Overview
overview
1Static
static
TGXV4 - Li...er.zip
windows7-x64
1TGXV4 - Li...er.zip
windows10-2004-x64
1.. /run_ca.bat
windows7-x64
1.. /run_ca.bat
windows10-2004-x64
1.. /run_de.bat
windows7-x64
1.. /run_de.bat
windows10-2004-x64
1.. /run_en.bat
windows7-x64
1.. /run_en.bat
windows10-2004-x64
1.. /run_es.bat
windows7-x64
1.. /run_es.bat
windows10-2004-x64
1.. /run_gb.bat
windows7-x64
1.. /run_gb.bat
windows10-2004-x64
1.. /run_it.bat
windows7-x64
1.. /run_it.bat
windows10-2004-x64
1.. /run_ko.bat
windows7-x64
1.. /run_ko.bat
windows10-2004-x64
1.. /run_no.bat
windows7-x64
1.. /run_no.bat
windows10-2004-x64
1.. /run_pt.bat
windows7-x64
1.. /run_pt.bat
windows10-2004-x64
1.. /run_ru.bat
windows7-x64
1.. /run_ru.bat
windows10-2004-x64
1Analysis
-
max time kernel
74s -
max time network
73s -
platform
windows7_x64 -
resource
win7-20220901-es -
resource tags
arch:x64arch:x86image:win7-20220901-eslocale:es-esos:windows7-x64systemwindows -
submitted
27/12/2022, 22:48
Static task
static1
Behavioral task
behavioral1
Sample
TGXV4 - Linkvertise Downloader.zip
Resource
win7-20220901-es
windows7-x64
Behavioral task
behavioral2
Sample
TGXV4 - Linkvertise Downloader.zip
Resource
win10v2004-20220812-es
windows10-2004-x64
Behavioral task
behavioral3
Sample
.. /run_ca.bat
Resource
win7-20220812-es
windows7-x64
Behavioral task
behavioral4
Sample
.. /run_ca.bat
Resource
win10v2004-20220812-es
windows10-2004-x64
Behavioral task
behavioral5
Sample
.. /run_de.bat
Resource
win7-20220812-es
windows7-x64
Behavioral task
behavioral6
Sample
.. /run_de.bat
Resource
win10v2004-20220812-es
windows10-2004-x64
Behavioral task
behavioral7
Sample
.. /run_en.bat
Resource
win7-20220901-es
windows7-x64
Behavioral task
behavioral8
Sample
.. /run_en.bat
Resource
win10v2004-20220812-es
windows10-2004-x64
Behavioral task
behavioral9
Sample
.. /run_es.bat
Resource
win7-20220812-es
windows7-x64
Behavioral task
behavioral10
Sample
.. /run_es.bat
Resource
win10v2004-20221111-es
windows10-2004-x64
Behavioral task
behavioral11
Sample
.. /run_gb.bat
Resource
win7-20220901-es
windows7-x64
Behavioral task
behavioral12
Sample
.. /run_gb.bat
Resource
win10v2004-20221111-es
windows10-2004-x64
Behavioral task
behavioral13
Sample
.. /run_it.bat
Resource
win7-20220812-es
windows7-x64
Behavioral task
behavioral14
Sample
.. /run_it.bat
Resource
win10v2004-20221111-es
windows10-2004-x64
Behavioral task
behavioral15
Sample
.. /run_ko.bat
Resource
win7-20221111-es
windows7-x64
Behavioral task
behavioral16
Sample
.. /run_ko.bat
Resource
win10v2004-20220812-es
windows10-2004-x64
Behavioral task
behavioral17
Sample
.. /run_no.bat
Resource
win7-20220812-es
windows7-x64
Behavioral task
behavioral18
Sample
.. /run_no.bat
Resource
win10v2004-20220812-es
windows10-2004-x64
Behavioral task
behavioral19
Sample
.. /run_pt.bat
Resource
win7-20220901-es
windows7-x64
Behavioral task
behavioral20
Sample
.. /run_pt.bat
Resource
win10v2004-20221111-es
windows10-2004-x64
Behavioral task
behavioral21
Sample
.. /run_ru.bat
Resource
win7-20221111-es
windows7-x64
Behavioral task
behavioral22
Sample
.. /run_ru.bat
Resource
win10v2004-20220812-es
windows10-2004-x64
General
-
Target
TGXV4 - Linkvertise Downloader.zip
-
Size
2.0MB
-
MD5
b5988317a67067ec6a218537a8b645b8
-
SHA1
7686913636a3df2e2b6625175ff1c622e8b8d934
-
SHA256
da8f2f52b3326e82b282648b0645c895b3ae5269cbedf0f6602da4e5c9e2e33c
-
SHA512
8c205cb182872aef30883d8f77781fce3860bac56c128773091a32042991d70b6c05ab273c0b3854becdd59f5c15bbe2f73e4a9f92b466de0167849ef1915253
-
SSDEEP
49152:dd/K7BevLhNCLvKOFICf+kvVsLyO8lo4miEK:ddiVeThN2vFx+0Vse7hmtK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 1732 chrome.exe 340 chrome.exe 340 chrome.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 1400 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1400 AUDIODG.EXE Token: 33 1400 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1400 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe 340 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 340 wrote to memory of 1176 340 chrome.exe 31 PID 340 wrote to memory of 1176 340 chrome.exe 31 PID 340 wrote to memory of 1176 340 chrome.exe 31 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1308 340 chrome.exe 32 PID 340 wrote to memory of 1732 340 chrome.exe 33 PID 340 wrote to memory of 1732 340 chrome.exe 33 PID 340 wrote to memory of 1732 340 chrome.exe 33 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34 PID 340 wrote to memory of 1736 340 chrome.exe 34
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\TGXV4 - Linkvertise Downloader.zip"1⤵PID:1360
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1856
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5141⤵
- Suspicious use of AdjustPrivilegeToken
PID:1400
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:340 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef53b4f50,0x7fef53b4f60,0x7fef53b4f702⤵PID:1176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1112,8223528507467186985,5096360151227022203,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1120 /prefetch:22⤵PID:1308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1112,8223528507467186985,5096360151227022203,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1276 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1112,8223528507467186985,5096360151227022203,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1840 /prefetch:82⤵PID:1736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1112,8223528507467186985,5096360151227022203,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:12⤵PID:1360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1112,8223528507467186985,5096360151227022203,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:12⤵PID:1600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1112,8223528507467186985,5096360151227022203,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1112,8223528507467186985,5096360151227022203,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3320 /prefetch:22⤵PID:976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1112,8223528507467186985,5096360151227022203,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵PID:968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1112,8223528507467186985,5096360151227022203,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3500 /prefetch:82⤵PID:2060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1112,8223528507467186985,5096360151227022203,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3600 /prefetch:82⤵PID:2116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1112,8223528507467186985,5096360151227022203,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3720 /prefetch:82⤵PID:2156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1112,8223528507467186985,5096360151227022203,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3812 /prefetch:82⤵PID:2192
-