Overview
overview
7Static
static
7chinhphu_v1.apk
android-9-x86
1index.html
windows7-x64
1index.html
windows10-2004-x64
1l762f62c5_a32.so
debian-9-armhf
1l762f62c5_a64.so
ubuntu-18.04-amd64
l762f62c5_a64.so
debian-9-armhf
l762f62c5_a64.so
debian-9-mips
l762f62c5_a64.so
debian-9-mipsel
l762f62c5_x64.so
ubuntu-18.04-amd64
1l762f62c5_x86.so
ubuntu-18.04-amd64
1mask1.html
windows7-x64
1mask1.html
windows10-2004-x64
1Resubmissions
23-07-2024 15:34
240723-sz3bgaxcmj 1012-10-2023 09:42
231012-lpmppsbc6v 1024-06-2023 17:44
230624-wbcmpada5y 7Analysis
-
max time kernel
150s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2023 17:44
Static task
static1
Behavioral task
behavioral1
Sample
chinhphu_v1.apk
Resource
android-x86-arm-20230621-en
Behavioral task
behavioral2
Sample
index.html
Resource
win7-20230621-en
Behavioral task
behavioral3
Sample
index.html
Resource
win10v2004-20230621-en
Behavioral task
behavioral4
Sample
l762f62c5_a32.so
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral5
Sample
l762f62c5_a64.so
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral6
Sample
l762f62c5_a64.so
Resource
debian9-armhf-20221125-en
Behavioral task
behavioral7
Sample
l762f62c5_a64.so
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral8
Sample
l762f62c5_a64.so
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral9
Sample
l762f62c5_x64.so
Resource
ubuntu1804-amd64-20230621-en
Behavioral task
behavioral10
Sample
l762f62c5_x86.so
Resource
ubuntu1804-amd64-20230621-en
Behavioral task
behavioral11
Sample
mask1.html
Resource
win7-20230621-en
Behavioral task
behavioral12
Sample
mask1.html
Resource
win10v2004-20230621-en
General
-
Target
index.html
-
Size
2KB
-
MD5
17c59f1a89773ba82365ab6ed861aff2
-
SHA1
902c7f0d9d7e58ba46bf99aeb25d904a5077ebfa
-
SHA256
9eef2ac5a8846fdc480b99909c22a4b6c844654a0f7589310a1eddaae6b74705
-
SHA512
bd702d1330ce70319a413c2932aadaf93df6c6aa5ed6adf68ab323abef04853eef041fa248decca09671456c1ddd92ad1bf8efacd56358862e499ba52ec4f60f
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133321023313646911" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid Process 1628 chrome.exe 1628 chrome.exe 3408 chrome.exe 3408 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid Process 1628 chrome.exe 1628 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid Process Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe Token: SeShutdownPrivilege 1628 chrome.exe Token: SeCreatePagefilePrivilege 1628 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid Process 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid Process 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe 1628 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid Process procid_target PID 1628 wrote to memory of 1320 1628 chrome.exe 82 PID 1628 wrote to memory of 1320 1628 chrome.exe 82 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 736 1628 chrome.exe 83 PID 1628 wrote to memory of 3368 1628 chrome.exe 84 PID 1628 wrote to memory of 3368 1628 chrome.exe 84 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85 PID 1628 wrote to memory of 3108 1628 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\index.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bbc89758,0x7ff8bbc89768,0x7ff8bbc897782⤵PID:1320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:22⤵PID:736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:82⤵PID:3368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:82⤵PID:3108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:12⤵PID:1208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:12⤵PID:1924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:82⤵PID:2256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:82⤵PID:1524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:82⤵PID:1400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=748 --field-trial-handle=1812,i,7636958029615740788,10387763080453149651,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3408
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2520
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5065fe99da0b915bc4cc7fe68f1d9aeb7
SHA1cefa45a7cb87a1db131e6abea490349d4e7622b2
SHA2567894fcbc776adf9253791f3bc0d6c4416285c4d80f1afcd3ad1f6a2913ab35d2
SHA512203da21df0b41948e00243a755d63283cceac4f16ac889cd0bb4e41de3db3cd5faf943a0e8b1f9961aca6b7ebc559a693ee67247368dcbd942323b9713835440
-
Filesize
6KB
MD5fe4b929f6a518dcd3d12c63f05ac7563
SHA134d3368d1da4fc91a812e00e2fe55288b20c15fc
SHA25678d941816f61b601cd8e57657fb0f7c599c1a9acc4bd25e0ff389ff0b69ad9ab
SHA512a4a77d7e6ad8b11e50a435154a7a145a63af38f4fb0f002c65667e72e7477f0e7a972ccce3c05676bd6cebb9ccde7f2c96890c664ec6cb1d0067b3652bba46dc
-
Filesize
6KB
MD576c74e4aa422e4a2409e48e5d555bd20
SHA1d84a2dcdbb8088cb16b40810f53abaa61038872c
SHA2564ad6631ee1d7312531670a19400778d8d9f8dec0154e3c989d8975a19300b8b0
SHA512497f82cf67053a40f88fe6fc4355c77414103eb46373039f5d9fb84862a8951b89536b05ba6ccad1602d0573a1182e150c73716b35b23d8e9a2e43a97fd2e391
-
Filesize
15KB
MD52c79f41feec7e455eff2d73ae1b95f36
SHA1a0ac7061e9dfbc972d6a601e5f6350b5f89ae5c8
SHA2566476801ad80651a1b77bd902eff361ec47126d56bb592823fb9b7a83b9769c15
SHA512e1f9fdd95016c018e25e2d9bf8335e1561960007d411e0dc87acc605538f8ce9e7d6758553b1ae1844f7c76749c907cba848d41560ba839b05d6460e2c151421
-
Filesize
174KB
MD53246ff0bd3450a5376dc0c5744015b5f
SHA1b432d2eb7080aac6b546b0a1569ae205c2aacb5f
SHA256335b46df66342f80ea54e5d1dd7a4a099c9062984e157e8b56b4c6356c67df1d
SHA512efd2bb18a552097b79cdeb4cfc687a57ef67d941585be4217db1c503ab0af990304c4dbc0987cee6591f2fa7aaf3a63abe65fec1037df6a13c6572ccb29d8ea8
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e