Analysis

  • max time kernel
    116s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    18-05-2023 22:58

General

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://urlzs.com/TZtV3#[email protected]
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4924
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd134c9758,0x7ffd134c9768,0x7ffd134c9778
      2⤵
        PID:4828
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:2
        2⤵
          PID:2200
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:8
          2⤵
            PID:2092
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:8
            2⤵
              PID:4308
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:1
              2⤵
                PID:220
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:1
                2⤵
                  PID:116
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:1
                  2⤵
                    PID:1592
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:8
                    2⤵
                      PID:4104
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2908 --field-trial-handle=1816,i,6225137306824950653,2304003127620442981,131072 /prefetch:8
                      2⤵
                        PID:5064
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:4292

                      Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        144B

                        MD5

                        a0ea46fff76b7195cd34bad3a7e4074f

                        SHA1

                        40e8623e40f37bded7b5008d47d8ff9595c2b72f

                        SHA256

                        649831a0c47f41be4609570d587d68c2bdcafc528330e8615b7bd8a72f8e206e

                        SHA512

                        8c78de7cef49818c7c7389dc9f8e5117f7cde8ad8e1dd1ddf6a945c154c2d21c2733be988bb1f0d7453ebbfd20b5ba5fd9102ca831817b2fd24be2a34da53940

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        2b4185dece253b1de0a656918feb9547

                        SHA1

                        441d8ced8fa1b4b95fd63ffe636d23d2791aee0c

                        SHA256

                        d23724c8b0143e2be5a7ed4cbf64f69a19566305543cdecedbd468b45d2c15ee

                        SHA512

                        208e52c6fb469aa4c90ffbfdb5d7781a11d3286bb42df3931e2455c66a86bea9df05b42d7fbd49f2c9156dd3a89dc1364e863f5a7240b25a4b990d837b5779d0

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b0559e98-0100-4e47-8226-96f4b87b9f6a.tmp

                        Filesize

                        2KB

                        MD5

                        d34bbf24e016784fc235035dae390f39

                        SHA1

                        f6584f9d9daa5ff00d1b82a9bdb5312f64a3bb8e

                        SHA256

                        b0a53f0b519da17cf8d01e2028734a8f6611905cdb4240d45f6ca0901474cc27

                        SHA512

                        cdd8391f88b9b24b386d7f01c920591fc20b358f6a23569a1cef096962167091953295febf27a48685bd2f6229c42972fa42c709473db8fac38cfc83c0bda443

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        4KB

                        MD5

                        3e93586203792a2b74b39048ed26093b

                        SHA1

                        49ee9739998b01ad3d12e69aa5f394c4f3559ddf

                        SHA256

                        c2c24039a33b010caa6f38b7bd06fd7eeacee70d7fe1bbee258a4ef7bc9b9c82

                        SHA512

                        78bd598839de18219857fb9cf200d16c33719af9fa6f5cdebee4e8f68dc57ad5df7a5eae8b22a9a76a8126135af77cfb6558137cca4b352d71845ce5959491f5

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        4KB

                        MD5

                        29e627b5ad4e17b39216364c5ea3f43f

                        SHA1

                        04db1ff07321b64d0d1f24f6571c85ff97cc52bf

                        SHA256

                        54fba5135b30b2a6f3fd9eae947880965c47b0daca1091740765e3219038bb43

                        SHA512

                        78e2e8d2e8e39e04348f5805f2c8367bdd73fedaff93c81b08aac51e77d72e2f800fb2b167d70627e298600d0c1c5a98d83f2dd2e90c0774a9cc90c164d5a46b

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        4KB

                        MD5

                        7418cda1efec523fbfae83fa626dc64b

                        SHA1

                        c2ad520788ac67e0c8e0c330eb66255a4e7fd8f8

                        SHA256

                        377e3ad7f416d4bd669275bba1fc4cedb9881b7e3da93ab9ed7d62d431f91da8

                        SHA512

                        cc505b3ebc92022a47bb3ea10200383fe149f81176597da796fd19ba7779ede2d5b48333eebd62972cc8691d69e905e06d155c2967f817de8cf515404ebf21bd

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        151KB

                        MD5

                        baa4cc82aee336c8d732db89784f5444

                        SHA1

                        64ff179373da88d543fd120d5e22f05ab536b32a

                        SHA256

                        77eee28cb6b2b223a87b639427c8117fcc35eb305cafe9d10f0e34f460cc7b31

                        SHA512

                        605d169ed87ec5b28a77af1f63d5e540833abd72ac3b61ffdf1f5a9a98a158c7ada72b906e8a852590bb1596b433c680d276b457c020184516916b96cf2bdc23