Analysis
-
max time kernel
145s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
30/12/2022, 20:30
General
-
Target
https://pnrtscr.com/fep8be
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 41 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 35 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://pnrtscr.com/fep8be1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1380 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0xc81⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6124f50,0x7fef6124f60,0x7fef6124f702⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1080 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1320 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1788 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3276 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3352 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3584 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3596 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3588 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3848 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3892 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3876 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=672 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4108 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3912 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4000 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4076 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1068,10417351166968263447,6399404880337503687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4232 /prefetch:82⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ad41b8165b649a43a7c7e47731489074
SHA1d51dd8535af452fcf95f8f5d7dbd72c145185c35
SHA2561e4cc6331316f05ea927881de7cc1a1e8766bc280b617ccf9b147a94b169f176
SHA5129929dba6dee2b9f23670aa61e19c8247a38cc50f81c6458c7596a39e568f84d4b2b3756c541e8ced031877cc4d8cc706db11c1bdfaa9bec11ba1e85c846282a6
-
Filesize
471B
MD5756c77d7d577e0260b6e1ffc3522e77a
SHA12b7e2dd5b3df6768d0d7d20d67988ac60dc28234
SHA2561d1598a7f732980f6376fbadd56d71b4497454939a7b9e784adaa9c3f91883d4
SHA5124412160c9e16d86d576289fe07142c21b732c990103bbe84073795576cbdeb4e950cf64902f9445d9ec38e09b8e2720772658587b59d3ca13a8e7cb2ce6c015b
-
Filesize
472B
MD5069c09a74c8f7ae8409e60844b2cf07d
SHA16ce866430b7e0b579378a7f10c1dbbd45ec95cdf
SHA25612bfafd537a26be5b4fe158a347c0e59477be02a9440c0e67b66fc81fe9b96a9
SHA512e68e8545c4c2d47a0f40d483d53931659b9d2062975ead5f0cbf2467aa6bdc9694c72a2ac960be7319f362706d84715a5cb07e4b84afcfb6dc2a001196decbde
-
Filesize
724B
MD5f569e1d183b84e8078dc456192127536
SHA130c537463eed902925300dd07a87d820a713753f
SHA256287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413
SHA51249553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012
-
Filesize
410B
MD5ae3db5baea9784bdc794251b70723e62
SHA1b0e5277d55b9a216bcc05822ebc2988b96ec02f5
SHA25654a7b1b7a38a4d7eeb8c0bee53f354d9aacd3ef868aba77f4453a4b8a541d6a1
SHA5122683c1f98e3c46c44335aa232136bcd88ebaa097fbd9025c447289ece170b6c63910b1d8a949eafa776ca978af310cc6584d7f0fce29ebbc587aeb2a678cb280
-
Filesize
410B
MD5530069cef49b0323b2a6b1bb0381c63a
SHA16a42d13f167435e4c99a8bc5aa898ecdf8445b48
SHA256113f781ef241b4e2f103bdcc2bb4a853b2600463310801fd0598e4ff1d0ff8b4
SHA5127420b531ace68178db74816e15e35ed00dfc59dc0e04a4bbb79a42b1f8cdf8922188e94de9c7589e5973a7c71dddf2836ff4a13ac713fc0aab921b87980e1d90
-
Filesize
344B
MD596b79a6e515a19ffb2695cf7b2ea464a
SHA19dc827ffca074562bc7b39001d990a679ffb2539
SHA256b0b7d2c776fe3ef77b93a290628216a0cbb50abb781de6996632460df5da9724
SHA512fa6fac37f75b7b5cfed89293de670702a218bf399a659c9b97a3295a28482d7136d8afff88c0a761a5308b66fd45898a75dcf59524b2bc717561dd802d7f46bf
-
Filesize
402B
MD5643fa4262ea04e632b1bcff3c7f30ec0
SHA1e35a1d20faef90c512fc056f5effb2cd3b6b118b
SHA25689f7c56ebccbb22ed530ef79983339ca7540b27d8b307bdb9ce38a37dc34965d
SHA512186d89748fdc9fa030241641fa2ca6aa542c18d708cfb0375c53cd840f536464640042fabc0ac30840f354a0927454405a175d5f267dfcfa60d977d3bbef38e4
-
Filesize
392B
MD5cf269f10e54ccae61436f423201e64d6
SHA11d3d97428b1041f2ed6744b57a081db4fbba3b45
SHA25649e9122458ac2912c15846cff5b22b0bda4d218918a11ffd99644bc7619bd41b
SHA512397a5547217a550f7d23689ab7eb51e9597886eaad928621592c1ca3c378092048a174602d47563521f3ec0c26894ba8cd88bf5479322f668bc12975d4234a7b
-
Filesize
608B
MD5d13458067b8babff5f09df5f1e25511d
SHA1ab5a16875952d90408e6533a9138481b9a6c2780
SHA25629503bda319136e981281c869fc1d83bc0e10c3ba8a52083e4aea801d97c7255
SHA512d5a9ea825774a1759f748ca632a3f55f6cec9fae91d94acc567b6f08384b59ee3253dd588d355f5420c0054ce2f1c488271f68a98e78aff98faf71ebe241c91c