Analysis

  • max time kernel
    1199s
  • max time network
    1183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2023 11:24

General

  • Target

    https://survey.medallia.com/?ewhdpxp53nw629x6yvb9&_score=9

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://survey.medallia.com/?ewhdpxp53nw629x6yvb9&_score=9
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd499e9758,0x7ffd499e9768,0x7ffd499e9778
      2⤵
        PID:216
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1800,i,5484023067090905059,14295352734173635883,131072 /prefetch:2
        2⤵
          PID:4340
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1800,i,5484023067090905059,14295352734173635883,131072 /prefetch:8
          2⤵
            PID:4924
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1800,i,5484023067090905059,14295352734173635883,131072 /prefetch:8
            2⤵
              PID:3356
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1800,i,5484023067090905059,14295352734173635883,131072 /prefetch:1
              2⤵
                PID:2008
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1800,i,5484023067090905059,14295352734173635883,131072 /prefetch:1
                2⤵
                  PID:4144
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1800,i,5484023067090905059,14295352734173635883,131072 /prefetch:8
                  2⤵
                    PID:4380
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5112 --field-trial-handle=1800,i,5484023067090905059,14295352734173635883,131072 /prefetch:8
                    2⤵
                      PID:4868
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1800,i,5484023067090905059,14295352734173635883,131072 /prefetch:8
                      2⤵
                        PID:3972
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1800,i,5484023067090905059,14295352734173635883,131072 /prefetch:8
                        2⤵
                          PID:4524
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2808 --field-trial-handle=1800,i,5484023067090905059,14295352734173635883,131072 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3048
                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                        1⤵
                          PID:5088

                        Network

                        MITRE ATT&CK Matrix ATT&CK v6

                        Discovery

                        Query Registry

                        1
                        T1012

                        System Information Discovery

                        1
                        T1082

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                          Filesize

                          336B

                          MD5

                          3afd90f9a5a152359201ea8b47d32741

                          SHA1

                          aa98246cf40c3cddd457cd5c347eb18eab2d9205

                          SHA256

                          422baf50cbb19aca0882ad67b80285441cf7c3ae0b5bd13df1db1470e0971c30

                          SHA512

                          cca199bedbd39f802fa5ebd2ff49908c6aff8ae1b2f070d60086067c7d242a2743a9612cde6d6531995d710e59214055dfa2e5afdba32161e131d130f5237948

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                          Filesize

                          336B

                          MD5

                          9c673080429a733435f01accb1690523

                          SHA1

                          1aada945165a06a82386cd326c1ee33630529124

                          SHA256

                          64e7e356e6148a620b72be4e27c62bebd5e5534c3bb8cd2d25bf842aa1049626

                          SHA512

                          9abbd2e5fbced32a06373b8a2e4bddc4a89040e115aaaf860a3f01534b9f52b464727257a32b75c5f73255f2b7f6c9c1b4fa1bbd2af7dda8ad7cdebd2b145bf6

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                          Filesize

                          1KB

                          MD5

                          192afef353903f488fd377c8f96d9f88

                          SHA1

                          2723c0c82439ef9e1b800ab8cc849b49baaf38b9

                          SHA256

                          9a23bdec6ef52aaabd6ba13e69f124167dfcf727a8bf8044f4dd1a06894264e3

                          SHA512

                          aff3868b8db77133f5df5f9c947d1b89ac84438daee14cfb8b62e22080f07496caeba18e31885c7300dafe39f569fdca290a825612069bdb7f397c27e50e1357

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                          Filesize

                          1KB

                          MD5

                          fd057b0cb0a0b053472f04128b399736

                          SHA1

                          fb51dd7e131031661d240582589c83f3278b470e

                          SHA256

                          db9ebddb91313201da3bfb1f70f893f451aa28d1d1c6a79b631e527edb344dff

                          SHA512

                          9efbe82af70fa2aa7f9f00247dfa3c644c78fcc429466fe4edbd2a49c931577b603548654711edd8c89e17671baad1187f9d386e7ec6856f39efaebdd4fa4930

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                          Filesize

                          539B

                          MD5

                          bd1c90bb2710da48a6e09bc67b00e996

                          SHA1

                          d8207762928098a930835b0c8ba018ba9d3e9a5f

                          SHA256

                          9cf95e22bca6c4650a95c5b7cda56eb42080f249662b65919e83755ccfdb83e9

                          SHA512

                          d5e2624cfe1dc3b279dbe468c42d46343a265d6d7e4646765ce198e7fe97a97f966cfa085b0cb65cd19bce1970ec9e9d86ea22b736b02514fe81e19bbf97779b

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                          Filesize

                          6KB

                          MD5

                          9f900a4d9fc10568fac67057ebc5dfc6

                          SHA1

                          5a67e8f1d005b308307c3db6c5ab4ee35f1001cf

                          SHA256

                          9d80d1d61f8e90ba5c57192ea39bffd46697e063ce32c1a84e4d570db667a117

                          SHA512

                          ed253c883103e0e0231f02c27877bde9b4300d60b4e46432a8a7db275fb2ece49f556d65123d6cecc4139bfc859ff876dafbbcb399b550ee2d3db04371561c99

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                          Filesize

                          6KB

                          MD5

                          228306a7201ce9ab70e42ee78503da70

                          SHA1

                          4d64d88f63728b62cbe61bd7a17f4a793c1a7930

                          SHA256

                          71d091e7ce5862c1732d46b4a494daa187c0d03f6c816f70ac387bf20a232f34

                          SHA512

                          8524ded1e6eb3744bd95a5363a8bdbbae1805a16a8ec173fe7cde0a8d67104ef655b7294be5eb682cc6a8e14b484a2d878822851c098200c2c5246364c87475b

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                          Filesize

                          6KB

                          MD5

                          f22a43bdf56ba7df031811fb30e9d26b

                          SHA1

                          97706a5d30b0d83fd72bfacffd2aa3c0ca76b271

                          SHA256

                          deb59c1972cf253ff0787ff6090ff92ed442da20ceb630446cba1f5ff069263e

                          SHA512

                          2fdede54693236bc6b1dd8014dae09c4c45c4271fe2ec1e8be764c06e7eaa085c751c30fa92e20d585f94fbc86d396941dc6c8e3b56906023c766977d1080183

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                          Filesize

                          15KB

                          MD5

                          3e61d40038d9bb0ff9d3a204902c5fee

                          SHA1

                          57133c0721aa506eff4cd4e2e8282421d9aafd14

                          SHA256

                          c25ed8067e01517cb6fa469249ca4034a136be61522461bbb8cb8986b50c8955

                          SHA512

                          8ed2dbd6a221641f8bd2c1f7b2631b925ac40159c7a4b230a85ebd6598fb2dcb75a355d483a0491011ef51d34ccf595e8ab4ec11bb82f846650c7237834b7939

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                          Filesize

                          153KB

                          MD5

                          5746afe625ccd2dec35328ff2eadc47a

                          SHA1

                          c9140e442babf5b772b87efda6da1340abe6232c

                          SHA256

                          0ecf7ea1a07c8d919d45bd07fcb8e3838cc6ac80399e598b96cb98996188ee17

                          SHA512

                          44529548de5a9ecad14ee1321ffcfa73909753849659cb4407dfcbd2ab4a18dabe9bdffe5cb146816dc7c09bb3cf137af6a08e09f2e5f3d3fa83d02c76a36099

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                          Filesize

                          102KB

                          MD5

                          183f155e7810a9266a0c5f03aad5f27f

                          SHA1

                          56c2918d135dca9bc57ed51add21dd853c91de8d

                          SHA256

                          4f43d99e6d4dd49768604c9a4596c3035692802f974a71053df07041ed37f83e

                          SHA512

                          e39cfb7aace60eb99f39c61f96fd021da0f52eb0cbed896783e581da01474338d72d123b5ea38d15be576c8445a7ace0b9491b2c3564a64b00333a3eb4e87190

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe570f23.TMP
                          Filesize

                          101KB

                          MD5

                          dc98de84e09f686b33ec510034ac224c

                          SHA1

                          32486608e60a57ac3f6bd03582e35dd9a06d0206

                          SHA256

                          f14d849a2d3ddcbbe7159502538e457cd5d9a06cab9c2de3bb9a6f02d9f73e28

                          SHA512

                          e4d360a78a17ae638908fb37e1d1fa5e92574b9fd08af34d2dcde9bac386488bec66b61e0ec2ed0a292d28e2bbe98affd2b0cdf7663276994901977cc5192341

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                          Filesize

                          2B

                          MD5

                          99914b932bd37a50b983c5e7c90ae93b

                          SHA1

                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                          SHA256

                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                          SHA512

                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                        • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                          Filesize

                          2B

                          MD5

                          f3b25701fe362ec84616a93a45ce9998

                          SHA1

                          d62636d8caec13f04e28442a0a6fa1afeb024bbb

                          SHA256

                          b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                          SHA512

                          98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                        • \??\pipe\crashpad_1760_SGHLKJBGOZVIMXJT
                          MD5

                          d41d8cd98f00b204e9800998ecf8427e

                          SHA1

                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                          SHA256

                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                          SHA512

                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e