Analysis
-
max time kernel
101s -
max time network
148s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
22-11-2020 12:33
General
-
Target
www-embed-player.js.download.js
-
Size
152KB
-
MD5
5b76b4e872a88a49eff2a27f2c9d32c3
-
SHA1
246506beb2d61230d14557cb7682c3623adaa835
-
SHA256
47c063fcfc70b2ba6a049683a9b8e1f1fc7907b28aa3fbf2fb0273d493d56f1a
-
SHA512
d0842262596afc662871f9eac2a06c2c4f2ef11bb91dd85280406192d1100d16646f39b0ffa70db70ccffbfdfb5dfd1d812e53526371331bad285d38f3aa20d0
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of WriteProcessMemory 447 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\www-embed-player.js.download.js1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc35786e00,0x7ffc35786e10,0x7ffc35786e202⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1452,7441720822966138541,10735323145146351052,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1464 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1452,7441720822966138541,10735323145146351052,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1820 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1452,7441720822966138541,10735323145146351052,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1452,7441720822966138541,10735323145146351052,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1452,7441720822966138541,10735323145146351052,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1452,7441720822966138541,10735323145146351052,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1452,7441720822966138541,10735323145146351052,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1452,7441720822966138541,10735323145146351052,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1452,7441720822966138541,10735323145146351052,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4212 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1452,7441720822966138541,10735323145146351052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1452,7441720822966138541,10735323145146351052,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4544 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1452,7441720822966138541,10735323145146351052,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3900 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe"C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datMD5
9ebbebc9744902b2b2736616601e07ff
SHA15fad5a743c2f1c4daa9ab0eced051ba8da9590da
SHA256e309e588a2a397e4c2db3e192fcb7d11a6aa25e242b5f09b82043b7c6c43a55c
SHA512a1610ee0ad67d61003f08189d934497f0d3d68c3e62af3069238bab9bb79be8353ace5289c2d1434ae439279d05dc1339060e27e7eea7a55e3325c182ac9c702
-
\??\pipe\crashpad_2232_YZKABLXBZPVAZLBEMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\crashpad_4740_CWQWPDRHUQURPYEAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/492-51-0x0000000000000000-mapping.dmp
-
memory/492-76-0x0000016281DE0000-0x0000016281DE1000-memory.dmpFilesize
4KB
-
memory/492-61-0x000036C200040000-0x000036C200041000-memory.dmpFilesize
4KB
-
memory/580-203-0x0000000000000000-mapping.dmp
-
memory/808-45-0x0000000000000000-mapping.dmp
-
memory/1016-227-0x0000000000000000-mapping.dmp
-
memory/1020-42-0x0000000000000000-mapping.dmp
-
memory/1420-60-0x000065F400040000-0x000065F400041000-memory.dmpFilesize
4KB
-
memory/1420-77-0x000001903D4B0000-0x000001903D4B1000-memory.dmpFilesize
4KB
-
memory/1420-46-0x0000000000000000-mapping.dmp
-
memory/1528-254-0x000001C8C9420000-0x000001C8C9421000-memory.dmpFilesize
4KB
-
memory/1528-237-0x00000CF200040000-0x00000CF200041000-memory.dmpFilesize
4KB
-
memory/1528-218-0x0000000000000000-mapping.dmp
-
memory/1528-242-0x000001C8C75A0000-0x000001C8C75A00F8-memory.dmpFilesize
248B
-
memory/1528-261-0x000001C8C75A0000-0x000001C8C75A00F8-memory.dmpFilesize
248B
-
memory/2008-200-0x0000000000000000-mapping.dmp
-
memory/2136-62-0x0000103100040000-0x0000103100041000-memory.dmpFilesize
4KB
-
memory/2136-50-0x0000000000000000-mapping.dmp
-
memory/2136-96-0x000002284EE80000-0x000002284EE800F8-memory.dmpFilesize
248B
-
memory/2136-75-0x000002284EE80000-0x000002284EE800F8-memory.dmpFilesize
248B
-
memory/2136-85-0x0000022850D30000-0x0000022850D31000-memory.dmpFilesize
4KB
-
memory/2204-154-0x0000000000000000-mapping.dmp
-
memory/2232-113-0x000001E6DFF20000-0x000001E6DFF21000-memory.dmpFilesize
4KB
-
memory/2304-79-0x0000029E71490000-0x0000029E714900F8-memory.dmpFilesize
248B
-
memory/2304-99-0x0000029E71490000-0x0000029E714900F8-memory.dmpFilesize
248B
-
memory/2304-53-0x0000000000000000-mapping.dmp
-
memory/2304-63-0x000058A800040000-0x000058A800041000-memory.dmpFilesize
4KB
-
memory/2304-88-0x0000029E73300000-0x0000029E73301000-memory.dmpFilesize
4KB
-
memory/2308-240-0x000001CFB3970000-0x000001CFB39700F8-memory.dmpFilesize
248B
-
memory/2308-182-0x0000000000000000-mapping.dmp
-
memory/2308-197-0x000011FC00040000-0x000011FC00041000-memory.dmpFilesize
4KB
-
memory/2308-208-0x000001CFB3970000-0x000001CFB39700F8-memory.dmpFilesize
248B
-
memory/2308-226-0x000001CFB5BE0000-0x000001CFB5BE1000-memory.dmpFilesize
4KB
-
memory/2476-177-0x0000000000000000-mapping.dmp
-
memory/3024-147-0x0000000000000000-mapping.dmp
-
memory/3080-34-0x0000000000000000-mapping.dmp
-
memory/3104-229-0x0000000000000000-mapping.dmp
-
memory/3512-64-0x0000473500040000-0x0000473500041000-memory.dmpFilesize
4KB
-
memory/3512-55-0x0000000000000000-mapping.dmp
-
memory/3512-80-0x0000020A1F940000-0x0000020A1F9400F8-memory.dmpFilesize
248B
-
memory/3512-100-0x0000020A1F940000-0x0000020A1F9400F8-memory.dmpFilesize
248B
-
memory/3512-89-0x0000020A217B0000-0x0000020A217B1000-memory.dmpFilesize
4KB
-
memory/3748-0-0x0000000000000000-mapping.dmp
-
memory/3860-43-0x00007FFC50EE0000-0x00007FFC50EE1000-memory.dmpFilesize
4KB
-
memory/3860-41-0x0000000000000000-mapping.dmp
-
memory/4120-187-0x0000000000000000-mapping.dmp
-
memory/4128-145-0x0000000000000000-mapping.dmp
-
memory/4136-222-0x0000000000000000-mapping.dmp
-
memory/4140-172-0x0000000000000000-mapping.dmp
-
memory/4204-183-0x0000000000000000-mapping.dmp
-
memory/4216-180-0x0000000000000000-mapping.dmp
-
memory/4276-71-0x0000000000000000-mapping.dmp
-
memory/4280-234-0x000001DEBF4A0000-0x000001DEBF4A00F8-memory.dmpFilesize
248B
-
memory/4280-205-0x0000000000000000-mapping.dmp
-
memory/4280-223-0x00002FA700040000-0x00002FA700041000-memory.dmpFilesize
4KB
-
memory/4280-256-0x000001DEBF4A0000-0x000001DEBF4A00F8-memory.dmpFilesize
248B
-
memory/4280-247-0x000001DEC1F10000-0x000001DEC1F11000-memory.dmpFilesize
4KB
-
memory/4300-152-0x0000000000000000-mapping.dmp
-
memory/4368-150-0x0000000000000000-mapping.dmp
-
memory/4388-206-0x0000000000000000-mapping.dmp
-
memory/4428-162-0x0000000000000000-mapping.dmp
-
memory/4428-86-0x0000000000000000-mapping.dmp
-
memory/4456-157-0x0000000000000000-mapping.dmp
-
memory/4468-211-0x0000000000000000-mapping.dmp
-
memory/4472-216-0x0000000000000000-mapping.dmp
-
memory/4496-91-0x0000000000000000-mapping.dmp
-
memory/4508-232-0x0000000000000000-mapping.dmp
-
memory/4520-167-0x0000000000000000-mapping.dmp
-
memory/4556-165-0x0000000000000000-mapping.dmp
-
memory/4568-159-0x0000000000000000-mapping.dmp
-
memory/4632-213-0x0000000000000000-mapping.dmp
-
memory/4664-170-0x0000000000000000-mapping.dmp
-
memory/4680-221-0x0000000000000000-mapping.dmp
-
memory/4704-175-0x0000000000000000-mapping.dmp
-
memory/4720-233-0x0000000000000000-mapping.dmp
-
memory/4728-124-0x0000000000000000-mapping.dmp
-
memory/4740-125-0x0000000000000000-mapping.dmp
-
memory/4764-127-0x0000000000000000-mapping.dmp
-
memory/4788-189-0x0000000000000000-mapping.dmp
-
memory/4828-129-0x0000000000000000-mapping.dmp
-
memory/4856-191-0x0000000000000000-mapping.dmp
-
memory/4880-131-0x0000000000000000-mapping.dmp
-
memory/4924-133-0x0000000000000000-mapping.dmp
-
memory/4964-195-0x0000000000000000-mapping.dmp
-
memory/5020-198-0x0000000000000000-mapping.dmp
-
memory/5036-141-0x0000000000000000-mapping.dmp
-
memory/5048-142-0x0000000000000000-mapping.dmp