67424f06b6aeb1b9b4761bf9de97893e2b92484d24f9feb77dd901012d54f524

Analysis

max time kernel
58s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SX/SX Launcher.exe
Size

574KB
MD5

d815865c44760e6348eb2abf73a5db84
SHA1

44356251a6f124ad23ad8ecbc45e766bfca795c8
SHA256

94bc94016f2e858a125227d7d3a2dc2daa73c01b97e1dbccb851e91932c38c57
SHA512

780a6cb37b5505e04eb13c4c8421cc5485052792ba5c037315499c72d8c8efc11f1237c7e01d590df6e9b98da7dfaca83921f98f80abccb80debef3442e97d38
SSDEEP

12288:MWVj2euBCYu/BJ2jBxZK5Yu/BJ22Vj2euB:NVj2euB/y4ZKyyXVj2euB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

chrome.exechrome.exe

description	pid	process	target process
PID 468 wrote to memory of 1876	468	chrome.exe	chrome.exe
PID 468 wrote to memory of 1876	468	chrome.exe	chrome.exe
PID 468 wrote to memory of 1876	468	chrome.exe	chrome.exe
PID 524 wrote to memory of 1212	524	chrome.exe	chrome.exe
PID 524 wrote to memory of 1212	524	chrome.exe	chrome.exe
PID 524 wrote to memory of 1212	524	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\SX\SX Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\SX\SX Launcher.exe"
1⤵
PID:996

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UpdateUnregister.TTS"
1⤵
PID:980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef7159758,0x7fef7159768,0x7fef7159778
2⤵
PID:1876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1324,i,2036072145209134317,3636414669953601350,131072 /prefetch:2
2⤵
PID:1052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1324,i,2036072145209134317,3636414669953601350,131072 /prefetch:8
2⤵
PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7159758,0x7fef7159768,0x7fef7159778
2⤵
PID:1212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1376,i,6287222239767756395,13477474286478735038,131072 /prefetch:2
2⤵
PID:540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1376,i,6287222239767756395,13477474286478735038,131072 /prefetch:8
2⤵
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1376,i,6287222239767756395,13477474286478735038,131072 /prefetch:8
2⤵
PID:2064

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
c6e4431d295a1842fea0a903fba97f96

SHA1
b61072829b60b8e757f84812d1e44ce318b8eb12

SHA256
775ba22acda7362b3b8913914d10b3df1610e9ef9e11619c36c6607811bc9f93

SHA512
15761feea1df597afc51529909961187188ce64601193513ecbe41bc8b22fb5877d48a8ce85ce45fb874c8ac51049bfb1eb6cff16164104bc53cbcc38737f5b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
c6e4431d295a1842fea0a903fba97f96

SHA1
b61072829b60b8e757f84812d1e44ce318b8eb12

SHA256
775ba22acda7362b3b8913914d10b3df1610e9ef9e11619c36c6607811bc9f93

SHA512
15761feea1df597afc51529909961187188ce64601193513ecbe41bc8b22fb5877d48a8ce85ce45fb874c8ac51049bfb1eb6cff16164104bc53cbcc38737f5b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
c6e4431d295a1842fea0a903fba97f96

SHA1
b61072829b60b8e757f84812d1e44ce318b8eb12

SHA256
775ba22acda7362b3b8913914d10b3df1610e9ef9e11619c36c6607811bc9f93

SHA512
15761feea1df597afc51529909961187188ce64601193513ecbe41bc8b22fb5877d48a8ce85ce45fb874c8ac51049bfb1eb6cff16164104bc53cbcc38737f5b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
c6e4431d295a1842fea0a903fba97f96

SHA1
b61072829b60b8e757f84812d1e44ce318b8eb12

SHA256
775ba22acda7362b3b8913914d10b3df1610e9ef9e11619c36c6607811bc9f93

SHA512
15761feea1df597afc51529909961187188ce64601193513ecbe41bc8b22fb5877d48a8ce85ce45fb874c8ac51049bfb1eb6cff16164104bc53cbcc38737f5b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
c6e4431d295a1842fea0a903fba97f96

SHA1
b61072829b60b8e757f84812d1e44ce318b8eb12

SHA256
775ba22acda7362b3b8913914d10b3df1610e9ef9e11619c36c6607811bc9f93

SHA512
15761feea1df597afc51529909961187188ce64601193513ecbe41bc8b22fb5877d48a8ce85ce45fb874c8ac51049bfb1eb6cff16164104bc53cbcc38737f5b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
\??\pipe\crashpad_468_IQVRTCQMBDDCEJCG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_524_FUEUAORRIEKNDDED
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/980-61-0x000000013FAD0000-0x000000013FBC8000-memory.dmp

Filesize
992KB

Download
memory/980-68-0x000007FEFB0A0000-0x000007FEFB0B7000-memory.dmp

Filesize
92KB

Download
memory/980-70-0x000007FEFB030000-0x000007FEFB047000-memory.dmp

Filesize
92KB

Download
memory/980-71-0x000007FEFB010000-0x000007FEFB021000-memory.dmp

Filesize
68KB

Download
memory/980-72-0x000007FEFAFF0000-0x000007FEFB00D000-memory.dmp

Filesize
116KB

Download
memory/980-73-0x000007FEFAFD0000-0x000007FEFAFE1000-memory.dmp

Filesize
68KB

Download
memory/980-74-0x000007FEF6850000-0x000007FEF6A50000-memory.dmp

Filesize
2.0MB

Download
memory/980-69-0x000007FEFB050000-0x000007FEFB061000-memory.dmp

Filesize
68KB

Download
memory/980-67-0x000007FEFB140000-0x000007FEFB158000-memory.dmp

Filesize
96KB

Download
memory/980-66-0x000007FEF6BE0000-0x000007FEF6E94000-memory.dmp

Filesize
2.7MB

Download
memory/980-65-0x000007FEFB1D0000-0x000007FEFB204000-memory.dmp

Filesize
208KB

Download
memory/996-54-0x0000000000DC0000-0x0000000000E56000-memory.dmp

Filesize
600KB

Download
memory/996-57-0x0000000000D70000-0x0000000000DB0000-memory.dmp

Filesize
256KB

Download
memory/996-56-0x0000000000D70000-0x0000000000DB0000-memory.dmp

Filesize
256KB

Download
memory/996-55-0x0000000000D70000-0x0000000000DB0000-memory.dmp

Filesize
256KB

Download