bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

Resubmissions

01-04-2023 00:44

230401-a3qsqsgb3x 1

01-04-2023 00:40

230401-a1q1qagb2s 1

Analysis

max time kernel
96s
max time network
154s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-04-2023 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42(1).zip
Size

41KB
MD5

1df9a18b18332f153918030b7b516615
SHA1

6c42c62696616b72bbfc88a4be4ead57aa7bc503
SHA256

bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
SHA512

6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
SSDEEP

768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe
Token: SeShutdownPrivilege	1920	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe
1920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 524	1920	chrome.exe	28
PID 1920 wrote to memory of 524	1920	chrome.exe	28
PID 1920 wrote to memory of 524	1920	chrome.exe	28
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1676	1920	chrome.exe	30
PID 1920 wrote to memory of 1624	1920	chrome.exe	31
PID 1920 wrote to memory of 1624	1920	chrome.exe	31
PID 1920 wrote to memory of 1624	1920	chrome.exe	31
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32
PID 1920 wrote to memory of 576	1920	chrome.exe	32

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42(1).zip
1⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb0e9758,0x7fefb0e9768,0x7fefb0e9778
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1232,i,11066156164475370362,13390772333553838145,131072 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1232,i,11066156164475370362,13390772333553838145,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1232,i,11066156164475370362,13390772333553838145,131072 /prefetch:8
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1232,i,11066156164475370362,13390772333553838145,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2196 --field-trial-handle=1232,i,11066156164475370362,13390772333553838145,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1264 --field-trial-handle=1232,i,11066156164475370362,13390772333553838145,131072 /prefetch:2
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3608 --field-trial-handle=1232,i,11066156164475370362,13390772333553838145,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3880 --field-trial-handle=1232,i,11066156164475370362,13390772333553838145,131072 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3996 --field-trial-handle=1232,i,11066156164475370362,13390772333553838145,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 --field-trial-handle=1232,i,11066156164475370362,13390772333553838145,131072 /prefetch:8
  2⤵
  PID:2572

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1432

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0013cd61-ae08-4515-ad06-85b24abdaeae.tmp

Filesize
4KB

MD5
f0d3fef4d1300b2100b16705e8d51762

SHA1
13d03dce94df00f00fb39c6a00775e159e59a51a

SHA256
e1aebb4d7553eb19c727ee1cdffea7032505f0f3b9465d834b5c28f0d2e89b64

SHA512
42012ff21bc95dc0344c5082c04e6606f382777c9c3413f10ae195732a46ce211742252f81004ebf143bc03994f42cb7d86c9b0e797787194b8259bd8e522de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6d90db.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
850680abccc905d25d32bcf24d070b30

SHA1
01445fbeef471f242a1f3f2ed6e4f6eade69fb8d

SHA256
35c20dad401309f4d690672545a4b246928df7aa8be0ccfd472c3e864e0cff29

SHA512
f869a498174e13b9b44a693d84cbc9263a56c583fb0ddaa7719f99c414adf6cb93261742af7ed47d4077e5f4e3bf74a10d9f0b1a2c76bddf30196e89bd357712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit