Analysis
-
max time kernel
77s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
01-06-2022 16:57
Static task
static1
Behavioral task
behavioral1
Sample
70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37.bin.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37.bin.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37.bin.exe
-
Size
413KB
-
MD5
7540c893f18b33b0e4d6a1fba417ab0e
-
SHA1
5c7746c6f8f13eb18ecd41ea3ecd4b5de51e3519
-
SHA256
70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37
-
SHA512
e9d8b20516b8083df1e35ac0be4fd5491a0cf450bf152f8c8d0b9776d3536c1f0249b3d8af09ca575a734d0552ea90e62410b1cb24a1f423cc72b72f9878e473
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 268 chrome.exe 1404 chrome.exe 1404 chrome.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe 1404 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1404 wrote to memory of 1560 1404 chrome.exe 29 PID 1404 wrote to memory of 1560 1404 chrome.exe 29 PID 1404 wrote to memory of 1560 1404 chrome.exe 29 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 544 1404 chrome.exe 31 PID 1404 wrote to memory of 268 1404 chrome.exe 30 PID 1404 wrote to memory of 268 1404 chrome.exe 30 PID 1404 wrote to memory of 268 1404 chrome.exe 30 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32 PID 1404 wrote to memory of 1228 1404 chrome.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37.bin.exe"C:\Users\Admin\AppData\Local\Temp\70b278b5e01f7cc409a112892e8f2ff243afa0d0815d060e31a813ba24316d37.bin.exe"1⤵PID:1936
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefadb4f50,0x7fefadb4f60,0x7fefadb4f702⤵PID:1560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1052,15970918125027749858,3541205733855252867,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1260 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1052,15970918125027749858,3541205733855252867,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=968 /prefetch:22⤵PID:544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1052,15970918125027749858,3541205733855252867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1648 /prefetch:82⤵PID:1228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,15970918125027749858,3541205733855252867,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:12⤵PID:1920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,15970918125027749858,3541205733855252867,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:12⤵PID:1928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,15970918125027749858,3541205733855252867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:1384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1052,15970918125027749858,3541205733855252867,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3284 /prefetch:22⤵PID:1612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,15970918125027749858,3541205733855252867,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,15970918125027749858,3541205733855252867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3440 /prefetch:82⤵PID:1576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,15970918125027749858,3541205733855252867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3540 /prefetch:82⤵PID:1320
-