Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
31-01-2023 15:01
General
-
Target
8e0a2bc6b7cb6a2531569d25e0708df76f0ea8a2cd52bc8ab3b090e08fed319b.exe
-
Size
720KB
-
MD5
fbdd33cf51fe4113000a7fc14908b56d
-
SHA1
ceaf739f285eabea68567e2df0288406b3e99138
-
SHA256
8e0a2bc6b7cb6a2531569d25e0708df76f0ea8a2cd52bc8ab3b090e08fed319b
-
SHA512
f51d77cd871e69db2c082cff560fed3049b70797f862f56651cf165a34329f26257050b80417770cd6e070f2559ef976e35d324380a4f8ab1da42eca538d310b
-
SSDEEP
12288:aAkzqQTJ0C2Yk46NAF75VeLXoM52eVDOvvXx1I5y1wWEQnEC:aAcJ0C2Yk46NsV9M5TV0v2y1R1
Score
4/10
Malware Config
Signatures
-
Drops file in Program Files directory 10 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8e0a2bc6b7cb6a2531569d25e0708df76f0ea8a2cd52bc8ab3b090e08fed319b.exe"C:\Users\Admin\AppData\Local\Temp\8e0a2bc6b7cb6a2531569d25e0708df76f0ea8a2cd52bc8ab3b090e08fed319b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exeC:/Program Files/Google/Chrome/Application/chrome.exe -autoplay-policy=no-user-gesture-required -disable-notifications -mute-audio -headless -remote-debugging-port=9222 -user-data-dir="C:/Users/Admin/AppData/Local/Google/Chrome/User Data" http://79.137.206.2022⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa12024f50,0x7ffa12024f60,0x7ffa12024f703⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1360,2357888636554877190,9581510339840496422,131072 --headless --headless --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1356 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1360,2357888636554877190,9581510339840496422,131072 --lang=en-US --service-sandbox-type=network --use-gl=swiftshader-webgl --mute-audio --headless --mojo-platform-channel-handle=1652 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9222 --allow-pre-commit-input --field-trial-handle=1360,2357888636554877190,9581510339840496422,131072 --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1880 /prefetch:13⤵
- Drops file in Program Files directory
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9222 --allow-pre-commit-input --field-trial-handle=1360,2357888636554877190,9581510339840496422,131072 --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2064 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9222 --allow-pre-commit-input --field-trial-handle=1360,2357888636554877190,9581510339840496422,131072 --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2200 /prefetch:13⤵
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exeC:/Program Files/Google/Chrome/Application/chrome.exe -autoplay-policy=no-user-gesture-required -disable-notifications -mute-audio -headless -remote-debugging-port=9223 -user-data-dir="C:/Users/Admin/AppData/Local/Google/Chrome/User Data" http://www.youtube.com2⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffa12024f50,0x7ffa12024f60,0x7ffa12024f703⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1336,12916186405238792531,7352415235568476435,131072 --headless --headless --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1348 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1336,12916186405238792531,7352415235568476435,131072 --lang=en-US --service-sandbox-type=network --use-gl=swiftshader-webgl --mute-audio --headless --mojo-platform-channel-handle=1628 /prefetch:83⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9223 --allow-pre-commit-input --field-trial-handle=1336,12916186405238792531,7352415235568476435,131072 --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1848 /prefetch:13⤵
- Drops file in Program Files directory
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9223 --allow-pre-commit-input --field-trial-handle=1336,12916186405238792531,7352415235568476435,131072 --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=1856 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9223 --allow-pre-commit-input --field-trial-handle=1336,12916186405238792531,7352415235568476435,131072 --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=1904 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1336,12916186405238792531,7352415235568476435,131072 --lang=en-US --service-sandbox-type=audio --use-gl=swiftshader-webgl --mute-audio --headless --mojo-platform-channel-handle=2904 /prefetch:83⤵
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exeC:/Program Files/Google/Chrome/Application/chrome.exe -autoplay-policy=no-user-gesture-required -disable-notifications -mute-audio -headless -remote-debugging-port=9224 -incognito https://www.youtube.com/watch?v=BzoSRS49f682⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa12024f50,0x7ffa12024f60,0x7ffa12024f703⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,7137231674157582019,3930516264827660409,131072 --lang=en-US --service-sandbox-type=network --use-gl=swiftshader-webgl --mute-audio --headless --mojo-platform-channel-handle=1556 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1520,7137231674157582019,3930516264827660409,131072 --headless --headless --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1528 /prefetch:23⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9224 --allow-pre-commit-input --field-trial-handle=1520,7137231674157582019,3930516264827660409,131072 --disable-databases --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=1848 /prefetch:13⤵
- Drops file in Program Files directory
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9224 --allow-pre-commit-input --field-trial-handle=1520,7137231674157582019,3930516264827660409,131072 --disable-databases --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=1716 /prefetch:13⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9224 --allow-pre-commit-input --field-trial-handle=1520,7137231674157582019,3930516264827660409,131072 --disable-databases --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1696 /prefetch:13⤵
- Drops file in Program Files directory
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1520,7137231674157582019,3930516264827660409,131072 --lang=en-US --service-sandbox-type=audio --use-gl=swiftshader-webgl --mute-audio --headless --mojo-platform-channel-handle=2712 /prefetch:83⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x510 0x50c1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD5a3a937930c5b01ecd542f094135aa0a4
SHA179234b7656f2a562129f98b27bc0762dc867d7fa
SHA256985145fe40ae859f59ca7f31f100fe1a194f21810f50f5fd26c4c73c25b03ff9
SHA5127fa94881f580973ffe4c6b67b811d47e7c104681b1fb8b36c6754ca0d29e731e89c252a9ea62e1888edf2eb3ffc8aa9f6462ed78f61c9683ddbe0d3f50f7ca41
-
Filesize
40B
MD5a3a937930c5b01ecd542f094135aa0a4
SHA179234b7656f2a562129f98b27bc0762dc867d7fa
SHA256985145fe40ae859f59ca7f31f100fe1a194f21810f50f5fd26c4c73c25b03ff9
SHA5127fa94881f580973ffe4c6b67b811d47e7c104681b1fb8b36c6754ca0d29e731e89c252a9ea62e1888edf2eb3ffc8aa9f6462ed78f61c9683ddbe0d3f50f7ca41
-
Filesize
59B
MD526a9b0602610077e28328d1ba547f397
SHA1371ce879675b46edb9737209e92d9d7224503773
SHA25604b245c3808cbb9183fc87b7b15a2d90bc6dd6d7948b45b963a6b8f0a59c1952
SHA51232f604c0bf7bfa6465da76300ea0d2caea45fa72f3517976e3749edb3093efc61649cd2fcc421e82a130a444609bf6160c5e605ab8f39e86efa045691f7feec6