Overview

overview

4

Static

static

8e0a2bc6b7...9b.exe

windows7-x64

3

8e0a2bc6b7...9b.exe

windows10-2004-x64

4

Resubmissions

31-01-2023 15:01

230131-sdvphagg88 4

31-01-2023 09:27

230131-lezarafg93 4

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-01-2023 15:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e0a2bc6b7cb6a2531569d25e0708df76f0ea8a2cd52bc8ab3b090e08fed319b.exe

  • Size

    720KB

  • MD5

    fbdd33cf51fe4113000a7fc14908b56d

  • SHA1

    ceaf739f285eabea68567e2df0288406b3e99138

  • SHA256

    8e0a2bc6b7cb6a2531569d25e0708df76f0ea8a2cd52bc8ab3b090e08fed319b

  • SHA512

    f51d77cd871e69db2c082cff560fed3049b70797f862f56651cf165a34329f26257050b80417770cd6e070f2559ef976e35d324380a4f8ab1da42eca538d310b

  • SSDEEP

    12288:aAkzqQTJ0C2Yk46NAF75VeLXoM52eVDOvvXx1I5y1wWEQnEC:aAcJ0C2Yk46NsV9M5TV0v2y1R1

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e0a2bc6b7cb6a2531569d25e0708df76f0ea8a2cd52bc8ab3b090e08fed319b.exe
    "C:\Users\Admin\AppData\Local\Temp\8e0a2bc6b7cb6a2531569d25e0708df76f0ea8a2cd52bc8ab3b090e08fed319b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4268
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      C:/Program Files/Google/Chrome/Application/chrome.exe -autoplay-policy=no-user-gesture-required -disable-notifications -mute-audio -headless -remote-debugging-port=9222 -user-data-dir="C:/Users/Admin/AppData/Local/Google/Chrome/User Data" http://79.137.206.202
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4212
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa12024f50,0x7ffa12024f60,0x7ffa12024f70
        3⤵
          PID:1632
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1360,2357888636554877190,9581510339840496422,131072 --headless --headless --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1356 /prefetch:2
          3⤵
            PID:4840
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1360,2357888636554877190,9581510339840496422,131072 --lang=en-US --service-sandbox-type=network --use-gl=swiftshader-webgl --mute-audio --headless --mojo-platform-channel-handle=1652 /prefetch:8
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4824
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9222 --allow-pre-commit-input --field-trial-handle=1360,2357888636554877190,9581510339840496422,131072 --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1880 /prefetch:1
            3⤵
            • Drops file in Program Files directory
            PID:3864
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9222 --allow-pre-commit-input --field-trial-handle=1360,2357888636554877190,9581510339840496422,131072 --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2064 /prefetch:1
            3⤵
              PID:3428
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9222 --allow-pre-commit-input --field-trial-handle=1360,2357888636554877190,9581510339840496422,131072 --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2200 /prefetch:1
              3⤵
                PID:2548
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              C:/Program Files/Google/Chrome/Application/chrome.exe -autoplay-policy=no-user-gesture-required -disable-notifications -mute-audio -headless -remote-debugging-port=9223 -user-data-dir="C:/Users/Admin/AppData/Local/Google/Chrome/User Data" http://www.youtube.com
              2⤵
                PID:4180
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffa12024f50,0x7ffa12024f60,0x7ffa12024f70
                  3⤵
                    PID:2316
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1336,12916186405238792531,7352415235568476435,131072 --headless --headless --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1348 /prefetch:2
                    3⤵
                      PID:220
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1336,12916186405238792531,7352415235568476435,131072 --lang=en-US --service-sandbox-type=network --use-gl=swiftshader-webgl --mute-audio --headless --mojo-platform-channel-handle=1628 /prefetch:8
                      3⤵
                      • Drops file in Program Files directory
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2096
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9223 --allow-pre-commit-input --field-trial-handle=1336,12916186405238792531,7352415235568476435,131072 --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1848 /prefetch:1
                      3⤵
                      • Drops file in Program Files directory
                      PID:2104
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9223 --allow-pre-commit-input --field-trial-handle=1336,12916186405238792531,7352415235568476435,131072 --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=1856 /prefetch:1
                      3⤵
                        PID:760
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9223 --allow-pre-commit-input --field-trial-handle=1336,12916186405238792531,7352415235568476435,131072 --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=1904 /prefetch:1
                        3⤵
                          PID:3492
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1336,12916186405238792531,7352415235568476435,131072 --lang=en-US --service-sandbox-type=audio --use-gl=swiftshader-webgl --mute-audio --headless --mojo-platform-channel-handle=2904 /prefetch:8
                          3⤵
                            PID:2900
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          C:/Program Files/Google/Chrome/Application/chrome.exe -autoplay-policy=no-user-gesture-required -disable-notifications -mute-audio -headless -remote-debugging-port=9224 -incognito https://www.youtube.com/watch?v=BzoSRS49f68
                          2⤵
                          • Drops file in Program Files directory
                          PID:4620
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa12024f50,0x7ffa12024f60,0x7ffa12024f70
                            3⤵
                              PID:4140
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,7137231674157582019,3930516264827660409,131072 --lang=en-US --service-sandbox-type=network --use-gl=swiftshader-webgl --mute-audio --headless --mojo-platform-channel-handle=1556 /prefetch:8
                              3⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2256
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1520,7137231674157582019,3930516264827660409,131072 --headless --headless --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1528 /prefetch:2
                              3⤵
                                PID:628
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9224 --allow-pre-commit-input --field-trial-handle=1520,7137231674157582019,3930516264827660409,131072 --disable-databases --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=1848 /prefetch:1
                                3⤵
                                • Drops file in Program Files directory
                                PID:2264
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9224 --allow-pre-commit-input --field-trial-handle=1520,7137231674157582019,3930516264827660409,131072 --disable-databases --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=1716 /prefetch:1
                                3⤵
                                  PID:536
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-notifications --remote-debugging-port=9224 --allow-pre-commit-input --field-trial-handle=1520,7137231674157582019,3930516264827660409,131072 --disable-databases --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1696 /prefetch:1
                                  3⤵
                                  • Drops file in Program Files directory
                                  PID:4416
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1520,7137231674157582019,3930516264827660409,131072 --lang=en-US --service-sandbox-type=audio --use-gl=swiftshader-webgl --mute-audio --headless --mojo-platform-channel-handle=2712 /prefetch:8
                                  3⤵
                                    PID:3256
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3228
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4388
                                  • C:\Windows\system32\AUDIODG.EXE
                                    C:\Windows\system32\AUDIODG.EXE 0x510 0x50c
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:1360
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:1756

                                    Network

                                    MITRE ATT&CK Matrix

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                      Filesize

                                      40B

                                      MD5

                                      a3a937930c5b01ecd542f094135aa0a4

                                      SHA1

                                      79234b7656f2a562129f98b27bc0762dc867d7fa

                                      SHA256

                                      985145fe40ae859f59ca7f31f100fe1a194f21810f50f5fd26c4c73c25b03ff9

                                      SHA512

                                      7fa94881f580973ffe4c6b67b811d47e7c104681b1fb8b36c6754ca0d29e731e89c252a9ea62e1888edf2eb3ffc8aa9f6462ed78f61c9683ddbe0d3f50f7ca41

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                      Filesize

                                      40B

                                      MD5

                                      a3a937930c5b01ecd542f094135aa0a4

                                      SHA1

                                      79234b7656f2a562129f98b27bc0762dc867d7fa

                                      SHA256

                                      985145fe40ae859f59ca7f31f100fe1a194f21810f50f5fd26c4c73c25b03ff9

                                      SHA512

                                      7fa94881f580973ffe4c6b67b811d47e7c104681b1fb8b36c6754ca0d29e731e89c252a9ea62e1888edf2eb3ffc8aa9f6462ed78f61c9683ddbe0d3f50f7ca41

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\DevToolsActivePort
                                      Filesize

                                      59B

                                      MD5

                                      26a9b0602610077e28328d1ba547f397

                                      SHA1

                                      371ce879675b46edb9737209e92d9d7224503773

                                      SHA256

                                      04b245c3808cbb9183fc87b7b15a2d90bc6dd6d7948b45b963a6b8f0a59c1952

                                      SHA512

                                      32f604c0bf7bfa6465da76300ea0d2caea45fa72f3517976e3749edb3093efc61649cd2fcc421e82a130a444609bf6160c5e605ab8f39e86efa045691f7feec6

                                      Download Submit

                                    • \??\pipe\crashpad_4180_FMJDJNSWNWMHIOSB
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit

                                    • \??\pipe\crashpad_4212_TLEUPMPAKTUAQOBO
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit

                                    • \??\pipe\crashpad_4620_PVNAFLZGBZUVKARZ
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit