Analysis

  • max time kernel
    451s
  • max time network
    427s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    19-06-2023 07:59

General

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://urlzs.com/2rqLb#[email protected]
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:448
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a60e9758,0x7ff8a60e9768,0x7ff8a60e9778
      2⤵
        PID:1364
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:2
        2⤵
          PID:3448
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:8
          2⤵
            PID:4676
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:8
            2⤵
              PID:5036
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:1
              2⤵
                PID:4452
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3248 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:1
                2⤵
                  PID:1068
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:1
                  2⤵
                    PID:4064
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:8
                    2⤵
                      PID:4424
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:8
                      2⤵
                        PID:3880
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5284 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:1
                        2⤵
                          PID:2520
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5080 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:1
                          2⤵
                            PID:1988
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2824 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1176
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4756 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:1
                            2⤵
                              PID:1072
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2444 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:8
                              2⤵
                                PID:3664
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5644 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:1
                                2⤵
                                  PID:1440
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2672 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:8
                                  2⤵
                                    PID:4728
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5744 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:8
                                    2⤵
                                      PID:3792
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=880 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:8
                                      2⤵
                                        PID:3132
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5800 --field-trial-handle=1812,i,2010810551253628430,17493724749391181377,131072 /prefetch:1
                                        2⤵
                                          PID:1628
                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                        1⤵
                                          PID:1568

                                        Network

                                        MITRE ATT&CK Enterprise v6

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          168B

                                          MD5

                                          77593e3b805608d3cc3c800609f24af8

                                          SHA1

                                          e6914390cedc4032b2e0cf4215229be115961d52

                                          SHA256

                                          8828dacb8b9e60e8a051cb24dbc03feb52b0d460ec3c1c71a374a729c9f185db

                                          SHA512

                                          ada04fe3aef1d800fd296f91392367f90b2502b06099cb80e8ea9804d4f5b5504f5633690aec4d62600f783c04bda948e261e53f5f3dc2305d28e63418e7418e

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          144B

                                          MD5

                                          8c508d3b574eb7daff95d779e628c915

                                          SHA1

                                          9f4b98427737bd80b3be1f12b76899b26694b268

                                          SHA256

                                          cb741edb7311c4503a43af4ccd31be3b4b1b1dd5655290baf4c851cef426be82

                                          SHA512

                                          1ffdc25996cba2a4ed074a87aa94ef3d90655f4cac5f2b44bd2d779c7570b0ca6e04e204f83e88b9bb990a9a0c6df6f077c3fd7c7bfca33bc5a1427ff07a8b94

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          2KB

                                          MD5

                                          e64cde5e860df2aa93826d5deb0e5a0a

                                          SHA1

                                          e9a6144f53b15887d4780f8f1c8296ab73ca460e

                                          SHA256

                                          8dfa95522afdb4d7794f31d124a55e4f623d023a44269299f9b075fee779c3a8

                                          SHA512

                                          0b4b540a9068d783b4122d935fc3e7f4bc2ebb49c5014d63c9845aeec9d208ba7902d05444767c9ae0f1918bc472dc349d1884a10d8be72380a07e58485ca270

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          2KB

                                          MD5

                                          0e58a2d64c8f4dcfe25a0fa933557a87

                                          SHA1

                                          75426bd34ebb1ba7e4f81f1e609b181eae4a50da

                                          SHA256

                                          5737c103928077a604b79a071c00489f5cd02ce7f659b74ab2ff7050945508ef

                                          SHA512

                                          86c2fc1af34da84e7567974b8aa1026665a3ed7ee676bb98f0b00880b4a9e637fb567427b892e33f87e2032c7e70ae304f0559c04a21bdbe941d75e3b07886bf

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          1KB

                                          MD5

                                          582a6a51e7f1fa89616ba582375adcd0

                                          SHA1

                                          3bf500800d22f7d19cf7f1b6f596b470a0b999c1

                                          SHA256

                                          f45dd2081d083296c7de7cab77f2c61889a12f0386e442f2ee5fb7741705a2cb

                                          SHA512

                                          638d0f6cef467de61ce6d36a86c3fc8fc4900f89f1122f67e0cd17e8d8485daa0bc2ec514eca1a3b2dd14403c406fdffe470a252f8cf075a5924144829a2031c

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          1KB

                                          MD5

                                          72f92cb70e3ccd6b433e2d6c8073cf1e

                                          SHA1

                                          9e3ffb39154b3bb47250a0473c4df748a2fdf84f

                                          SHA256

                                          49e3bdfe3750f472667e51abbe9916c53ec7f47e8d79f6c0c01bc827bbc35b12

                                          SHA512

                                          773ad9d5ec3587a3fc7cbf82a6ff0befe886b2545d3f13e52b76c42937b67719783d74458bc2301fe15cffd255a32b6c0fcaea5de98154ac7d0594b8f3a72854

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          ae80539d1f94b53754c450616a53cef1

                                          SHA1

                                          dfa9cc405c634e10153e3da8465eab4f025604f0

                                          SHA256

                                          1e468ead719041fea8ee4c4d2a3d11163de33dfb997f498965d1b3bb77a34562

                                          SHA512

                                          cde03e16d2ad8954ed0044ec0c1e1da71466f87255b3e903fc0800cc33cea09ef1be7f5812ab205824399ca71080010c2778a4110294628be5cc8799861b3ea5

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          4KB

                                          MD5

                                          3121426c6ca7e59c9c87e16032e3a14f

                                          SHA1

                                          dc9b2e313b9c45303453f654a943949a69abf294

                                          SHA256

                                          99990ccacb3dde8a2fabc14b0163b2fecda7584559e615ecffa735a07a335910

                                          SHA512

                                          3828d11524b9e42d5c9829b23a7e9dd8af819d69180c5e17ede024224128ee1cb55f4eef74fe282c92b426afc11e6800105cde53d3207e1c92c46df680101014

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          50b09bd704e9b87778f5d7d2cd2a4b9c

                                          SHA1

                                          fbdab9b33ab725e673a57839960ca5df1e954404

                                          SHA256

                                          887f6f696cbe695c699ab1ea36ab5b4c67ee001f5e7e3c5b1b225a506970c4d3

                                          SHA512

                                          2d5395dbaadd69088129f8c9695a8fb2c32fc79a8422219b0990017ab7c1bb1e9cb9dc9c3ad40ea771c41e5b91e2d8284668dcd94cacceea10a302ca7f122f3a

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          157KB

                                          MD5

                                          e50f6fa8d87a5b8ceda8addd67d7181d

                                          SHA1

                                          6b0e02e247f1ebcfb13e5b78a3d26fb76e261cf1

                                          SHA256

                                          5be33a394a39f93f15b336b6c87aff888ee6bbbd10e0adfbdc5c019e6a200dcd

                                          SHA512

                                          615165c2ba532e9f8a4dd4bac1d78097cd8192a96a1d9d7fc6f353c152b9c99e55c1f709132e66f753ebc6e82010c3e43a8c7f1b9404b3828f5252a5f1f2b2cf

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          157KB

                                          MD5

                                          737ba8d32f7106c64b8068dff2eac1f3

                                          SHA1

                                          18c6caef227375b7362ff5a4ae988033c9b5230d

                                          SHA256

                                          874cd92b2919cbb86c1fef7df4e1804e7f18c58f6c9b57d759f7d37e74614f56

                                          SHA512

                                          e70ee52c48a9d5b6d4874816477eaaac5401ab817dfa21796af641b2ca7b0f8f0007f5cf64d2909e230827e04cd368fae889a1dce63e4cbb9c3371e5c5145290