Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://q.gs/FVD7O

windows10-1703-x64

1

Resubmissions

29/05/2023, 08:12

230529-j321faba8x 1

29/05/2023, 08:12

230529-j3tztsba8t 1

Analysis

  • max time kernel
    2s
  • max time network
    6s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29/05/2023, 08:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://q.gs/FVD7O

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 17 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://q.gs/FVD7O
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3240
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff96ca59758,0x7ff96ca59768,0x7ff96ca59778
      2⤵
        PID:3684
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1808,i,1581346904762320891,5121384119096520297,131072 /prefetch:8
        2⤵
          PID:1012
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1808,i,1581346904762320891,5121384119096520297,131072 /prefetch:2
          2⤵
            PID:4924
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1808,i,1581346904762320891,5121384119096520297,131072 /prefetch:8
            2⤵
              PID:8
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2756 --field-trial-handle=1808,i,1581346904762320891,5121384119096520297,131072 /prefetch:1
              2⤵
                PID:2360
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2732 --field-trial-handle=1808,i,1581346904762320891,5121384119096520297,131072 /prefetch:1
                2⤵
                  PID:988
              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                1⤵
                  PID:1260

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                  Filesize

                  72KB

                  MD5

                  4db3e5f30efd959d40b42505cd4971cf

                  SHA1

                  5ce59944cc059410b8b5370d800cefbd489fd838

                  SHA256

                  4b2241c42830796c76ca416670b6b5da781f32994ad6abcc36e9b97d3c444f5f

                  SHA512

                  29f653f9c4ce6d0482910dde775781dbb0f057a2ae90d7b3ad214b536c6a9443bac7deb25490e83f9785b5e97ab0135836c4dbc2e03decfc47ae910616971281

                  Download Submit