Resubmissions

23-03-2023 03:40

230323-d8dl5sdc85 5

23-03-2023 03:37

230323-d6twcafc2z 5

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-03-2023 03:37

General

  • Target

    https://allured.omeda.com/pnf/logout.do?rURL=https://bloodspoint.com/cincinnatiparanormal576

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://allured.omeda.com/pnf/logout.do?rURL=https://bloodspoint.com/cincinnatiparanormal576
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4156
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffdac1d9758,0x7ffdac1d9768,0x7ffdac1d9778
      2⤵
        PID:460
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:2
        2⤵
          PID:640
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:8
          2⤵
            PID:3852
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:8
            2⤵
              PID:212
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:1
              2⤵
                PID:2244
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:1
                2⤵
                  PID:3724
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:1
                  2⤵
                    PID:5012
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:8
                    2⤵
                      PID:4652
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:8
                      2⤵
                        PID:2880
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:8
                        2⤵
                          PID:4812
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4896 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:1
                          2⤵
                            PID:2612
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:8
                            2⤵
                              PID:2856
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5232 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:1
                              2⤵
                                PID:4920
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5360 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:1
                                2⤵
                                  PID:1788
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=956 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2296
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4616 --field-trial-handle=1812,i,9482598139164410464,16289117814256090908,131072 /prefetch:1
                                  2⤵
                                    PID:1904
                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                  1⤵
                                    PID:4236

                                  Network

                                  MITRE ATT&CK Enterprise v6

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\787c0a0b-5478-41b5-9824-6577a96b54c0.tmp

                                    Filesize

                                    6KB

                                    MD5

                                    e041e41e00e60b49b58cfe8e2944081d

                                    SHA1

                                    064e62bec4affe1be2f5f6b81fd4368640170c39

                                    SHA256

                                    75a8b0e2f71b67dc4ca59925e7c0af317ebe67fc654f3d0328b7e421466305f8

                                    SHA512

                                    1c8f8de0a8f3eebb1fcf827572df15d10a8867c87a0cee8f5baf9715b63a63e2f65e32ea1569f2b6795cfeaf306b25435f96c530143beb709e168e2f54183492

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    144B

                                    MD5

                                    5c18596490099969dff76921535ec812

                                    SHA1

                                    b76375bf0b9c727cba7b428548378e430a75b03a

                                    SHA256

                                    06148847895dbc7f9dabf5c092783f37414679fe7e2cefb6f63c69055bd0b926

                                    SHA512

                                    207b3541063dc8f2a00bc5c2ccf6816da229651f83714645af3b43e9b7f44bc1bb2f60db3cd45fdc028f230f4760e2fc350852431e173bea6fb211520eae0eea

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    1KB

                                    MD5

                                    9b3f6abad32b22889da13a35e1bbdfdd

                                    SHA1

                                    8fbafaa598f0144e722c8eea242c3d8c2e1ed720

                                    SHA256

                                    b33e38924e180916488921b7dc572bb3ed37d5904b09d78ea76daaf0ebf2688f

                                    SHA512

                                    ed071c353909ef22d74481a182004b49fae69b25b4ba8071d20c8fe8086bef23f5328ca3926ea3c717e36a10b225db572c020a722ccf388dc17563a5a4de2265

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    1KB

                                    MD5

                                    1029a9e0b8c7f93ce50abeb39d15450c

                                    SHA1

                                    9c4a03295805f0be1cb29c4aa7f21bbf9acfbe2c

                                    SHA256

                                    6f3526ee1619c8c71e13f0eb8a27ec3bd9dc3aa0bf700c7abccc48c695346e60

                                    SHA512

                                    4358b2b0999bfe6b5c94cdd87fd4d2b9ad9fe5420a9a1e1a308e0785039b517307e27d2e5a1e88a2d66ead5f35ec2430b4937b962c7d8dee1ce320867f9f80a5

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    706B

                                    MD5

                                    94825a92783781b7efd9f9d54b433d42

                                    SHA1

                                    4990041cd07020f65b8780aae235096ff15056d1

                                    SHA256

                                    cc4f1fe70bc1b76ffcd268d2145d68ae9f7ca196b50329b3c27dbd4df1329194

                                    SHA512

                                    34c624f678d8d5e40a7eda0f492ca5396a13c43cc07662adfde28e7202231055917cfdd78072c4e33d4bee281eaf66c74eb931e683f9863bb91ec4a1d912f07d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    066538bba746f894ecb3a7ce963fed65

                                    SHA1

                                    4527307fcc6351b7a06429b6f1973250db8fd5a9

                                    SHA256

                                    e56e0472ee6fdde3ed64718a9263ca023fd3092b4cdfc478e2c27d7b99d91248

                                    SHA512

                                    545309a84ec2b272085e2c7c9e6afe5dfeffec7c459df9790134eaf611e39678d072b27013915bff18c3b4972b5f4a3839f7f7b2fbd734a643f604db447b28af

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                    Filesize

                                    15KB

                                    MD5

                                    87c5d6c4690418c1d0367d8dcc327dff

                                    SHA1

                                    c53500d930be67fe788242dc6b6793a0277a6908

                                    SHA256

                                    7ddf99e0995268f56c1e9cdf20e0ed3c5fe0171b19cbe7aa512ba41131d30894

                                    SHA512

                                    a6c3544843280fdee0c8ba50c37bc457ee38bfb07c044e2111a14ef2a005617f1367720c5ca338c4fe651e4ad44001c32cc20b8017203acff2213a9b3f54146d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    144KB

                                    MD5

                                    0a9471ae76ea91e436046d717421b039

                                    SHA1

                                    8b81c03268812a4dced410654d53895ba284bde9

                                    SHA256

                                    07df6a6f00ce690a7bf06a49b42069c68d006a07db7a4657966544ed1181bd9c

                                    SHA512

                                    4c21379cdbac2bdfefcd5fc7397d00763b28981800b3ca9cd6963e6150148358d679a5ac7bc3863025caeb78b309f68864eee36e5def8826ffe50883dfa95e3e

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    144KB

                                    MD5

                                    e6deb40a8a1b2b6de1e84d73dcb61b11

                                    SHA1

                                    5e64a05cdc754f0d7b9f0eedf7b18d8c425efbcb

                                    SHA256

                                    efd77283e436854d2ef590120293bd320d814ce66a4ec7e75e736af3d2aecd1e

                                    SHA512

                                    dcb65866b0452a3d47bb5299059b08b2ea96da319ef3ffe3f5c732ba9e0e704cb5384b134ebdc1d7fc73ea85e5f13c47a6135e226b176647a40f1ea6cbdc424f

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                    Filesize

                                    103KB

                                    MD5

                                    381d5539bca108a2a70642c242bcb20f

                                    SHA1

                                    0cfed95d4bb54608d823f72868375b6e094c07ac

                                    SHA256

                                    d58741ca67c9243ca846e19236301ccc48e7ad69941905adb6271d8c0bb56b20

                                    SHA512

                                    476b3967e90cff7d0f6e7a788e7ec7f611d656e8073f42fd03f6629bdac86cdc27ac58d77cedf86e2c0003ce1f867cde3c49edbe44e1c933924aa24318da5207

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe572d0b.TMP

                                    Filesize

                                    101KB

                                    MD5

                                    3a903ecb25510e993049b27b5b2543bf

                                    SHA1

                                    1095c433f10dbb733810e6fc1b384bb3d5eda687

                                    SHA256

                                    b1905111021098f043685e82818f36bd75ebf904298e72577a95657ee797a355

                                    SHA512

                                    f0aebfe64432a6267dcb40e38fc721827fe93134c9553e25a196c71a96d333f72e7a34c6038b2622f2e74c299c8c5abc492b5120d714a31ea3681f41f991ed68

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

                                    Filesize

                                    2B

                                    MD5

                                    f3b25701fe362ec84616a93a45ce9998

                                    SHA1

                                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                    SHA256

                                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                    SHA512

                                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                  • \??\pipe\crashpad_4156_DIUWCEBIOCFCOPQW

                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e