hxxp://closedverse[.]termy[.]lol/debug/Minihoot

Analysis

max time kernel
794s
max time network
1688s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
05/08/2023, 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://closedverse.termy.lol/debug/Minihoot

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 2648	2584	chrome.exe	28
PID 2584 wrote to memory of 2648	2584	chrome.exe	28
PID 2584 wrote to memory of 2648	2584	chrome.exe	28
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 2844	2584	chrome.exe	31
PID 2584 wrote to memory of 1012	2584	chrome.exe	30
PID 2584 wrote to memory of 1012	2584	chrome.exe	30
PID 2584 wrote to memory of 1012	2584	chrome.exe	30
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32
PID 2584 wrote to memory of 2984	2584	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://closedverse.termy.lol/debug/Minihoot
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7149758,0x7fef7149768,0x7fef7149778
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1380 --field-trial-handle=1448,i,18056574598389435320,5374387967634559222,131072 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1448,i,18056574598389435320,5374387967634559222,131072 /prefetch:2
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1448,i,18056574598389435320,5374387967634559222,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2072 --field-trial-handle=1448,i,18056574598389435320,5374387967634559222,131072 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2064 --field-trial-handle=1448,i,18056574598389435320,5374387967634559222,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1684 --field-trial-handle=1448,i,18056574598389435320,5374387967634559222,131072 /prefetch:2
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3288 --field-trial-handle=1448,i,18056574598389435320,5374387967634559222,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 --field-trial-handle=1448,i,18056574598389435320,5374387967634559222,131072 /prefetch:8
  2⤵
  PID:1720

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df342a79271ab4c37bcedb00851b24b9

SHA1
d19017fd2f0368acbef84d7c5b89705951b065ae

SHA256
d34324240da432e537003c848737980a0af6865a6339263b90a26068b99c321a

SHA512
2a8712ac97b57726c91f205c16236584fb5d36d583cd8a4eb4809dd48233c112a72a9bbdbe8413e4a3077ddfe54ddb2767a1e155225fb63ea9ea51f8c07624ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a836ba285e80501f6271dfc1d242329

SHA1
aaa995b96a533b2f0b212a59e3db1de81acffa5c

SHA256
e42a0f215cb699e129101e975cb3fb6235fa26903644c98bedcb119f6e4cdd47

SHA512
dc2afdf1986649414d155a38feb382bdd6fa21c518b88889de49e54c139050ec56352e96bcde06e14093cbf9f37484d79e378400d9949ad5f5b8c45caaa5f279

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ab0a24fe2e646064bb230b36ba8d3b5

SHA1
26ef4350574263324913cb34ff861ca845b3dac5

SHA256
b63dbc9954e3f0dd17c29eec02e62b5d52a16f25339462f5ef8376e9ac89c938

SHA512
3f17b206dfa040806a875c0cdc30e2d6611bf225686b90baa134bfee7e6b5ef20d198b343222c2ded727607f7c22335497d2e89c66afd5ffab46796bf6b17dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
48KB

MD5
0a8d4637b47d2ee7bad6db9e8f0be350

SHA1
7e379e0ac86fa6bd88714ac8bc92012ee07daedd

SHA256
31ba9a249742fdb38a03379f713a8294feae65b0a5404638380fdefe33a25cbf

SHA512
2f6b5b47641f7db76bc4c7674e127a20fa719975ec6870075101910e79765c5a36cf195d4c2e95db2794a02582fdbe412714fa55384eacd0c9585215bd70628c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
07a7f9b03e8d2e29d2fdda4701da9f97

SHA1
2835b409313d7b7edf1304e8017532684c160d75

SHA256
769c9206f1a8dc15b6b39f74c0ac30e06351d85b7d7e4abf38dbef50f8e7e385

SHA512
3b60baf63831d8fa15be43b3f0b7fcd7bacb964cb7413d4e70f4f02c40777a05a5d51182f1492244fef706a989a029958354b3a28f6f4e0d5218382c8d82192f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
38daaf05c0bd24a4bf8a66f4fa66d197

SHA1
7b89545b24dffc5a9b965559f6b1f745c542ca3a

SHA256
3463030a71b71184f260e7316e208bdc640661f2c5b665d4ed1052cd9c8bbdae

SHA512
7a2ae489e5688052d5ca32005117baa39b1f1565b98d54d4909f23a412a1a96be1cf0ea3e845d6e0c917026d1956fa860333bbd158fae2ddb48bdb2ff2c62a91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
cdde1dba3c7588a6dff4694180aec886

SHA1
149468705b0a52ff01109b9f07db66523a4e0054

SHA256
932271ccbfbca631af01654ea42b8c4e859995fc22db0ff5fc52518b323ff8ce

SHA512
8d6f167feaa3204b8225946b196594764c9b77cb3d120ea9f73987f9a646d41b124c6a6d65b5db452f654df783e07d09c5eee146b102168788f85da084067ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab97A0.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar97B2.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit