Analysis
-
max time kernel
192s -
max time network
194s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
-
submitted
02-08-2022 10:28
General
-
Target
sample.html
-
Size
1KB
-
MD5
9d90e114e839e220f26dc67641381180
-
SHA1
06963e2e95f3f2f512d848ef0169b8d72bfe18cf
-
SHA256
1599cf392a5a3efae97a43625d54b67ae0dd75b6b36720fa7d6925ac274e04e1
-
SHA512
7169a00cc1e5d6c8c62ade0760af0b3e067c06ad5f5f596e84ccaf993f597f60faea39132268e15f59a02f889f9ef4fcba70b76aa58150d21ee2319a65ec174d
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL 1 IoCs
-
Themida packer 10 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Drops file in Program Files directory 7 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 36 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 63 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4432 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c30a4f50,0x7ff9c30a4f60,0x7ff9c30a4f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1668 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1984 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4948 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5088 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5224 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5212 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5528 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5344 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5032 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3780 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2752 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5516 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=808 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2412 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6224 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6344 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6288 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6332 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4328 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3268 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,7187116976412770778,10203890888251162466,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"1⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2820_611750037\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2820_611750037\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={542d6436-e365-46df-be34-fd0f395369ff} --system2⤵
- Executes dropped EXE
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\xWNbUVFLOi5G.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\release\x64\x64dbg.exe"C:\Users\Admin\Desktop\release\x64\x64dbg.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\xWNbUVFLOi5G.exe"C:\Users\Admin\Desktop\xWNbUVFLOi5G.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Sets desktop wallpaper using registry
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2820_611750037\ChromeRecovery.exeFilesize
253KB
MD549ac3c96d270702a27b4895e4ce1f42a
SHA155b90405f1e1b72143c64113e8bc65608dd3fd76
SHA25682aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f
SHA512b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3Filesize
141KB
MD5ea1c1ffd3ea54d1fb117bfdbb3569c60
SHA110958b0f690ae8f5240e1528b1ccffff28a33272
SHA2567c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d
SHA5126c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf
-
C:\Users\Admin\Desktop\xWNbUVFLOi5G.exeFilesize
5.0MB
MD56684f64f8d4f71afa600a88f52b7cdec
SHA19099fed76121afdaaae78ab7ba87f10a8f83c339
SHA256aa263157b8f202e98ffa7b7db6aa3488b763730903578ae6e3e5735c181632c1
SHA512f291c53657aeeb1d45e3adc4bce4494666559c02e5c73010533428d09b519a1a814870b6b5e02d7882721d516519cf38ce5cfcaa3c03cd3cebb5c5a325a6dd0a
-
C:\Users\Admin\Desktop\xWNbUVFLOi5G.exeFilesize
5.0MB
MD56684f64f8d4f71afa600a88f52b7cdec
SHA19099fed76121afdaaae78ab7ba87f10a8f83c339
SHA256aa263157b8f202e98ffa7b7db6aa3488b763730903578ae6e3e5735c181632c1
SHA512f291c53657aeeb1d45e3adc4bce4494666559c02e5c73010533428d09b519a1a814870b6b5e02d7882721d516519cf38ce5cfcaa3c03cd3cebb5c5a325a6dd0a
-
C:\Users\Admin\Desktop\xWNbUVFLOi5G.exeFilesize
5.0MB
MD56684f64f8d4f71afa600a88f52b7cdec
SHA19099fed76121afdaaae78ab7ba87f10a8f83c339
SHA256aa263157b8f202e98ffa7b7db6aa3488b763730903578ae6e3e5735c181632c1
SHA512f291c53657aeeb1d45e3adc4bce4494666559c02e5c73010533428d09b519a1a814870b6b5e02d7882721d516519cf38ce5cfcaa3c03cd3cebb5c5a325a6dd0a
-
\??\pipe\crashpad_2764_XVACGVQEVVKXLKPMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/4156-135-0x0000000069CB0000-0x000000006A1FA000-memory.dmpFilesize
5.3MB
-
memory/4156-134-0x00007FF9BDC40000-0x00007FF9BE15C000-memory.dmpFilesize
5.1MB
-
memory/4156-136-0x0000000069CB0000-0x000000006A1FA000-memory.dmpFilesize
5.3MB
-
memory/4156-137-0x00007FF9BDC40000-0x00007FF9BE15C000-memory.dmpFilesize
5.1MB
-
memory/4156-183-0x0000026DB1E30000-0x0000026DB1E40000-memory.dmpFilesize
64KB
-
memory/4236-132-0x0000000000000000-mapping.dmp
-
memory/4508-157-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-164-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-143-0x00007FF7BF900000-0x00007FF7C05B8000-memory.dmpFilesize
12.7MB
-
memory/4508-144-0x00007FF7BF900000-0x00007FF7C05B8000-memory.dmpFilesize
12.7MB
-
memory/4508-145-0x00007FF7BF900000-0x00007FF7C05B8000-memory.dmpFilesize
12.7MB
-
memory/4508-146-0x00007FF7BF900000-0x00007FF7C05B8000-memory.dmpFilesize
12.7MB
-
memory/4508-147-0x00007FF7BF900000-0x00007FF7C05B8000-memory.dmpFilesize
12.7MB
-
memory/4508-148-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-149-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-150-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-151-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-152-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-153-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-154-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-155-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-156-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-141-0x00007FF7BF900000-0x00007FF7C05B8000-memory.dmpFilesize
12.7MB
-
memory/4508-158-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-159-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-160-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-161-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-162-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-163-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-142-0x00007FF7BF900000-0x00007FF7C05B8000-memory.dmpFilesize
12.7MB
-
memory/4508-165-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-166-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-167-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-168-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-170-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-171-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-172-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-173-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-174-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-175-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-176-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-177-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-178-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-179-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-180-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-181-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-182-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-140-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-184-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-185-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB
-
memory/4508-186-0x00007FF9E0D30000-0x00007FF9E0F25000-memory.dmpFilesize
2.0MB