hxxps://is[.]gd/CmxYJL

Resubmissions

23-12-2024 20:52

241223-znrh6a1ler 1

23-12-2024 18:06

23-12-2024 18:03

23-12-2024 17:00

23-12-2024 16:51

Analysis

max time kernel
43s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/CmxYJL

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133794463172886120"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 4196	4532	chrome.exe	82
PID 4532 wrote to memory of 4196	4532	chrome.exe	82
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4276	4532	chrome.exe	83
PID 4532 wrote to memory of 4024	4532	chrome.exe	84
PID 4532 wrote to memory of 4024	4532	chrome.exe	84
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85
PID 4532 wrote to memory of 3004	4532	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://is.gd/CmxYJL
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff994eecc40,0x7ff994eecc4c,0x7ff994eecc58
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,7044066990156581966,11059291200131394458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,7044066990156581966,11059291200131394458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,7044066990156581966,11059291200131394458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,7044066990156581966,11059291200131394458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,7044066990156581966,11059291200131394458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,7044066990156581966,11059291200131394458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4404,i,7044066990156581966,11059291200131394458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:8
  2⤵
  PID:872

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a374245c9bf9b92f9c08d2edad13c83a

SHA1
419c35c87ea80af24a517901acf1adb8d27da1d4

SHA256
af43e5f92ef20ca773c5938eba4d99aca254eb4f970488e6ce08b8ac92378165

SHA512
1950f5dce816009a5145181ffc41bef3866cb68efb8860dd128bf6efb53858f3612b17821f98bfbdd8f3de2e3b1f32187da447e8d00fc95dbb5f2f3d8ea68c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
8c8a3078ea4c243284ff85f54442e25d

SHA1
8fdd74b36efc1e95d199d1c262e09b2ebd214f16

SHA256
1e0c1036c3d30630e307f1cf6e3b6bfe62cfc04d938d26c7cbd0541fa3c8d7da

SHA512
bcbe6e30724b1330847c4b013371f32c1e73c5c9b5e83818b990ed3ad16d0ca13037574da6a7b9fcaf69620157a61516a65af978ce688f71e541d75098cd6cd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a24cbf092b3ae7aced1e8a4b58cafe39

SHA1
711191b10084100a9ecbcda280318a8d594cdc6b

SHA256
61ce543f4d8329603d1eb746ec57f32d4d2494b560b0e97be0a4730ff9bce03e

SHA512
bcfff6373edab0fc7ca8189439b55010db05d2a184d2e4c11a709f90421125395fd15018630ef4599a9bbda4d0d7c30a6dca2b7070c7c5cb9b085e4b4013010e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1842d6dfbcb90261d701b5a9c83221bb

SHA1
4c85fea59dae411c954ed979a5d2be67545d2001

SHA256
2d2a70aa48dac8785ead0a65341828210b52eec5fe9292f1a6dfc79b5a386062

SHA512
e6ab6ba669b8d9f477855762af2fe246fed273fbc4bae0b90bc74f5b1c74d6d72d998461472e817d8438bce1ff26f44f4b93a89180a1280157627c09d14ab821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b8ae51d333eb5765cff82c52b91da08

SHA1
c0457fd98ebe348cf6def32532b611c9f5cbcd03

SHA256
2cd0789a31adc871dafdb2695a4c7f1139a669afd9cf912c2041c75c8570ef22

SHA512
591e9b1907881afacea70263320f84d5642c4ee70bbd71e32aa527d396c8019df14f9936dc36746f2d68dd793e22afb0a4b6bb97e0fb431c42864c8baa81f71d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78588f350bd20974cd63f0823ae678e4

SHA1
50c16ab16422266d2881df84b27d364a2f1cdf70

SHA256
d8f781762f9f9d7dd5118fbc6735351fd4eb151c9c3713d22b699324e79c8eb4

SHA512
8eb9492b262e6266fb4540d5e95b8e700ce4aa3868c88140632ce9b61705867d8657a10966fc55803706153584178753e9dc08ac6cb06c1eb35d02f1ae369eb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
4f539fd147811958029be4a1638f8994

SHA1
21f3c1ff954c65b8bd30790e32d5bc282316ed12

SHA256
b6ef2eb39488adbf7095cc6afa3bbf8febf218563053a5a5192a3be6f764ca2d

SHA512
5e9c0db91c3be01fcd72624898aa209d9eb3c129182290c74f520a84e9e8679e0998d7946f9a372c63560b3cab82df0274be2514f12177ffc096476c7994b08b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
91283c310c4858a06d86be73c3945fc6

SHA1
a2a8dba409b31e2369ec2d246dac748dffc7f94b

SHA256
22b41e3e1622e5ca60e46f9eb5536c4d5375294a5310d473055095b79e0f4abf

SHA512
6545f3bfae219cdb0947e7f5a1b141346a4e61704129cc2f353d23c60c66b0db1de2efdb686b95211e982fee6d84c47f37803652e2771b326d8a90db4f9a0817

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit