Resubmissions
27-10-2022 20:13
221027-yzsd6adce8 827-10-2022 20:06
221027-yvdefadcc9 127-10-2022 19:29
221027-x7c4rsdcgk 10Analysis
-
max time kernel
329s -
max time network
326s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
27-10-2022 20:06
General
-
Target
https://cloudsslack.com/index.php?uid=9871d3a2c554b27151cacf1422eec048
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 5 IoCs
-
Modifies Internet Explorer settings 1 TTPs 52 IoCs
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 36 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://cloudsslack.com/index.php?uid=9871d3a2c554b27151cacf1422eec0481⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1648 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1648 CREDAT:82950 /prefetch:22⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff3cf04f50,0x7fff3cf04f60,0x7fff3cf04f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1696 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2024 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2332 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4528 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4660 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4800 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4584 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4724 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3100 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4680 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2700 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3344 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3808 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5564 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,8670539561430247545,8703366867609017319,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2620 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751Filesize
717B
MD5ec8ff3b1ded0246437b1472c69dd1811
SHA1d813e874c2524e3a7da6c466c67854ad16800326
SHA256e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab
SHA512e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
471B
MD5814a08d516045778f799a5c6407df23a
SHA181eac45a1e09f375443bfe5f8bda934afd9f30f3
SHA2568caef6d991ca56a10ceb809856757cd5eaaa118473650f31e9b5f5909bd317fe
SHA512e22808557d2a8182ef2a6662edc3f5f022eb1efad3702e708f86c4b9a25bf62a8bf1e84bbbd1c3575d4715588d797af0fee6d5ef8e913f0deb8fdacc80f335c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B51E43CFAD754DADACE0C97929790E28Filesize
503B
MD56bf1e7c62408c953aaf32234aef0b308
SHA1ba950b159c1bd7685e28f244b039161cf1dfc553
SHA256840a868115e266d128df6d27a19741af87119c17bb94fe9958920d208426c0fa
SHA51274c8b07e7fc8be177c9043674228e9c320f0478744d5f89aaf0e324394735d03cdb1b559347344dfcdf7ebaeb836ffa08ac99ad4b9dba19775d5a8a249b57e9b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751Filesize
192B
MD58e5e34d2462d4e3239d73b254b2770de
SHA136ea38c0923970a5e545209971ebf4286830bc4a
SHA256db789e32f14ae1c9e80d98743707a3dac49c7cf5efb04cf7aaefe7cae251b109
SHA5126a8c7766ef1a466fb40c1289ffc5613b4d1af7e3de02d2ba4f216b3203a85642a898af5143a69e881c6fadca5d1d92cdd7c594949226919de32fd2fffb98beb3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
434B
MD544a1dbf3e399afb0ef958e7843852e25
SHA15ebec4f3f463f94352001185117d7bb3e9a302af
SHA25684642c2e348f3224500acc3f57f6361976804eee9b1b075ea28fbad599aee4c6
SHA5128732c155c48ea938e63a35d6789203d2414f2e3f7f42e9a1b484d44e09f656f0f87d34b6b1bd98a952eefde70a7b404bf9c79360cf11ca51a51af9d2a9e8eb89
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B51E43CFAD754DADACE0C97929790E28Filesize
548B
MD5076ee228d0b44ca64854f17ad933ca8f
SHA1617058a1697dac66062a421d89d628fb2cbb095c
SHA25696f84a89f47499ae1a6099038862363c63e4fbf73f96685ecd6a0bc2a2c6338e
SHA5123e02379bf39bc963abe67c473039176076ed45414f6719ceeccbab7b8eb87beaf8adc672885393e7c41a7aa8b031d5ddcffefc300f1a3791f91081da239dc6f4
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dqptnfu\imagestore.datFilesize
1KB
MD5817f703ec7605e6305586e78d47ca5ee
SHA18dbed31220b90cd3eaaec480d97c013eff650113
SHA256a96b8914a461a3c74873c746ad872fbc6eea20b9f162151bc71f83ab4cc19315
SHA512f06ad1ae958b428ba4a2c9f9a450a45c819ad529d90b5985e8bb88468a6df7601203f080b4b882fdfed010b7b9de02eec63207735ea8ad41dd2804d619ac43e3
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\CachesMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\26HZJLHZ\page_downloads_v2[1].cssFilesize
14KB
MD5bf5b676f75dfaa966ace10d50338ca39
SHA1c9bebe6206d4d4ca4971474007ff2235267f9ec9
SHA256381cecfd70743b074abecb68edda89fa89c7e78fcc0f0a588d3a2d560cb75741
SHA5124fd4f638ff1fbf379037eac44826502bd329ae61592963bcd449fd0c579b9b7d9aad1660d2aa809e44ad68392baf57e82dbcaa384dda49cbfe15b747b4dcb3d9
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G3YCTSQY\rollup-marketing-cms[1].cssFilesize
915KB
MD5fe9ffecd2f246efc0c22c094eb68b17a
SHA1f6654c1ec4c60faeb2c35117be4fd3dbc7913798
SHA25641c161b318f275c09d2b616f823c25dca9af8ebc22619552003646d499a69e4d
SHA51289304eb063811d47adaa304366769521a48a4ccebf995c9ac5e27e22de35c8a83f17457e7f1b2548f8b086dfb52a770054d01028f6eea81fbf47758909a3ea59
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G3YCTSQY\rollup-spacesuit[1].cssFilesize
888KB
MD559f56ef2142fe7754850eae25bd34ae0
SHA1f7005f8fe4f1ed1ea45b2bdb0c4d0e7bb2a07ec6
SHA25670f15d24eca200931fcb212262635a2df73f2b185ef6a3f8d5f39de1bb2dc27b
SHA512f64cd4418b8e36085ca4352134f0808e58347b7d79cb434b210838b07a4011e42ee3da2d4c08ab3d7884607d8db7aa51790979678f520bf0d5dc6b71df01fef0
-
\??\pipe\crashpad_4484_JKSJNTTZGMZRIBEYMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e