Resubmissions
24-01-2023 13:38
230124-qxj11aca35 1023-01-2023 11:18
230123-nea92aef6t 1020-01-2023 10:30
230120-mjt29sae42 10Analysis
-
max time kernel
559s -
max time network
507s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-01-2023 11:18
Behavioral task
behavioral1
Sample
8e01ecf9d804454f34eeceb0f7793f4884be8868886a646526419fc2e2bbb648.dll
Resource
win7-20220901-en
windows7-x64
2 signatures
600 seconds
Behavioral task
behavioral2
Sample
8e01ecf9d804454f34eeceb0f7793f4884be8868886a646526419fc2e2bbb648.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
7 signatures
600 seconds
General
-
Target
8e01ecf9d804454f34eeceb0f7793f4884be8868886a646526419fc2e2bbb648.dll
-
Size
2.1MB
-
MD5
613daed6d9b8406602f11019ba28d779
-
SHA1
a1b095d26ce2540de0f7b186000b498f39e7d69b
-
SHA256
8e01ecf9d804454f34eeceb0f7793f4884be8868886a646526419fc2e2bbb648
-
SHA512
ef8749a347c2c2d40b9b611897409941940e4c1256f8f87914dc851a2323d83c257909544449d6b1d8d19e44bfd5634917b646100759a6f88deac9dc925608b8
-
SSDEEP
49152:UK9imiZQ5V0i3fmpM/iP6dzvnN3YVuMtG:UK9dNXupMjN
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4904 4456 WerFault.exe 81 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4736 chrome.exe 4736 chrome.exe 4228 chrome.exe 4228 chrome.exe 4240 chrome.exe 4240 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe 4228 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4664 wrote to memory of 4456 4664 regsvr32.exe 81 PID 4664 wrote to memory of 4456 4664 regsvr32.exe 81 PID 4664 wrote to memory of 4456 4664 regsvr32.exe 81 PID 4228 wrote to memory of 3608 4228 chrome.exe 94 PID 4228 wrote to memory of 3608 4228 chrome.exe 94 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 2204 4228 chrome.exe 97 PID 4228 wrote to memory of 4736 4228 chrome.exe 98 PID 4228 wrote to memory of 4736 4228 chrome.exe 98 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99 PID 4228 wrote to memory of 3420 4228 chrome.exe 99
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\8e01ecf9d804454f34eeceb0f7793f4884be8868886a646526419fc2e2bbb648.dll1⤵
- Suspicious use of WriteProcessMemory
PID:4664 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\8e01ecf9d804454f34eeceb0f7793f4884be8868886a646526419fc2e2bbb648.dll2⤵PID:4456
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 6843⤵
- Program crash
PID:4904
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4456 -ip 44561⤵PID:5000
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4228 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffab2f24f50,0x7ffab2f24f60,0x7ffab2f24f702⤵PID:3608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1656,13257860883236092510,2996284293113828961,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1672 /prefetch:22⤵PID:2204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1656,13257860883236092510,2996284293113828961,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2028 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1656,13257860883236092510,2996284293113828961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2308 /prefetch:82⤵PID:3420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1656,13257860883236092510,2996284293113828961,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:12⤵PID:3476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1656,13257860883236092510,2996284293113828961,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1656,13257860883236092510,2996284293113828961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:12⤵PID:4124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1656,13257860883236092510,2996284293113828961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4500 /prefetch:82⤵PID:4920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1656,13257860883236092510,2996284293113828961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4556 /prefetch:82⤵PID:4904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1656,13257860883236092510,2996284293113828961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4780 /prefetch:82⤵PID:2480
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1656,13257860883236092510,2996284293113828961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4240
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2884