hxxps://aka[.]ms/AAb9ysg

Analysis

max time kernel
60s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20241007-es
resource tags

arch:x64arch:x86image:win10v2004-20241007-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
21-01-2025 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aka.ms/AAb9ysg

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133819365591447526"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 4468	4944	chrome.exe	82
PID 4944 wrote to memory of 4468	4944	chrome.exe	82
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2036	4944	chrome.exe	83
PID 4944 wrote to memory of 2960	4944	chrome.exe	84
PID 4944 wrote to memory of 2960	4944	chrome.exe	84
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85
PID 4944 wrote to memory of 4784	4944	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aka.ms/AAb9ysg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdae85cc40,0x7ffdae85cc4c,0x7ffdae85cc58
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,2876304813298711344,8860170806763184288,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2180,i,2876304813298711344,8860170806763184288,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2036 /prefetch:3
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,2876304813298711344,8860170806763184288,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,2876304813298711344,8860170806763184288,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,2876304813298711344,8860170806763184288,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,2876304813298711344,8860170806763184288,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3408,i,2876304813298711344,8860170806763184288,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:4804

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
efcab5db9f597cc003f1dd506d9d35c7

SHA1
1b3a00c625ee43ba08cc7033ac4fcc5f6953df57

SHA256
20b17d10a4d7cd30e1073784f074dd968e7afab968457e97fc4ebe11a9a959a8

SHA512
3225d0b5bf702153e525e40fa2415df7942cf9c05aae7af032e8869205e64160bc09dc24592823230e40865ccb0a5e559d478e51716c007d62f47597f6279fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
f8f1f2753a53cbcb4f0dd103e18e0718

SHA1
8b8a17c43b59f26c2da7eb55435d28cdc5f5b562

SHA256
fef582c9724226685a9eb8c2639a7dfa262fe4afe1459bffec6de7d61dd69f69

SHA512
6d54eb6ecea1c2458f6ee48ecff5ada2ab144dfcba13a407e538e1921a1f1aa468e70b94425761e95f1321496ec0b25c770946c10e7b544f65c1cb2453709b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
783c298de7050b520cab3ca7a8c98518

SHA1
63d104a3e3e42a1b2e03f4a418ff250e2de2744f

SHA256
c8b353e5f152bb572e66c49725df9f54c4fc46c0df57686001caac2ca83e2da8

SHA512
d317551735db2ed65604ab413027c86a816be56b450bb75268e0309b6fe90e9d67e4ab5775f067b2d99ae202700b12be6bcd3756323f331bac7165ae6b186600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ceeeeb7adb888c617f0a7189e566eb7

SHA1
4bdabd9d53ff9d22d555d4beabc306c09abc0133

SHA256
0e0ac8b3e8d1e64582442684e582b8eca9f9f8046dd3a4e582e04805475b4c6e

SHA512
3e56b6de400579839986a75e34a04f12e6ba89cf5ff60c7292c0061a0b8d9fc3d3e8b5ce1123d617f5362e315777705d941affaa84fd36a93a588bfa3ffa4b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5816b5430843bbb38fe1636aa98e8526

SHA1
639c97ada19ad671ffb0422af10fd148269993d1

SHA256
4cedef02c96f78b9887d5bac2758b9c84fcfd9bd89174511e533d653cd4e8665

SHA512
4584d026ab70e2c2ab5930124d14a495a459881629c195b115155306e005dfd85ad8e42b807062c7bfdf866aac5591126ca373329654d5a9434ebc6a708a50df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
7d85826e5655e851674645773ee3221c

SHA1
355b789c0f0a537a630fd515063f94b0f85cdd4b

SHA256
7315e2a346d58147bba2a24c2196e64e4735c698454f03f0a9938f7c5e47b374

SHA512
de5d239317601ed93c79510f7331fb6d38303fced416eacb8947449851563d985eb2bfce1289d8d50440b6688de482aa6d590c63ffce3d72a01ddd3ed580352c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
64cf336a5bd1917f08d448fa87ad88b1

SHA1
d1b151ecf52296e3aa3fefd6735ec059c199c574

SHA256
12c4b5dd1982b9c411086efb170b960bb26abb6beba8a703731af687622c73af

SHA512
141af0f06768a1613af85918f6cbf4aa44cfaf79ea622ecb086cfb987fcdb3cf71ae3e948f275b7e7d0a45ad2242de7744e4776212f6aa4ae334838fdb3deb9c

Download Submit