377a44e44aef8354babca8b858d04a402dc30cf66bd59badd156263a3666cda9

Analysis

max time kernel
150s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2023, 18:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Screenshot_1.png
Size

936KB
MD5

9fc0e8938e2a2e55c5334b3b12c95bd9
SHA1

421bc5b58b6dd73418a22c1e16f4e82f3580d0ea
SHA256

377a44e44aef8354babca8b858d04a402dc30cf66bd59badd156263a3666cda9
SHA512

c66c6665d578db5a09121f22b2480dfcd1f82eae35017c85a74a58e4f6bc925feeeedbe2b4b8a5654fa4105567a1652cf9d140742aea846444129bd75885158f
SSDEEP

12288:uzUSBecMqIJ9oM3xaqWuXXIEslsFpKXHDC5mh7CjOPQT+NnTWlc44/K1xoUICnjh:uwOeNo8TnYrsXKFh7CjOPCwqeUIC/28

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 2064	4032	firefox.exe	94
PID 4032 wrote to memory of 2064	4032	firefox.exe	94
PID 4032 wrote to memory of 2064	4032	firefox.exe	94
PID 4032 wrote to memory of 2064	4032	firefox.exe	94
PID 4032 wrote to memory of 2064	4032	firefox.exe	94
PID 4032 wrote to memory of 2064	4032	firefox.exe	94
PID 4032 wrote to memory of 2064	4032	firefox.exe	94
PID 4032 wrote to memory of 2064	4032	firefox.exe	94
PID 4032 wrote to memory of 2064	4032	firefox.exe	94
PID 4032 wrote to memory of 2064	4032	firefox.exe	94
PID 4032 wrote to memory of 2064	4032	firefox.exe	94
PID 3284 wrote to memory of 3632	3284	chrome.exe	97
PID 3284 wrote to memory of 3632	3284	chrome.exe	97
PID 1892 wrote to memory of 528	1892	chrome.exe	98
PID 1892 wrote to memory of 528	1892	chrome.exe	98

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Screenshot_1.png
1⤵
PID:2676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:2064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ffbc83f9758,0x7ffbc83f9768,0x7ffbc83f9778
  2⤵
  PID:528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbc83f9758,0x7ffbc83f9768,0x7ffbc83f9778
  2⤵
  PID:3632

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b6b1c6f86742f7346412dd6d4940f02a

SHA1
5dfef7ef71df9870055998f6cfa417ef1b08fe8c

SHA256
b898f96a4ae7372c4c528b916868a26400ba61aac2c5fc2a3ce78e09a5c17719

SHA512
1aba509aa709d3199521cf9c8f40616907fedcf5a52925fa1ef0baa2beb16b88200f9831edf3ec21f7880b246838ec75f261a9508538548c6a35743288a6b8f4

Download Submit