3d1e3cae10cd2c72b134fe2348da5368e095ff4663c929ad2a96cf26f9ab8f58

Analysis

max time kernel
3s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
07-03-2023 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

102825.WGBT4D3S9ITG8KF842I.html
Size

6KB
MD5

19e857e04020e37ded67bad5e037a7ad
SHA1

a85702b49605bebf327a382032980a2ec9e9f96c
SHA256

3d1e3cae10cd2c72b134fe2348da5368e095ff4663c929ad2a96cf26f9ab8f58
SHA512

ccf52506865ca55b70233a28f9179a1b98b344a0d63f30f8ef4e0a2559e7b82ee2e3219685b45a99fbcb29acf0408ccaaaf788c2376cbf421bf62037c9c2c358
SSDEEP

192:Ek+0TTZ0ZTAL++pEdULXzzhAL2LHTiuOrr3YrMDi:7TdOTj+4L4HT2vFi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 1104	1136	chrome.exe	28
PID 1136 wrote to memory of 1104	1136	chrome.exe	28
PID 1136 wrote to memory of 1104	1136	chrome.exe	28
PID 1136 wrote to memory of 1500	1136	chrome.exe	30
PID 1136 wrote to memory of 1500	1136	chrome.exe	30
PID 1136 wrote to memory of 1500	1136	chrome.exe	30
PID 1136 wrote to memory of 1500	1136	chrome.exe	30
PID 1136 wrote to memory of 1500	1136	chrome.exe	30
PID 1136 wrote to memory of 1500	1136	chrome.exe	30

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\102825.WGBT4D3S9ITG8KF842I.html
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ca9758,0x7fef6ca9768,0x7fef6ca9778
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1172,i,1573807085156984458,6426598464289089852,131072 /prefetch:2
  2⤵
  PID:1500

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1636

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
89b4b7e199db686376863cd4e356e1a7

SHA1
09396d97633c888f921ca1f803cfa8a549c2a23b

SHA256
61aa97ca12c6a0be71d1b2f50780824f397477126e85bb1646a4a8e6524cdcaa

SHA512
49603f6976bbd58aa03aec1f9daf6adb4c7d2fd4fc943e1aaafc252653cf9a5ae920a549fd7b2d0c9aa0854d31de7f524a611a3480f4d822dc49a15100f53ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
memory/1500-56-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download