Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
14-05-2022 22:29
General
-
Target
https://docs.google.com/document/d/164DsnYYdf6vvCPIqWlDpz37lo24vfmuh/edit?usp=sharing_eip_m&rtpof=true&sd=true&ts=62802a6f&sh=55K97kraFDSfR8Bu&ca=1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 47 IoCs
-
Suspicious behavior: EnumeratesProcesses 7 IoCs
-
Suspicious use of FindShellTrayWindow 35 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://docs.google.com/document/d/164DsnYYdf6vvCPIqWlDpz37lo24vfmuh/edit?usp=sharing_eip_m&rtpof=true&sd=true&ts=62802a6f&sh=55K97kraFDSfR8Bu&ca=11⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6354f50,0x7fef6354f60,0x7fef6354f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1164 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1412 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1756 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3392 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3616 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3640 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1516 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3716 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3376 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3220 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3372 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1124,50273960137645328,12021940648591563547,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1868 /prefetch:82⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
1KB
MD56066476921782a0e0f307c545a1553bd
SHA118e136bd49c2d805e6eb14e8e0ffe9d77cdd20ef
SHA256e42fd9363b0234f5f476d0f581d96641b1b2258a0f53c21bbead31affda4e793
SHA51275bb81f45ad5f6b7c7fc621e4d1bc7e30209596fefbfde073c346f0d6f36a90f953a5c08420e2455d29c4608293ce6358429fd70fbb817aaf099502ca6923e6d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_3709B4E5622995C733EE4530EB94C879Filesize
471B
MD537adc5daae60013a9a2b1c3f01320e11
SHA16ef79094670184b96a4431284e31dfccdad6efeb
SHA256ce183e7f9541e38525a96d08f559bdc1ac899bbbb8f839d0c9f3529176be948d
SHA512bd216663ac391b8ab04faf4ae76b69204b8c2e8578485e9fbb641982cb5e74016a12eb5366b7553226e2000ec2879eed236223ab06b56e80c2fef0b103398c72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_7746FAB18C29599D804E41025F6946C8Filesize
472B
MD585305c631b6ae82c1a36d8180c00075e
SHA11215defeb5eddb2431260ca79d3fed7c8ffd2899
SHA256128512cebb302486f3d3411e0df8fbd54e4120c5e4679abe1ed35e7b44e4bc89
SHA51259bc33472314ebc68236fb0c63980de0a8faefbc30b0e2c2e4c190e0caf3f89c6b6dc938e276970cd5b943b6ee52b57df35b0f6af28e36b7f82c19eb94cb548f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
724B
MD55a11c6099b9e5808dfb08c5c9570c92f
SHA1e5dc219641146d1839557973f348037fa589fd18
SHA25691291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172
SHA512c2435b6619464a14c65ab116ab83a6e0568bdf7abc5e5a5e19f3deaf56c70a46360965da8b60e1256e9c8656aef9751adb9e762731bb8dbab145f1c8224ac8f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1F4146032E858CF90AA118759612A65FFilesize
472B
MD5cee669ce44b446b341ad615e004efeb4
SHA1d1fe9ccbc7334ea36ef0825052a3b53e7b852ce4
SHA2569d8175184ce22be5957c382441c0ac7d39f79ea2e84d248949651b74b3fbb29a
SHA51297fb3ffc2a02a99a20d93ddd09017307329b32228c2dc397fa8bf23e5c8d88d2fde53816da2febb1c47610c528151fa370fe84263f8284e8706f44a118b73139
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
410B
MD54fc6eec470c1edf6f4686e326edc460d
SHA13678840443470b4730338cd369a2dec87351309c
SHA2566b758c485bc3af51c377035deb3d83e0f60645f439ff9150b680d6f6ef2b1578
SHA512049167e6240e0e8b66b0e15f9395e1760900f7eaf116ce9c0b781f4117684f5373599d2332538cc5c15b76872933e6736089c801fc270275b1faecf1379890e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_3709B4E5622995C733EE4530EB94C879Filesize
406B
MD53c0cfb9ec579819e1938824e3caef099
SHA1b467db36ad96a40229fd4e93e7399c68b62392dc
SHA256c9bd01b8f20087dc3142076b5568d81e5a1467573d34e0e3f7224e5f05d22519
SHA51205c276f718da2c79415db0684bdfe2c1d3ff5cda44cd6ef5d48db4a37440db53d659ffb0e1a532390bb44771bb07ae827cffc23969ed923e4d4ff11a9f897061
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5cf0611b0d838e0409f80d52416dd44e9
SHA19ab823da0f378d70b5a8dcc1d1e0ce8c096ce8bb
SHA2566a461e6bf6a19503cc3f806894ed636f6f146658dd5e645d6936f723a2807a44
SHA512ca3a65f2eac647f40ad9b8a3a2aa1559d511ab2c1d5ce2ba7b9a45cf3cf1e961dfd5c056cd4f69bddafe78db4fb6fa07c793b0fafaedc37ee0082f0317e478d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_7746FAB18C29599D804E41025F6946C8Filesize
410B
MD57b4edadf406e7a96662480fa371e1fdf
SHA1a8e553ec1a3ab73a263eb8cccdea83fa463d8d0e
SHA2564fe88c1171436436aaa8a8e78ad5a1f78efecd3bb55c63d9afbc3f519a0197e9
SHA51275ccfb8a805763f0fe3ea2846c654195f42fe1446360b96eb8272cc0842f464f1a2c7ac5f03438d83457d1bca269e08d116d56061612ba4648c9a2725d7cdce1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
392B
MD5cde4c7739203d888b90b5e8359e1ff1c
SHA1f6d37176ae3d9832d627d16608d3ab417e6d44cd
SHA25660e17ac299e7f41c0d79c083e763a5089289ffb490d4cb4d35a99f2e9a8e79d4
SHA5129fdfd259e3a39e5176eef86d274c8ca02b269cca8db6055efc2c4e6aa260f43c55877a1ea6d7cf81f329675037712c122bee42eaee7cc30febe37e4df823e9bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1F4146032E858CF90AA118759612A65FFilesize
402B
MD53f970626f09a95763bc98efcdced71e4
SHA1dda466aca1e3e78065d2dbc8903040f6f069969c
SHA25674c84edf081bcbd934c9e386d781d52a18c4ff02bc22f2af96d7a6932b36d158
SHA51227e6cd23b0205b418a42aa85019372d8802f518f4119fec2c25a14ed13c9ee6475b28a239b33d53ca01c9a2638531a322a35200d8c18d25237095a5b96fcf692
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ezmz917\imagestore.datFilesize
9KB
MD5645384a18619841df24f0f4b77c98bd3
SHA14fb1fef085221e0697bc738131d67f3dd20c8b42
SHA256265dfce226385328ebc282e4f64ecfd1b61760089f38e2ba76be9247e8d881e9
SHA512b402f14eaec24c3098aa249c8444b2e56d0bd75ff0bc9d6621bf0839f7728d69c072f95850a77c0bb8736be0698c6b219b0b95d4c3f42801f33dc90b41617276
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NZ7ELS93.txtFilesize
601B
MD5f6f6cfba740710c3d113cec057e190f9
SHA14ad17727acedc193fb7b226b0b687ec7746b23e1
SHA256c60b32204d6973bff265354321a6d29fc5b1ab93ada169a04c2dd20df5490a1e
SHA5127fb219c1bb9c20b903c253f2af23809deddce3b5d3a0934efed07984aae5b3f56ba419b79d0c5f23f5bad66fa348b313b6cbdcaaf8db58fd5ce255b5732edeb2
-
\??\pipe\crashpad_1724_ZAFYXMDIUZTCCDKNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e