577e2c2fc35a9451f6068251488f55c6104175f659ea7a488d4dd517048de744

General

Target

Raport_autoDNA_WDD2073471F127964.pdf
Size

486KB
MD5

036034f5b1f40847464552f28bff3034
SHA1

9e4e9445a06c48e896b60e00ef29a26f2e7b878d
SHA256

577e2c2fc35a9451f6068251488f55c6104175f659ea7a488d4dd517048de744
SHA512

223aa567bb6849cb57d584e10a05369662c0b025ef44ff77e7cbaaec4364e3d587bf9b1fb349d9de21ad51db2164e3a1e5bb45f3fd3f3c8bd5f679576d07133d

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

chrome.exechrome.exe

pid process

900 chrome.exe
2008 chrome.exe
2008 chrome.exe

pid	process
900	chrome.exe
2008	chrome.exe
2008	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

1092 AcroRd32.exe
1092 AcroRd32.exe
1092 AcroRd32.exe

pid	process
1092	AcroRd32.exe
1092	AcroRd32.exe
1092	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2008 wrote to memory of 1080	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1080	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1080	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 268	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 900	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 900	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 900	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe
PID 2008 wrote to memory of 1076	2008	chrome.exe	chrome.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Raport_autoDNA_WDD2073471F127964.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6e24f50,0x7fef6e24f60,0x7fef6e24f70
2⤵
PID:1080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,17337513582730572409,10502009051261138011,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1100 /prefetch:2
2⤵
PID:268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1040,17337513582730572409,10502009051261138011,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1328 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1040,17337513582730572409,10502009051261138011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1784 /prefetch:8
2⤵
PID:1076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,17337513582730572409,10502009051261138011,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
2⤵
PID:1996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,17337513582730572409,10502009051261138011,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
2⤵
PID:868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,17337513582730572409,10502009051261138011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
2⤵
PID:1100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,17337513582730572409,10502009051261138011,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3292 /prefetch:2
2⤵
PID:1668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,17337513582730572409,10502009051261138011,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,17337513582730572409,10502009051261138011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3460 /prefetch:8
2⤵
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,17337513582730572409,10502009051261138011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3612 /prefetch:8
2⤵
PID:2100

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\pipe\crashpad_2008_OQKVREVNANXKLRFM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1092-54-0x0000000075F61000-0x0000000075F63000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads