a60b7a2ef406fd853f59afb392ba91901e059cb256ae7f09de38344c55de4fa0

Analysis

max time kernel
60s
max time network
147s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09-06-2023 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

background.webp
Size

7KB
MD5

2eb141c3cf82936e58f2ffb397e10c76
SHA1

b2bdd8d7fd04f04db4ae9ca0214e9f5ccf02051b
SHA256

ccf0606d129dadfbaf5c51cdec59aec972cd0fae28a4db8d50461ad4f1082eaa
SHA512

af6851beda3ff04a7063da885b10e48c6218b6877f81c05d2c29ae9803c6e463f865d9b2df3bdb48ccd956b42606ce423216d3c5895890d3eb8e1aa8e3c1540f
SSDEEP

192:pw99Gdi+lGClqGYi/T2TqD4asgEQvL0UnAeAHKenE0jsSzsygi6:m9Qd2MjDL2TE9sUvLOeAHTE0j7zss6

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1500 chrome.exe
1500 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exechrome.exe

description	pid	process	target process
PID 1984 wrote to memory of 1500	1984	cmd.exe	chrome.exe
PID 1984 wrote to memory of 1500	1984	cmd.exe	chrome.exe
PID 1984 wrote to memory of 1500	1984	cmd.exe	chrome.exe
PID 1500 wrote to memory of 2016	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 2016	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 2016	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1196	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1092	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1092	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1092	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe
PID 1500 wrote to memory of 1100	1500	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\background.webp
1⤵
- Suspicious use of WriteProcessMemory
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\background.webp
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65b9758,0x7fef65b9768,0x7fef65b9778
3⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1188,i,9258836577929834002,5657977301458065107,131072 /prefetch:2
3⤵
PID:1196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1188,i,9258836577929834002,5657977301458065107,131072 /prefetch:8
3⤵
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1664 --field-trial-handle=1188,i,9258836577929834002,5657977301458065107,131072 /prefetch:8
3⤵
PID:1100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2220 --field-trial-handle=1188,i,9258836577929834002,5657977301458065107,131072 /prefetch:1
3⤵
PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2200 --field-trial-handle=1188,i,9258836577929834002,5657977301458065107,131072 /prefetch:1
3⤵
PID:1868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3244 --field-trial-handle=1188,i,9258836577929834002,5657977301458065107,131072 /prefetch:2
3⤵
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1188,i,9258836577929834002,5657977301458065107,131072 /prefetch:8
3⤵
PID:2456

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1568

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6666ca5b-3218-4d5a-bfe5-902eeb0f9bbd.tmp
Filesize
4KB

MD5
5fc349f83b84ea5c409c82c74cd3f34b

SHA1
8ced7f707127f590f3e322b199ab2a73ac3174e6

SHA256
a61283a7416cc663d0e2619c3f74aefd98760ccb0dd3ae4ae74a3a8fea3b78e6

SHA512
704a32b42ccaf073abed7471cb7c21eee3432e0829bd373fccac6f0d54272453b3eeb80b8886f78fbb7e3a3beca759aca6034e4a574947347becbb5d9e54d11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6d7a6e.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ddf9ec9a-1511-47df-a66c-fa49890616bd.tmp
Filesize
4KB

MD5
5c79199865c3af8389dcb07771a97b4f

SHA1
d0c1dab14158a16d7eb8d48171d2ac86ca3b7099

SHA256
61af9c029088f0694d1ed242fb4c1c87445dc452e8c60ab6e00b2efb12a97ff3

SHA512
aecdebc5bebd6796a18931ebacf9e9b8664fffaa417b855fa118418d2ccf8bc5cc1b6ce690818924008e816e448d5b2fd0ef4dac875d8e2b005fa31a68f79fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\??\pipe\crashpad_1500_GOUDZHLTDADKXEZB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit