Analysis Overview
Threat Level: Known bad
The file https://copilotes.blob.core.windows.net/$web/hgytrdfrtfgfsyhgh.html?sp=r&st=2024-12-04T14:49:06Z&se=2024-12-30T22:49:06Z&spr=https&sv=2022-11-02&sr=b&sig=ZyJ4703jSmb05WYNj0zTqiwzvKJCBTk7ZJc4OKpbvSI%3D#[email protected] was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Browser Information Discovery
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-10 22:54
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-10 22:54
Reported
2024-12-10 22:57
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
148s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133783448896423746" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://copilotes.blob.core.windows.net/$web/hgytrdfrtfgfsyhgh.html?sp=r&st=2024-12-04T14:49:06Z&se=2024-12-30T22:49:06Z&spr=https&sv=2022-11-02&sr=b&sig=ZyJ4703jSmb05WYNj0zTqiwzvKJCBTk7ZJc4OKpbvSI%3D#[email protected]
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa99aecc40,0x7ffa99aecc4c,0x7ffa99aecc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2088,i,10691005253535821482,1083479052372352402,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,10691005253535821482,1083479052372352402,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2120 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1712,i,10691005253535821482,1083479052372352402,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2276 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,10691005253535821482,1083479052372352402,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,10691005253535821482,1083479052372352402,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4460,i,10691005253535821482,1083479052372352402,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,10691005253535821482,1083479052372352402,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=728,i,10691005253535821482,1083479052372352402,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4664 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | copilotes.blob.core.windows.net | udp |
| NO | 20.150.121.132:443 | copilotes.blob.core.windows.net | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 104.18.40.68:443 | kit.fontawesome.com | tcp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.121.150.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | tcp |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | logo.clearbit.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| SE | 108.157.229.27:443 | logo.clearbit.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.139.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image.thum.io | udp |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | udp |
| US | 34.200.110.203:443 | image.thum.io | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.229.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.110.200.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2108_JGSDXOXOOLTBNBDX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ffa201d5-c391-487b-9471-505ce61c11e7.tmp
| MD5 | ab4df0ce04993a7e75f6505bd1f060d9 |
| SHA1 | 2026aa4c4938cca3f57e5471efd86bea06fd5f13 |
| SHA256 | 30dc81c5ed252679db3c32b97198016f37d5e56f7122a70a98e7ad975b7c0324 |
| SHA512 | 204610b371a37940812b85c14389af47471f13debe3579fc8bee39fd921115f365bf660ce5330704f8aab62432b406c73b6efcacd6c61b5ad25b44e4533db4ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e60453a42d445e88618bac5b8a05a6bf |
| SHA1 | df70c04db464f211d14a5da9a95ea9bedec2cb56 |
| SHA256 | 618c3e85269d24a73b321b77ed8462d02087a678a1142e3acc28f6c8d9cc1cab |
| SHA512 | 5ed1a8c69ac2b16b195df5a02a6de048b1e33dcadb958f8a7362250b3b8177d58b06c20660da3fb98aa4811a73977c2d0677927d4533055b823836c97f49e8d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 39cf0340eebf8100533325bd2525321b |
| SHA1 | ef494b9208fc8cd32b098685d6a8d46dd3c2ab54 |
| SHA256 | d4acef4728e72dca44c00e02c7b6833dbd26e773f770fbd3f5cc4a044a1cd507 |
| SHA512 | 53281cbba66657d8d28e1b61cc044542ee0b7bf231ca0d4b33c7e4031b277a863321160f3994b8f87bb8eb8ab285ac1acb00d57554b095201d3d0a1f690f92d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9638b6c0f39331a9662c9926b54caf18 |
| SHA1 | bcc34d1b990e1f5259fe3e9618a6ab6022c0b573 |
| SHA256 | 28f2633b4b0c774dda2e4ab5e512e084fb8d24bb9436a9114a05df183839845f |
| SHA512 | 37c29e8730fcad5d6e49eb963c0c339ce5425d785ec7815ca84fc83a72407265b59820f72a092cec77327cd743d70db5b7fe7ff046e290e07444e2a08f6085fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 44091508177dc2a8e4fd3881f9e93afd |
| SHA1 | 2fad68f7af3e4bf9622af4cd1c69211253aada18 |
| SHA256 | deef133cfef7ac23c27bda36c313dbef9550a7037a3a4753d11954b059c4cb71 |
| SHA512 | ecab52858e3f08ede4cbda060e9b79430e17b5ea896eb04d98f9170681b06219c3cf5f7346ad771f058d34fe1cb36f1b4ac195cd9d2e31209b4ab0efe3db4497 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8a4dffd9ce8715a945a284527fd5722f |
| SHA1 | 906c5c66bacfa6eb5770ad8b1ee3be49b365518a |
| SHA256 | 287ee211fdd8555e1c3bce4bcb9c1e9fa265a4a3b2faf788ed731a5f74f35b85 |
| SHA512 | db4cbacdb94df1c35cd9ced61f7166f2ead5b93db4272826ae5c84695437e46dc024c21acf3ff19c8339bc277aca2f561400fac6ddb993fdff596ad71db00a26 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0529cc98eabf9b0a65a90b435946577e |
| SHA1 | 54e1995c70b1643b9a5eb2991859903468a16e46 |
| SHA256 | 96facabeb81bbc2d1e388d572c95eaf9ca0edf46908e0627b87f8c76e11a92cc |
| SHA512 | abc4d04041d0f23911a523e7daff9b43eb9a0b2e10e8d45e900d97b99639c7c2f9278d396496c3bb12484ec555f077d4dce82662d8525251242a3b98a9cf1734 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4472095f952254557f9c20c2a29f0f6d |
| SHA1 | 7fb77f385d0e15e3ce33f8c9b62bb82618c0de90 |
| SHA256 | d247af41dfedb1325162f3db5a4d30dc23154eabf8be7a7c93b37f4ec91d85d5 |
| SHA512 | 86800add86eb819c1905cf34ce9d515b113a8cb47abaf2032d66e8756e5b91cddf2259d23e75345075efb7ef293ac5fe7687ac197ad229fcbdf8a9cf33b3aa16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a840505b8c1501cdb2c0e25f8ad644cb |
| SHA1 | d43b9ea930acd883eb0492903470900b0a81ee6e |
| SHA256 | 85b8894bdd5e0ad6171b5777a903e835b4e66c9273a8a104fea1f4973b272d69 |
| SHA512 | 15db04c7e2fa0b92ece3e342ea90d77f85a1da8e8167352c2833c08ad16b2b241827720c62c46d8ce288fb934ba3bbd9baaaa2c3caf70abbfc7a746967043c0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 65a4a115a129d044c109da3ce8a14086 |
| SHA1 | faaad28c4fe73e147fab922c189dae15af2bcded |
| SHA256 | f23bb9ce31928181a14d67d7274e7b33427f003160fcf29e77125ffc59718abd |
| SHA512 | 25130acaf4d7f3a79769a709235817cc6711184a54d22e030e3a9ccc4f8a21b4dbb2ac6812afc2ffb35adf3c784cc747a915f7bdd3ab6acd05fe0dfa0e0bd0b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3fb7a557b6806f6ed8e91f0891dbbf0d |
| SHA1 | 7420828f6a100fb3b00e61f0c2250d785f3c7db2 |
| SHA256 | 236432eb25ec098bd1d5c61eea0046d43fe5384ead4b3736e492ab869702d86f |
| SHA512 | 3342974acee3fb3e6616af9b661e44d17d203b91d81f215aaaa01906b838637871c2bd247335ec329d8d7944429705b0b1dd2a5cae732e43c54fa463755e7114 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1aafa582f4c30eb21fc79005a0942ed0 |
| SHA1 | acf69cbbb87a423637528ec6f7fe3600f79950a5 |
| SHA256 | 6691d0da7d35bc2475eac596aa26d8d9062af388eac9615d6aa8f2131758a410 |
| SHA512 | 5f0f0d432c662bbb95ef4e2a727a89fb20c2849384ca8468cfd2adc3104bd48fb454a03efb4fc8bbfa8f003d864e26e9637c37f5a5d9488e2c96a59e15d6ea66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ba0c5e80f05f2aa65053f8a1ee735cdd |
| SHA1 | bb7d77e6a6f0ff02dc3444be7abdf91e66a8a90c |
| SHA256 | 8d13abe87333f58fd68f29301b160ef0f209e310598fab3d2fadabdf82410eb6 |
| SHA512 | 3f73d2e66e69bafaec318c3cafe47fed105ce0e98cce39a1b4a110a37edcaf1cacd6506323eb1a6344dc323d9dfce6fb81537c916e0815032f0f93b83f4bcf18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e8619c0fc3b4f482d9ec0acb9ea1e43 |
| SHA1 | aa5059688efe99b259a7c70e95df6a4aed63d1d7 |
| SHA256 | d3330fa5a87f04a0e0ddd9dbf310681c659112a6dfe3d24eb2887dc5d01e3c38 |
| SHA512 | 470ce94a91ee32a00c1dd410432b220ad378e89e7e2f862711ca1eff7b15374654814258fc73b94de4c5026fd5a6124fa4b989222d5389a40e3e25928cc816af |