7db63b5be277e1bbc94f4957067371068ae77c86146525a9a102a7e118dc60eb

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          26598c76182b663ccfb27da939194765

                          SHA1

                          5242ed0b929e61738c40d1918b54c7609ffae24b

                          SHA256

                          d923e402ece32bf47db7cb50ac772bacda4f800f254fd31ee60ef43a0e71052a

                          SHA512

                          a3d124f9d94f3ff72054dd3581b1420830b1affde8988ac78683e5dc6091f9b4ebec86bfdde4b0f6f4d803194b1fd96a320a4eab018bb1a404d407d213338479

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          41f1f820d1a477dace6566753222e2d2

                          SHA1

                          53ccf2b5c73f820576704ad9b49f6f2dbd371f95

                          SHA256

                          c719d00c6ef30fef7e92d2798cf4dc39503e789d5fbbe37879cd2ea3227f580a

                          SHA512

                          908129577eae86bfc3468af9a74d751bd911708ea1f8b9ff3ad6c6cf5a0a0eeb15a6fa18404d94beb7602fa435107a5b6d24501d30027c471bc6163e3d3b839f

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          449935bbcb0409ee589ed2ed9d088213

                          SHA1

                          941f584d9a1eda82417d6e8e8a802c0ac6fb12d8

                          SHA256

                          43d41ad502bb3f397f6de9dfec22075dfc3f3251d13c8c08f72e9783bf72f6ff

                          SHA512

                          f0a450ac6681eb79a5c33e835f9c333519e69aa773d978f927aa681ae17b71407cc7d4305fbb53d2e2baa3d188523e28a85eabd2ef4c62de558751ad04bfb137

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          9acf4537e64781b6de7ecee03d5bf05a

                          SHA1

                          c3c08827f730d13ab7bba298234b8f4cb950fd48

                          SHA256

                          d3ff3f1886f7d00ad64f48e88628af66739b338f02e60307a302b5959b3dd38a

                          SHA512

                          00dccc16c97a2dd568d0f6a2b8ae32831b57c07968e3d079e0dcef0bdcf860b04b28685ab888853126509ac6297ef85a1834014bae819027b591e7a8ea18a1e4

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          02406a85732405aa2a0d0193141f9e47

                          SHA1

                          55f3cf2e9c7d942524fdcbc4c3855285cbf9855a

                          SHA256

                          cecd0f8af682075ba413f227a5c019e6bd17cb09bbc1eeadfcada1e427fac0c8

                          SHA512

                          b4899d5113864e02c924c23ee21e313b54b19f004ac10396428cd2eb3b6469ce9d8b80d276385cce33101c86453080ed1314fe30c49d63ff8032f23c755ba0ac

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          9e94a828a1bde9c1224d35317286f0e0

                          SHA1

                          c4a0e5686a5277fcd826dc3ce035484a5290aa16

                          SHA256

                          22aa307dffcfc5637ca9b849f6487bae85ad2a654ca9d0da1b10bd9884d9e4b2

                          SHA512

                          b07387feffa889321a010e2bb739fdec639177b4bd2e08253b931646d910dbae4d89fc945c218345780a479432fbe28fb56df7837abd85a12fa77787322c7f91

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          ac26d58f3c7e8961d881616681875764

                          SHA1

                          fbb6a3428751ec2aa1426a76034ff873ee3f3efb

                          SHA256

                          df90d6f21e6600a9a044410f0085791e1447ec54481e94005d7576b444731d0d

                          SHA512

                          fc5d5ca958053c52367cb2c8ddcfc77b74795e1ff91284d4f5d6b57b2f93a4aba4add57802dd20e4efd5ca954c54fa8f737c906dfc501964773923eaa66110ef

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          27ea58c8c850d7727b488eed27b0fd16

                          SHA1

                          cb37ff84a4a99c1ba8464aae10a98662265c11c6

                          SHA256

                          7834d6450f6887c856434fe447f86efc50fedb7b0e0e61e7957bdbe8cbb07d38

                          SHA512

                          998482cde23077c3cb8cfa797a69e402f79ae4bc9355d3acdeb0c5c1845d16f5e23798e119e8810c5c14b484023822796c47738145ced142fbda133212dc7175

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          118KB

                          MD5

                          46771c5ee4cb936c2251f4a7f34fec0c

                          SHA1

                          d73c917930c3801eccd54c6ee3eb36c8c21a41f5

                          SHA256

                          53fece723e9b0204638a8375139bb19946c1bd08c404cad3b5c38fb8c1448b53

                          SHA512

                          478bd538b9564fa33fc50ef25229f9402dfedefa56a8cedd3034e1bc6cc39666ec36fd1b96b532efefede434dce05fa3ad70cd18462fd2ae0a6f8b8e4f080d76

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          118KB

                          MD5

                          9d03574c4681f572bd5949b07e9b8bc4

                          SHA1

                          00c9ee684b4acf4b7da907bb556f1acda619b378

                          SHA256

                          370e8d00edcb60c049839aae55fa0221a1a234445c163912ada166d8bea42236

                          SHA512

                          697095de57f7bc1cf0fe11de4c7ac2f7479ec4620d9cba6b90c0c9a60a58565d36298b45e2f9263331987d2fcb40bb69cfefc9b3ca80ab0cc72f3e9329cf7073