Analysis

  • max time kernel
    299s
  • max time network
    287s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-12-2024 19:42

General

  • Target

    a1s-root6=email_banfield_2024_12_12_18_API-4Y8LGw4pXVzKtYpq-2024-12-12T18_15_04.eml

  • Size

    34KB

  • MD5

    8a661d61670b8c128c99e7b9d79508f3

  • SHA1

    0a87eac05c4cef82ae5b9ad24a3037066f4b0454

  • SHA256

    3f43257a362c9be5875ab171603766400c0dad5eaa48bbe70b6de3dfc8bd613d

  • SHA512

    5dc3e9477566587401349462a5aea281c1cfbdfb91b0711269b7046148754219b488ea8a8ee3a84daed8268e1bb056f13b4ab71d28b0b110074672fc270ceff5

  • SSDEEP

    768:ek4lJ23HkdbhFl9JyxhD3jaup3rdhbaY8LTMrns7JROFetnvJ:ek4lJ23HkdbhFl9JyxhTCY8ys7Jzxx

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\a1s-root6=email_banfield_2024_12_12_18_API-4Y8LGw4pXVzKtYpq-2024-12-12T18_15_04.eml
    1⤵
      PID:1988
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3548
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd0b6acc40,0x7ffd0b6acc4c,0x7ffd0b6acc58
        2⤵
          PID:4700
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,13919999605765532273,16556361760853112920,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1964 /prefetch:2
          2⤵
            PID:4968
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,13919999605765532273,16556361760853112920,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2244 /prefetch:3
            2⤵
              PID:2196
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,13919999605765532273,16556361760853112920,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2492 /prefetch:8
              2⤵
                PID:2152
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,13919999605765532273,16556361760853112920,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
                2⤵
                  PID:3100
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3284,i,13919999605765532273,16556361760853112920,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
                  2⤵
                    PID:3096
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4520,i,13919999605765532273,16556361760853112920,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:1
                    2⤵
                      PID:3528
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,13919999605765532273,16556361760853112920,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
                      2⤵
                        PID:3140
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,13919999605765532273,16556361760853112920,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4920 /prefetch:8
                        2⤵
                          PID:3472
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4860,i,13919999605765532273,16556361760853112920,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3684
                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                        1⤵
                          PID:3180
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                          1⤵
                            PID:4316

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                            Filesize

                            649B

                            MD5

                            7c35bc41dd02b88a63e479284f62b7b3

                            SHA1

                            e3d8f45967ae2c1e9f091ae3726df3652e892afa

                            SHA256

                            b7d973045ce5e9154d59a362083ec24cbf97ae5dddb154b817f54734544db66d

                            SHA512

                            c987e52ee6a0558a8f1db4608bc5d07852f757ba245ce9ab010791bfe593b1e2dca69427bd1034682484faa6a96b19c5bb77e025147a1a160cfb38860e1a91cc

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            513fe376faaa4dd39b541aa1a24030fc

                            SHA1

                            de11deb1bf50f4af4857aee5955c64c119d60785

                            SHA256

                            f3a6157593153ce77baf13a7613427a57f1140217ab49fee7609e946697222bb

                            SHA512

                            3b046f50f6f71d30000436ce10d500012728c828f2a0f13063fc121d9e76d9549dcef372a609163144b9037683bdd7cc3463f5ed9189f8cafd98379c65e83796

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            cc56ea07169ec46f89b1de04b2c9b0e0

                            SHA1

                            3043ac90a8e68b3d9d2e4f6790907224fd82e8f3

                            SHA256

                            5997cd746e6d3fe51a18697e98a42cf53a084424df4b917e5144892fcac9ca08

                            SHA512

                            6d629b31cce542edd3de6cd577b3f496ddf64f03f9a772cc33221ccc8ae15e56b3c95852074f4de2771ff1fc37b57674ffc66d7bb843c08e42ee96823a736b56

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            bae23db1a2f0fa1e01ed5fa9e8851d9c

                            SHA1

                            b156a77038d739a7aededd83f34963009e8ad4f4

                            SHA256

                            f95e2922ab63bf77ca6536333d6b66d001fef06084e89dfdb6a7a0ecae6b347b

                            SHA512

                            ebab6d2f5d3b35c46e1482b28e6abc9960818fbc1bac81de4632b7cc7431793b38ba4e28088f3ab5cc72ab348feefe747671c88390c98b0f974df82322d7a80d

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            cab64beb7dc61c30dabccca8e2c5a0e2

                            SHA1

                            cf6c3d2fc77c076d254aff7e59a2499da90cea7f

                            SHA256

                            71f0787200254513bacd0e825995f228e542ae27e22b6cb6b9cfb8216bdcc7bc

                            SHA512

                            183daf0bb1e5bf07fde8bf64ce313dab7ed4db404cd468d17d6d511b2014f0b5efb3d1570a525dbe7a0ecf4cccafce252d8febfc1f92e12561a11bb77a31fc6d

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            96290d306cb39f4e89e45e4c7ffd701b

                            SHA1

                            2b6ed25b6be7486868acbf81a627a4c7fb5823b5

                            SHA256

                            21d3a73d2db3f25d4ad7c16eb0f7a7099d823ffd6b46076166f15dba6cdb7e07

                            SHA512

                            6046a3041b883ca365078ead1c8b4f44332ad05725c7ade31efaab2fe970735027d1e5da16ee00f5decc6d7b35ba8e46f98456178ca816e926e901f5c433bc2b

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            b6e9a116a1d6897d09b7050e9a56f8ee

                            SHA1

                            cf3e77337101e05927adbf0353c5e53214e128cd

                            SHA256

                            44c9483d1c00ba90f7863809ed9c54549314c8eed1bd416a2cfd9b53ea3e29c4

                            SHA512

                            b69a4028c8daaa58ec0d4e0958c6c8def270e724004adc28f62cf89960150215290c368b555dbb40bc92cf9cff9a46cd1164d1e1311ecc034dcf8c73160a21fc

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            d457b6b3d87697596b6b97bc6cdb9cb1

                            SHA1

                            de669d811272033e516157f249bb11d084808744

                            SHA256

                            ff01ec886b2e6ab62c23fcdf7d53060ca7314dd29a5199dce065744dc944624e

                            SHA512

                            f1f86ca427b49ca7c2233748b29eb6a3bff6866d55f57f1876de626db11fc3d9dd40342de428aa8619d773ebd7c495b6b4f3f9c2acee7da76a927986f3366a15

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            dfec6853389e6db7dc06f0f9d50d7a54

                            SHA1

                            7a2eefeb9f37bafdcd81c882b6c22a0b82de4599

                            SHA256

                            174d9fcb08490970451b1c7404ec3d3de1239e7f41c7920dd50a346671bbe8ea

                            SHA512

                            cadf04c7cfa0d207a9cfa5763db92116297d1a2270ebe022a16f6fbdf4504e2a67a4237daeea577a5fd0525a761a38ded9856a3d68b8dd61756d80f12f481193

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            6a601f992bcbc3d033a01fac77170b63

                            SHA1

                            8630f005f668bcba93544d0d344ea602f8069fab

                            SHA256

                            867b40727d8e50cabb4ea9f8cd378d4e812325bde4e76cc0b793270839d1c490

                            SHA512

                            1770e6b5eac4b617acf34fc673fa869b5d067170dcfac8d091bf654d327d82078da4b62dd4eef6905ad957967812902be871e09751515865868a8d13803f79a5

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            f3f35f9b266592690d6aaa16f4812536

                            SHA1

                            4c927f16b10473faa1d6d4b7e7a07cd41758f8d0

                            SHA256

                            5d14f50963a51ab4b1c28325518d87bd2aaaa587282c523321f834ec32dd58ae

                            SHA512

                            b3905b0299dfcb22a93978b68aaefcb0556b9d9015fe86aaa4c5e7808bbbb886785d77dc3a0c3c580e47f2b32724429b2127fb3feac1496dde20d70b602c44a2

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            3d740f76425e9a6d5941e64119574a67

                            SHA1

                            825d232df648a3fc4e976035b3372f6047003315

                            SHA256

                            016a7462b04912e90a858d660ab42c68883cb3e1a14707592e920ddd47c40bd3

                            SHA512

                            5b40843ecfe6d6a17fb19574138cbce1682773b11d30c627f0dbde8f9f16b7486aa88ec5ef20d5d57e03ae1890d66bcea4d083c1538e21ba13094eea0b07c7a9

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                            Filesize

                            15KB

                            MD5

                            d4ceeda61c2404944697b12db04ab738

                            SHA1

                            0936d3dfe1267e07d3e7f63ecffb2e7f61f2dff3

                            SHA256

                            6b41d44ec1cbe08f886a6dfc782bd4d4b253b8283deca61e4d4fb694f75cc6ee

                            SHA512

                            b93815fd7d75e2af6aa2c3d4c934bedfb2e0255943243885f498a70809fecd8979d5bf3316334586b838f2c32da2f546628fdb9c20c4813dcd62e922338a1eca

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            231KB

                            MD5

                            40fedd0ce0d325fc73fde66c0d1202dc

                            SHA1

                            357e19f25fbb6e5b189de3b9984bd3ef22afcc01

                            SHA256

                            418496ca9d533733ebd6dcefda3b571e379d69651ff9a8b332d28dfb233d993d

                            SHA512

                            451dc0ca55205a5a982f9ee7da536c7252512440436789f4620eb49f5aeca6cafbf16bfc93e099a7e6c9090b65897b4d3c2686674d7d054cc3ab0eff79d41e9d

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            231KB

                            MD5

                            f2f2bea1e8cf40551b3bf167ccc02280

                            SHA1

                            61bdc301e23a0fd662321815b3d94d7b6824e3a3

                            SHA256

                            4a191ef6ea5a9a4e8dca831260787212d804fc039c9f287083338829fec9755f

                            SHA512

                            0a018e364df787295861958cc73c4c4d8befb1fc92b42d14f0e1a3d9addc8b1833468867f2471fda8eda4793d62f4481c387485870e8804f64f33ee789d0da3f