Analysis
-
max time kernel
119s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
02-04-2023 02:47
General
-
Target
https://github.com/Endermanch/MalwareDatabase
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 59 IoCs
-
Suspicious use of SendNotifyMessage 50 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://github.com/Endermanch/MalwareDatabase1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffd1daf9758,0x7ffd1daf9768,0x7ffd1daf97782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1780,i,5713935230211695301,467980007141729393,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1780,i,5713935230211695301,467980007141729393,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1780,i,5713935230211695301,467980007141729393,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1780,i,5713935230211695301,467980007141729393,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1780,i,5713935230211695301,467980007141729393,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1780,i,5713935230211695301,467980007141729393,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1780,i,5713935230211695301,467980007141729393,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1780,i,5713935230211695301,467980007141729393,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1780,i,5713935230211695301,467980007141729393,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8b68d428-a537-45fd-a185-91c03e8170da.tmpFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5926b8d81ed9f25d7dc00323eded66961
SHA180e2ab05186cf5b1e57a3d61b2ada54c1f6ea378
SHA2568700648b78f7a485ea18b5c7c659821f3cd4bbf12dc4c4e075fa9a277948bdb6
SHA512ab4d5bf86faa83041f7a7ee2d3ede27466ce526c7c16b35f04a8bdf527dc5bc59254314de8f343107f752556895e6e93f984909d5f6540a82f1e26bb442f7524
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5cbc551e9160f1f015f245d3c0e327af0
SHA17bc6e3ad8d84159b0511e0809dcf8ef537950eaa
SHA2569ffec5fb173ecc747cc2f2a302502574d59120baf031007688e5d753efea53a8
SHA512cb2abcbdfedb7f60e497cc1cbfed5d43dd23d66ac5fc5154f96601d36fec327d8755f6a5216a7f65899b3c4b9260ba8189eaac75c737184b31f64524f7968002
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD58fb2d7370dd00a6cc5651b696fb91e08
SHA1658c1f9566abef64797b6f04ee220aa280f05577
SHA256c8e479dfff223e389a836080878b118ad9a1d1a87d54fb1a35987173dc5fcc98
SHA5120994fe43db8c8347e32f29a162d8083dfbebe78b27a70c11a6ec38b91645407a3d3087087144a00ca264c6d733ff381d200047cbd8bbac08f60c91afbfe9b971
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5abe85b0bc5608330c2b1075879f1d90a
SHA1725e6928b9de1731781dc656de5df275701c7c84
SHA2561b238f4a498dbfa1cf2e952eea91dc1fdb9934c57d7b20b4c8c9b22ae06bf795
SHA512023c8ca94eef88e5550f462068c4144a5ca00a39db1bb9ea465b5a12fd8a5bed70c96d925430d1286004c20a625fc6b55a3eee0aaccb84258aedf3dc9e62b287
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD545ce2802cb91be913e8c8332eb26dec7
SHA15866ca0b0eaae2a3d1de65b7aa281139cb6f108f
SHA25654e87403195266a196d65a81fa853dd7ccababdef813084d029a8ccb567012fc
SHA51241a629659d4618019f65f09d8e2b0f61e92418a9de445cc38b34e1b225262e6a492e82c195b45ed38f9ce64cb3cf32c894a1345e6a91b54c5c9e261849716f9d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD51cd484e60c9db1ca0761a381ac1585fe
SHA1f29c03fdc0cfa7323eeb439577820b000abc0ab3
SHA2563bbd82837e233be67270c3800088734c537b2db0617cf2d3586099161e0e7c1c
SHA5122b81325103c970598e8aa7842a4839953bc4a0b6a2dff1ff55b1c71894e48284584ee13395267cfdd7aa8d6ad45050e4b5a8edd06c8aa531808a23b9090d474d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD56c16de6f4f0b76943542f00f41b07937
SHA11fa35d4a0fd585a43b7626efc356adb50aef5e2f
SHA2567333322e0c50c8135e7afbccd75879df972421b6c1f4225dc73a46db8647beea
SHA512e950e99341fb9a6addbb73ba07aaff5323820a192c99252d191debb5d30e94fed6daf6b08c46cdfe3dbfdd3a26b949175408127a59e8c969fb773a2bccb210c4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
15KB
MD5a99a6f505f7f22da0b25eae684b99eb2
SHA19d9d7ed20d0b4399d27f36f27d3e61c8ba7e8bf6
SHA25604ccb3f540a9e10b863dc9afa63f66e29fa19d931e585b7602a19beb0bdeaa19
SHA5129140d1245f6f613c6b2978c33e1c97056bc50b198cb5cecbfa077d4a92268d4ee976bd0a985936fb8eeb1f041fa94cc144af5133a6cf16acd68124c1ef359f2b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
173KB
MD517ddd5e3171cdacfd43f0140f5eec48f
SHA1319e2797bfa71708d15e43d6d8986523c7f6e89e
SHA25691ea054b9703c0fcfe8850eb2f1794731778976fe507298cddc30a65cac2bd95
SHA51223870885d2cf2ff6e593e7e1c015ac9ef70bfae1cc073d274894d863eb3ee51c21b3c395b788ebf3641f51263d283dbed3f627a2fb7388885c851f007dd79946
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
102KB
MD56be360ceec67226bdb23a55c7ac0e045
SHA1751bcd2fe97dfdaff389ea6c5087769182affdce
SHA256e4bd095516100d0dbb9dd60c9c67a1c0558a92e223eba8147274e3cedd148e29
SHA512eb7417fe48d47d5c233f57085666c7ebdc64b5f5b26e534f8d8c3d9e0640c89525e5c586e07f21a56e301d61bb673ab078d20804d31c9476bc904fc2073a9216
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56ea84.TMPFilesize
96KB
MD5f9e9b5e61122ce215ab963d5c60978b7
SHA102960088b4cbf3d7a6dca3ab3f8f29ed1731b89d
SHA256d3383d25feed35f51f0a9ed51d5716657aebb2b06e2ea086cff8166b0b839b65
SHA5125422ec33d2386513c02800a69f46bab70776829e8204ac12701165fb2a502b071e47d5a5f292c5bd533b7154126d336092d1fbdc24369298a42b24686adeae51
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
\??\pipe\crashpad_4244_LSURVRFVEEWXMVSRMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/636-310-0x0000028A2D290000-0x0000028A2D291000-memory.dmpFilesize
4KB
-
memory/636-312-0x0000028A2D290000-0x0000028A2D291000-memory.dmpFilesize
4KB
-
memory/636-311-0x0000028A2D290000-0x0000028A2D291000-memory.dmpFilesize
4KB
-
memory/636-316-0x0000028A2D290000-0x0000028A2D291000-memory.dmpFilesize
4KB
-
memory/636-317-0x0000028A2D290000-0x0000028A2D291000-memory.dmpFilesize
4KB
-
memory/636-319-0x0000028A2D290000-0x0000028A2D291000-memory.dmpFilesize
4KB
-
memory/636-318-0x0000028A2D290000-0x0000028A2D291000-memory.dmpFilesize
4KB
-
memory/636-320-0x0000028A2D290000-0x0000028A2D291000-memory.dmpFilesize
4KB
-
memory/636-321-0x0000028A2D290000-0x0000028A2D291000-memory.dmpFilesize
4KB
-
memory/636-322-0x0000028A2D290000-0x0000028A2D291000-memory.dmpFilesize
4KB