Analysis
-
max time kernel
187s -
max time network
190s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 19:35
Static task
static1
Behavioral task
behavioral1
Sample
88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exe
Resource
win10v2004-20220812-en
General
-
Target
88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exe
-
Size
685KB
-
MD5
381d233126462a31d4ef95f0c9a16f32
-
SHA1
e2caacbe2a32abbb99a494672a01416c39e24d22
-
SHA256
88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e
-
SHA512
70b21747e17b8f041238849a70360c301b16822bcd12bfa0345573c6f7167d8c29481b12bd21cd2c3d3ea1036ca05931bcbdb4013b0807f35b86ae04aef43d3b
-
SSDEEP
12288:zNIQAPGsAqY9IMVYd38sJdpQHlGlY8KfTJI6Hjr6Fj7b/l9TXQCa:UPGSY91VwNJcFMqT2Wri7bdVXla
Malware Config
Signatures
-
Processes:
Chromium.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Chromium.exe -
Executes dropped EXE 1 IoCs
Processes:
Chromium.exepid process 1436 Chromium.exe -
Loads dropped DLL 1 IoCs
Processes:
88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exepid process 960 88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exe -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
Chromium.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run Chromium.exe Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\Google Chromium = "\"C:\\Users\\Admin\\AppData\\Roaming\\Chromium.exe\"" Chromium.exe -
Processes:
Chromium.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Chromium.exe -
Suspicious behavior: EnumeratesProcesses 43 IoCs
Processes:
Chromium.exepid process 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe 1436 Chromium.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exeChromium.exepid process 960 88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exe 960 88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exe 1436 Chromium.exe 1436 Chromium.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exedescription pid process target process PID 960 wrote to memory of 1436 960 88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exe Chromium.exe PID 960 wrote to memory of 1436 960 88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exe Chromium.exe PID 960 wrote to memory of 1436 960 88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exe Chromium.exe PID 960 wrote to memory of 1436 960 88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exe Chromium.exe -
System policy modification 1 TTPs 2 IoCs
Processes:
Chromium.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Chromium.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" Chromium.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exe"C:\Users\Admin\AppData\Local\Temp\88a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:960 -
C:\Users\Admin\AppData\Roaming\Chromium.exeC:\Users\Admin\AppData\Roaming\Chromium.exe2⤵
- UAC bypass
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1436
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Chromium.exeFilesize
685KB
MD5381d233126462a31d4ef95f0c9a16f32
SHA1e2caacbe2a32abbb99a494672a01416c39e24d22
SHA25688a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e
SHA51270b21747e17b8f041238849a70360c301b16822bcd12bfa0345573c6f7167d8c29481b12bd21cd2c3d3ea1036ca05931bcbdb4013b0807f35b86ae04aef43d3b
-
C:\Users\Admin\AppData\Roaming\Chromium.exeFilesize
685KB
MD5381d233126462a31d4ef95f0c9a16f32
SHA1e2caacbe2a32abbb99a494672a01416c39e24d22
SHA25688a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e
SHA51270b21747e17b8f041238849a70360c301b16822bcd12bfa0345573c6f7167d8c29481b12bd21cd2c3d3ea1036ca05931bcbdb4013b0807f35b86ae04aef43d3b
-
\Users\Admin\AppData\Roaming\Chromium.exeFilesize
685KB
MD5381d233126462a31d4ef95f0c9a16f32
SHA1e2caacbe2a32abbb99a494672a01416c39e24d22
SHA25688a022c1e21bf8233d7fefe56cf1170cba797efddcb71e081165ce5a0eeda35e
SHA51270b21747e17b8f041238849a70360c301b16822bcd12bfa0345573c6f7167d8c29481b12bd21cd2c3d3ea1036ca05931bcbdb4013b0807f35b86ae04aef43d3b
-
memory/960-54-0x0000000076091000-0x0000000076093000-memory.dmpFilesize
8KB
-
memory/1436-56-0x0000000000000000-mapping.dmp