Overview

overview

7

Static

static

winprofile

windows7-x64

7

winprofile

windows10-1703-x64

7

Analysis

  • max time kernel
    156s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 04:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c7f63cfde7f4ab54c8057ab0674c5e039869b07a33191bd4edad43e5476a8598.exe

  • Size

    1.4MB

  • MD5

    bcd3feac8bf61e44217b1a3d34375100

  • SHA1

    f9f53b2d1a17cb064c976fd66eec8937b2f88dec

  • SHA256

    c7f63cfde7f4ab54c8057ab0674c5e039869b07a33191bd4edad43e5476a8598

  • SHA512

    ea07b8a23b96e534c2c634d415251d2829bdcf6420835e0f8d311c14a77853370121a1c201a00e06ce2db3d838d97830f04292c59dc5ceb0d38c2d50e0222f6b

  • SSDEEP

    24576:TrYqrk6ddiMV5vw9Yxy4b0+bDWtWd5H8cQcS7hKvhAAbpQh04+bnWc:Trhk6XB5w9Z4b0WDW8Bxm7h0AAbLWc

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7f63cfde7f4ab54c8057ab0674c5e039869b07a33191bd4edad43e5476a8598.exe
    "C:\Users\Admin\AppData\Local\Temp\c7f63cfde7f4ab54c8057ab0674c5e039869b07a33191bd4edad43e5476a8598.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\system32\explorer.exe"
      2⤵
      • Deletes itself
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:240
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:936
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefa934f50,0x7fefa934f60,0x7fefa934f70
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1240
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1140,6728712110245756968,13113787180232030721,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1152 /prefetch:2
          4⤵
            PID:1012
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1140,6728712110245756968,13113787180232030721,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1456 /prefetch:8
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:564
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1140,6728712110245756968,13113787180232030721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1660 /prefetch:8
            4⤵
              PID:1228
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,6728712110245756968,13113787180232030721,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
              4⤵
                PID:432
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,6728712110245756968,13113787180232030721,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
                4⤵
                  PID:1908

          Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                  Filesize

                  40B

                  MD5

                  bc5979639000670774254dc36b056fa1

                  SHA1

                  afc397d27f0c416e37ac4c970099acaab24289b0

                  SHA256

                  88f00296b2d8dd96b3e5dcf6dfb65bfa338ba5e3cc94b538f8bbc60fc63de78c

                  SHA512

                  6c8f82a2267e912d339ac9bce12db6b22c5e827f9288264021504121b6c2ada8fa816541f1f6ecb0f291affff3b30a1b0097dbd92408cc77a375d4a2a345316e

                  Download Submit

                • memory/240-61-0x0000000074111000-0x0000000074113000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/240-63-0x0000000000080000-0x0000000000097000-memory.dmp

                  Filesize

                  92KB

                  Download

                • memory/240-65-0x0000000000080000-0x0000000000097000-memory.dmp

                  Filesize

                  92KB

                  Download

                • memory/1960-54-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/1960-55-0x0000000000400000-0x00000000006E1000-memory.dmp

                  Filesize

                  2.9MB

                  Download

                • memory/1960-56-0x0000000000400000-0x00000000006E1000-memory.dmp

                  Filesize

                  2.9MB

                  Download

                • memory/1960-59-0x0000000000400000-0x00000000006E1000-memory.dmp

                  Filesize

                  2.9MB

                  Download

                • memory/1960-60-0x0000000000760000-0x0000000000782000-memory.dmp

                  Filesize

                  136KB

                  Download