Overview
overview
7Static
static
7chinhphu_v1.apk
android-9-x86
1index.html
windows7-x64
1index.html
windows10-2004-x64
1l762f62c5_a32.so
debian-9-armhf
1l762f62c5_a64.so
ubuntu-18.04-amd64
l762f62c5_a64.so
debian-9-armhf
l762f62c5_a64.so
debian-9-mips
l762f62c5_a64.so
debian-9-mipsel
l762f62c5_x64.so
ubuntu-18.04-amd64
1l762f62c5_x86.so
ubuntu-18.04-amd64
1mask1.html
windows7-x64
1mask1.html
windows10-2004-x64
1Resubmissions
23/07/2024, 15:34
240723-sz3bgaxcmj 1012/10/2023, 09:42
231012-lpmppsbc6v 1024/06/2023, 17:44
230624-wbcmpada5y 7Analysis
-
max time kernel
150s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
24/06/2023, 17:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
chinhphu_v1.apk
Resource
android-x86-arm-20230621-en
android-9-x86
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
index.html
Resource
win7-20230621-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral3
Sample
index.html
Resource
win10v2004-20230621-en
windows10-2004-x64
8 signatures
150 seconds
Behavioral task
behavioral4
Sample
l762f62c5_a32.so
Resource
debian9-armhf-20221111-en
debian-9-armhf
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
l762f62c5_a64.so
Resource
ubuntu1804-amd64-en-20211208
ubuntu-18.04-amd64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
l762f62c5_a64.so
Resource
debian9-armhf-20221125-en
debian-9-armhf
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
l762f62c5_a64.so
Resource
debian9-mipsbe-20221111-en
debian-9-mips
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
l762f62c5_a64.so
Resource
debian9-mipsel-en-20211208
debian-9-mipsel
0 signatures
150 seconds
Behavioral task
behavioral9
Sample
l762f62c5_x64.so
Resource
ubuntu1804-amd64-20230621-en
ubuntu-18.04-amd64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
l762f62c5_x86.so
Resource
ubuntu1804-amd64-20230621-en
ubuntu-18.04-amd64
0 signatures
150 seconds
Behavioral task
behavioral11
Sample
mask1.html
Resource
win7-20230621-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral12
Sample
mask1.html
Resource
win10v2004-20230621-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
mask1.html
-
Size
2KB
-
MD5
49da8130d36b92e670879db78ecb7dd9
-
SHA1
0b5e840059a0283887e8b91545300872d66c3649
-
SHA256
1d1bdc743563387d47e9fd8c833b5e4364bf5d0c6607792afc012d0e6169277e
-
SHA512
a3aba7640297c101b2476ac5bb7a91d6961f67c22e2ee87f532001309936c467e3f9db4aec9da2c02634a98b727f8733a6836e78293747a04af26ad3ec8a4235
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133321023309073981" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1988 chrome.exe 1988 chrome.exe 4976 chrome.exe 4976 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1988 chrome.exe 1988 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe Token: SeShutdownPrivilege 1988 chrome.exe Token: SeCreatePagefilePrivilege 1988 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe 1988 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1988 wrote to memory of 2888 1988 chrome.exe 78 PID 1988 wrote to memory of 2888 1988 chrome.exe 78 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 5080 1988 chrome.exe 81 PID 1988 wrote to memory of 1044 1988 chrome.exe 82 PID 1988 wrote to memory of 1044 1988 chrome.exe 82 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83 PID 1988 wrote to memory of 2176 1988 chrome.exe 83
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\mask1.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1988 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffb484e9758,0x7ffb484e9768,0x7ffb484e97782⤵PID:2888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:22⤵PID:5080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:82⤵PID:1044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:82⤵PID:2176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:12⤵PID:2776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:12⤵PID:1724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:82⤵PID:1544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:82⤵PID:3800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:82⤵PID:3796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4420 --field-trial-handle=1780,i,15214030289768747022,12990661053058463500,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4976
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2236
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5b98b9e6f41caedca82640e89ec43fb6d
SHA14f2850acd7edbc90343b0cdf6938b02fe535e5af
SHA256e2d32aea2fcb984611759eafc24234291fd42c3ac744be75e6623fcea20562c5
SHA5128c171c6d1b62433b90e8dae16438e93e84040ed9343915f57ee15fcc04e4c22bb2a241fb7177054ccea277dbb7f31993d25c0f12eef81d008088a2364dcab430
-
Filesize
6KB
MD5cb67c9d22bcd2ed5eea89aa1d0bfd53f
SHA1332079d73cff3304454fd38c797e2a95834f2d86
SHA256e4d64c46afd77172b3341a9dc3fdca15a309ffc1d66d9b0708b7e09dfa523222
SHA51260baf0d82c129fc4ade29a2cfc34b0db1726ca1f5971809b06c3712535407fc88b32b2403250f0ffa7f3ba102bb497ca9699c094c24985bb356d94881ec3ed1b
-
Filesize
6KB
MD505d02544df096401dee0d31d6052c593
SHA1447efd7b8b8981de51c8e201462cc62d38b8441d
SHA256450cb6311098168da082b389e2f36a6c231306ea1eba929a1922544e19a693d8
SHA51237e7c77ee530793fe9761ee0e7ac87f8b5f57420381b47b09d474e8963c15936b01c8a991a340bc14b0c1541439c95aab8e5ef187b91e8e50bda80eb9e6043e8
-
Filesize
15KB
MD5c52f862015625f561219c0c586f38c70
SHA1e82c84cd51d421cd28f67a0d3a2cd6d25eeb06a2
SHA25633a7250fa05f5289db5f92d8977c94e0e98d58806c529214f7456a7c885b6592
SHA512a5a4913cfffb77eb4a438bb4f71c69681382786c6c10d0452e4812892ad1a1c64f6fcdf8c7436379f6819989857e25fda2a16619fbb5b514fe2e8fd8f12d707d
-
Filesize
174KB
MD5c903eeaead297a3b2044b29056226e39
SHA15e3d39759edb2041df9edd2f0d12c827c8ab3f89
SHA256a8231acb41bcfea2d2318a69951270b20a8748e5aa050b1c1c38f4d07874dc6c
SHA512fa461a33d7017e3c5529bd8a88a16ddfc933160690ffb86702e187cf6e7bc336868c9bb7008c17793c52572ed066364f5cde3f4f2acab320f679a37f411958d1
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd