Analysis
-
max time kernel
66s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
15/03/2023, 15:35
General
-
Target
output.html
-
Size
18.8MB
-
MD5
cdf58232fa7aa92226eb316c666d9573
-
SHA1
158b73f16653443ac77fa0b4766b5e5b5468f9f5
-
SHA256
0c4175769e9f72c6cda21db3b63febed07327ac07473fde98b96893353fe4639
-
SHA512
891376fb8903fbbc3e6acfa2c91bd554a24f444d4c2777ef545f1511a0b768240d8ded8ccb248e5711fa001afcb6a5e7804de3b3279e0f944b4c042a7ed1b7bd
-
SSDEEP
768:/9+GsgAmA6mAcmj9cm9ml3rPIMW9K9w9UG+A7V0BA9A9FMzHmsX98FmAfE9M+Gmg:k
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies registry class 2 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 38 IoCs
-
Suspicious use of FindShellTrayWindow 31 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 15 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\output.html1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffec3929758,0x7ffec3929768,0x7ffec39297782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1704,i,1870414532738992192,10293900087391337977,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1704,i,1870414532738992192,10293900087391337977,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1704,i,1870414532738992192,10293900087391337977,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3152 --field-trial-handle=1704,i,1870414532738992192,10293900087391337977,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1704,i,1870414532738992192,10293900087391337977,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\output.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffec27746f8,0x7ffec2774708,0x7ffec27747182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15630576418454078876,6748415112684770959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15630576418454078876,6748415112684770959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,15630576418454078876,6748415112684770959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15630576418454078876,6748415112684770959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15630576418454078876,6748415112684770959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\output.html2⤵
- Opens file in notepad (likely ransom note)
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
145KB
MD52360f13a379b6f3845af80d1a6117e56
SHA1e062d932b829d5bd6f2359f67a62fbc0c52e254c
SHA2566424c7cc727e40c3af40e3352305610c96684258f2ec47b1544b61e15ad63fc9
SHA5123b115438415f5fb4efc67ae1afeaa21785b74687acc1049751aea7623181b4ddb1f61034b616d6b5dc03a56f27044cd9e865aaa6322fa9eeb582092e4ff37b31
-
Filesize
5KB
MD506a55732690d4ab05ce705f38146a1bc
SHA13297370f361bee36143efa6b619c5699ffb20b84
SHA2564976a741f5f212b5de70af8808fd97c1752754bce6bcb5a71fdfd2c8c1380e53
SHA5124ec3601106d87c6ebcbe111d9a0d6149ec7e828ae354d9c531d327db58c6192a7bd80c928e2688cbee45c7417764cd7dbd387d2dbe0a082f1fec44f68b47a04b
-
Filesize
5KB
MD52388c969a5f4fac50c357b0661a00316
SHA1fbd63ebca8a516566bcc16106916577a99eb8eaa
SHA256be775b50e820e09f43b2739d6feb91361e58d23df2df273d46edd14f162cbdae
SHA512bc74b19ddc3ff6fbecde8b1b8f02f35dc056c9d03f5ed3efc9113af751764083aba2e3e752e47afb4c72f5048b45c5d7eec7b6823689baf18906bc87f3241b1c
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
145KB
MD50e69d78baeca4b050218b0b716e88a20
SHA1649d7a0b6a29517367bdda7463c6108a5393cf92
SHA25600638d4311a0c07dfcaa22b476a7d68b2dfb1ff99f53a056ade272c10b73bb89
SHA512f55337b8efd09f7fe6691906e9ba08f418f42052fa028ea19e047237667e680e3f7c8169140d45cbd8bbb65baf5ef42dd67360fb6cdb3dfbcdfab2f003c6d128
-
Filesize
145KB
MD50e69d78baeca4b050218b0b716e88a20
SHA1649d7a0b6a29517367bdda7463c6108a5393cf92
SHA25600638d4311a0c07dfcaa22b476a7d68b2dfb1ff99f53a056ade272c10b73bb89
SHA512f55337b8efd09f7fe6691906e9ba08f418f42052fa028ea19e047237667e680e3f7c8169140d45cbd8bbb65baf5ef42dd67360fb6cdb3dfbcdfab2f003c6d128
-
Filesize
152B
MD5462f3c1360a4b5e319363930bc4806f6
SHA19ba5e43d833c284b89519423f6b6dab5a859a8d0
SHA256fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85
SHA5125584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417
-
Filesize
152B
MD5d2642245b1e4572ba7d7cd13a0675bb8
SHA196456510884685146d3fa2e19202fd2035d64833
SHA2563763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1
SHA51299e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9
-
Filesize
5KB
MD53d5072169a49594983c9cd22649bea40
SHA1e0821d87bb9de3ae7af0202b4a52b4cb878c6695
SHA256841ebb4281f774254901a8a64d7ef24555190464df130ca8790ca7f6e8c23db6
SHA51211a45b5a36b7a130d8f6c376daee5620288eafc7eb4ecf1b3771566a0a96159d98f04ce2d31ccd9fd304ab60ad4ae1451132a32b0fbff8702880583a802f00a3
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
2KB
MD560c2da928fe21ce03513ad8675c1ff47
SHA1047edd7fbaf23f6d8ffeef9555bd0d5bc90f29dc
SHA256368e881d7d83cccc2cf58e4e392d973f017fe03673ba9fae32f11aff69c93427
SHA51265d252883258503aebee59ce4508d62d37d3589c5d7b0ff5902babcda665f544db565972a3a51f0cfe0e898b82599a840bf1baaf499f441545a1f9297fd60f76
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
4KB
MD566553546d6ea8c46061691a07f871e71
SHA1912ed2a324f5638a0a55194c62b6a9b91c24d506
SHA2567593cea6a4a94a66b7ec8bc155b0b7ed74bbfecbd6938aed8460b5a703451ec0
SHA51294cfc1e760f14b7b8fda0fb09aae569189a96bb16ad41a7b01d6879b6913a95ba30607e5f424d6fd8320d2c42d924c65ba648bca41596471f51b612521a8e8be
-
Filesize
5KB
MD53961983fabbd5a7873b6c68512a1e045
SHA16ff58849b5c98405e72507dd15347427f8a3e953
SHA2564df0b1e1682875e89fffec12038502ea40f582213a6cfe83bf787256caa28202
SHA512d85540cad4cb60b827a2f21b67534226248553f6531d3e840c44773403fe9eff136f4047223119fa34e7cc6d0eb20db80ea9fc0574fb263181c9b2ad60ec0913
-
Filesize
24KB
MD5130644a5f79b27202a13879460f2c31a
SHA129e213847a017531e849139c7449bce6b39cb2fa
SHA2561306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1
SHA512fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
9KB
MD5354967feeb5c81cd320a5315c6060d73
SHA1ae644195bd6c6485f7f08208c558709d14b44dc0
SHA256741b1090b12eec38aa65e73fe0ff616172a3a80850bfbcff8d0087bcf4b4d427
SHA5120cf63790b4e61f5845a8e21f1161063a2f1515a1125e94aa2b9b2f33eed367066d84bbea32fa1e498fd1336a3f6c5772793bfd299d81c92dbb38aaeb2daf60f3