Overview

overview

3

Static

static

3

2214/coordinator.exe

windows7_x64

1

2214/coordinator.exe

windows10_x64

3

launch.bat

windows7_x64

1

launch.bat

windows10_x64

3

Analysis

  • max time kernel
    278s
  • max time network
    330s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    15-07-2021 16:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2214/coordinator.exe

  • Size

    9.6MB

  • MD5

    d4ead13be3274f2b42fb3b53ff142cd9

  • SHA1

    d7cb84bcb2c3e4f57171462000c125f35e63f7e8

  • SHA256

    554f8fea1460df263070edd9f0b5cf2905fa677e744b53734ffc0b321ca311b2

  • SHA512

    6aada02815a75297f57c81cb8ac3db54b8cfd4888d586445f23b6f7296c9a9a167bafe5a3f581bd795e4f18e7a0cde660c9552612d706dbd88e3121477111233

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2214\coordinator.exe
    "C:\Users\Admin\AppData\Local\Temp\2214\coordinator.exe"
    1⤵
      PID:1728
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:360
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5ff4f50,0x7fef5ff4f60,0x7fef5ff4f70
        2⤵
          PID:656
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,17038353500555955783,16427693878180563761,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1040 /prefetch:2
          2⤵
            PID:1652
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1028,17038353500555955783,16427693878180563761,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1384 /prefetch:8
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1720
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1028,17038353500555955783,16427693878180563761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1796 /prefetch:8
            2⤵
              PID:752
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,17038353500555955783,16427693878180563761,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
              2⤵
                PID:1728
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,17038353500555955783,16427693878180563761,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
                2⤵
                  PID:1328
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,17038353500555955783,16427693878180563761,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1
                  2⤵
                    PID:1340
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,17038353500555955783,16427693878180563761,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1
                    2⤵
                      PID:1996
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,17038353500555955783,16427693878180563761,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2452 /prefetch:1
                      2⤵
                        PID:1184
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,17038353500555955783,16427693878180563761,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2408 /prefetch:1
                        2⤵
                          PID:1216
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1028,17038353500555955783,16427693878180563761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3320 /prefetch:8
                          2⤵
                            PID:2268
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,17038353500555955783,16427693878180563761,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3708 /prefetch:2
                            2⤵
                              PID:2324

                          Network

                          MITRE ATT&CK Matrix

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                            MD5

                            b7d9cbd4de951107d6196af2df964b3c

                            SHA1

                            1fbb1d1378dcecfdc7a0c6b8873f4e89258259a4

                            SHA256

                            500c2e6fabc571d3d84eba154a3d4512e96f9005f4fda0b6cf91bf7084f1ce3e

                            SHA512

                            96502ac1b21bd17848655234385f9188fa04f3cb4fedaa1f7494aa3ff6805eb1adb7be8b6ef89e326e9a91d65c675789480b4e87abc9d183ba01c00719fc1d28

                            Download Submit
                          • \??\pipe\crashpad_360_QAYJBQLSQDDGWYCQ
                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                            Download Submit
                          • memory/360-88-0x0000000006AA0000-0x0000000006AA1000-memory.dmp
                            Filesize

                            4KB

                            Download
                          • memory/656-60-0x0000000000000000-mapping.dmp
                            Download
                          • memory/752-68-0x0000000000000000-mapping.dmp
                            Download
                          • memory/1184-82-0x0000000000000000-mapping.dmp
                            Download
                          • memory/1216-76-0x0000000000000000-mapping.dmp
                            Download
                          • memory/1328-74-0x0000000000000000-mapping.dmp
                            Download
                          • memory/1340-80-0x0000000000000000-mapping.dmp
                            Download
                          • memory/1652-65-0x0000000076EA0000-0x0000000076EA1000-memory.dmp
                            Filesize

                            4KB

                            Download
                          • memory/1652-63-0x0000000000000000-mapping.dmp
                            Download
                          • memory/1720-64-0x0000000000000000-mapping.dmp
                            Download
                          • memory/1728-71-0x0000000000000000-mapping.dmp
                            Download
                          • memory/1996-86-0x0000000000000000-mapping.dmp
                            Download
                          • memory/2268-90-0x0000000000000000-mapping.dmp
                            Download
                          • memory/2324-93-0x0000000000000000-mapping.dmp
                            Download