Analysis
-
max time kernel
1050s -
max time network
996s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
-
submitted
14/06/2023, 02:43
General
-
Target
Devment_5.rdp
-
Size
86B
-
MD5
ead61a03def0e733115092a1c61bd62c
-
SHA1
fb70b326a1a646cf2d035e49c0df9f5685e528eb
-
SHA256
1eb7f0062c0ab8f6c17ed971fadc7cfb2751cf71f57b46277ecda383d7bc7858
-
SHA512
688c214091265eb835b1bae498bf08eca5b786f75016198b5a566e1e75de9bd92b7d5e48cd483d8e03ea6cbf42369967480bc0448c17125f2188325e1e487650
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\mstsc.exe"C:\Windows\system32\mstsc.exe" "C:\Users\Admin\AppData\Local\Temp\Devment_5.rdp"1⤵
- Enumerates connected drives
- Checks SCSI registry key(s)
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4c2a9758,0x7ffa4c2a9768,0x7ffa4c2a97782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1416 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3332 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5048 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5196 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5284 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5332 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1256 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4420 --field-trial-handle=1812,i,6461953952591888697,962671585967168872,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD5e75096981699db5fbb0478198bf2e459
SHA18bb54165be6cb29f99446d3da491e86eae31b8df
SHA2561c9a91fc5a351f585b25038afbb261a9b87468003d99b7cfa8979adde454712b
SHA5120b7b8a6d935ce5beb271e3eff833a0ab272327cfd00c7bda9127c1aa17b49d85a780d242d096ccb36e5a11580b0631b60b2f2b4d1eb4c948a70b43eb2a8f08ba
-
Filesize
851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
Filesize
854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
1KB
MD518f5d521323eb83d69ab35166093e6f3
SHA1cc11d71049acf7fe8af317db76a859fc963e0dec
SHA256fc6a5ce65639ed0e80425339b885d9fe58edb10f8b4c692726f6b3da9acce4fd
SHA512b7fe4630f2a4b624fe03254d72a9ec38c16c204a7daa17259234f8862327b95d256bd36caec787933f00831c2e3dbccb2903b1a957686027e51e0599a93ca403
-
Filesize
2KB
MD587ddc3d167f2083d5bb21b1458367661
SHA1d964a96bd5bb9769e2a23b3cb5864a9ffffa2461
SHA2566334492d805cf2072438ae24f239254a29f875a1e4feaf55f8681dc16dc98d65
SHA512265edde4f3bf2420ed30d94456d7208fcf36995d658a774b5bed92d1703c0adbfb223cbbff89d328cc9d0107208bb5d58bbb88506da1c39186d1ba7f665a3f03
-
Filesize
1KB
MD5e83f849e363c20465923c850fcd59d6d
SHA1c12a9c402ce64ab7138501627ab0f7e413a4e522
SHA2562d5d7f796ace41e74d33459da1e7b6311698f1376aeaabe7ccd457bb4e6e0018
SHA51289de6f34be32a23c973dda2da8039c63a0a0a9ccf1979454d87ea90efd4f50990d3d4e7cdeec801f5f491c202a7d2016a54036b3037e88c0e062c6ba34f17f3c
-
Filesize
2KB
MD5de96dc025b7073194fc07058eab62a0e
SHA1fabcf3f4e722d1fc465b7bea0bd0de86025bdbd8
SHA2561ddb9c58322ad13aa33e4cecb624e5601d4c5d50d23ab357bf2ae9e9dfdb9893
SHA512e27fafe9a1ed1a73864aa0f68eaa7ef5e59995a28f01c1a575039eae054b48e88058c658c76456a6c661dbba3864b3284bec2787c43019abca42f4f2e04ae9cb
-
Filesize
369B
MD5f1d7194edc1340f38e5fd7f19e22a762
SHA166f8dd4dcaf944be1c1da019a6ec7acbd4f7a98f
SHA2562f42d11c5c9c36a463a68726cb28d52194c346bb8e0d48e176b1f458a2eccdaf
SHA512d8131cd267f94623e1d9870c39612818df69ca4a073cc5833a585f27ab7cf3deeafda615d747ef7ef33a0f6c456d8f3e5aa32ed00efaf875043017c21a6e35c5
-
Filesize
534B
MD584079eaa1cfbf925d682f79a725d8ad7
SHA1e77d5b3f6d704a1333f579ec3f451232d0873af8
SHA2560c675f73cbc959f0da50de92166b2bc2de3b531f3ca87d92d14a5627d8ca056a
SHA512423d4e8ff5a1aa771a252bae2c5f45298aafe3bcb688fe1db24408c7eebef115744cbe70923f8fa1f4dd7df76015c39ee53d7a64e30d8a2517954b1b187f8eab
-
Filesize
6KB
MD5d5b7d9a3690891d77f602d691cb2bdac
SHA16eed59be97ccc320281973c33e73ba01506a1ce4
SHA2565a492dba05d6444a662fffcbc1ce0ce3f7c7d1529c90987046d0202d95e5ada4
SHA5125af70e086f150140e173fa62641390b5de34df968891eec35c762edfda41a6eaead873bf15be86fe6c2378d330e56527059e28d75b781b1956e9e968dd64a161
-
Filesize
6KB
MD5bb394cfe1bd5b4205e2079733536550f
SHA1c1922dc1636621c6a8fe7407098669b1c1e40a72
SHA25609bf62541854d3b6b9ef3edb21224212bdaf2d3184c5fb498a598831a8b7784e
SHA5126a19786913a620333f2360d4023a21f6f4bef4f732bf355a23b1bd46ecd4a2e5cd42d96ab92c408af256ec8c34545a0d9faf3713c0bdf872f47d6674cc076e00
-
Filesize
6KB
MD503f82922eb8bcbc79d9390189df1da15
SHA16c4d62c499d664282f7173202bc7dad5a4c24a36
SHA256402240b3709bf8c6ed68aba6e957f34fc101d18d0716e81b05e398705fc5bab2
SHA5121c16adff7edaa9f9bc6618de75b158db52cb4c1483345e95646b76955d3da5df112b42b6f9822468eca94348550fe982c8c776b903621abd788f96ebd44a251b
-
Filesize
15KB
MD5438960e0282c9c237c0bdf0e4ac396dc
SHA164f6d28a6f6e5d6209d2840c58fe2537ac977c89
SHA256a76044b6ca1a1b21d449f1b501cbd5d1a94a7d033c4958cb6a5be5dd41f721fc
SHA512b2fde6ba550fbe0fcf8e42e806e328097b401872447e17760b92cd59a199724cd91b4c5deb771b7c384174265d2b1164100d8adb0d274ebc1aa3fb515a7dc27a
-
Filesize
159KB
MD52d06b0ba8e4a190aa00b69000b9f8b65
SHA10f3eed3b126262b614f99d7d0a60c438b3a8fca4
SHA256e63f21649a868456e24a29903c259604bb1657a8be85b81953c8d1d308ddf1a5
SHA5121a3db3b5eb21c804b553498d507ec0b76df648f35774af9af3694f20cc45f53cdfffa4ebcce5b5606cc8c1ff1b06f9236e625a30c1f34ae512ca6edd3eb693c2
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
Filesize
88KB
MD52cc86b681f2cd1d9f095584fd3153a61
SHA12a0ac7262fb88908a453bc125c5c3fc72b8d490e
SHA256d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c
SHA51214ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986