7f14d5db6e9a523c501fa2f69165b131ace609b6c4389ad55debc449d2cfa07f

Resubmissions

07/08/2023, 19:36

230807-ybllpshb27 8

07/08/2023, 19:25

230807-x44gjsad9t 4

07/08/2023, 19:16

230807-xy7xsaha59 4

07/08/2023, 19:13

230807-xxd83sha54 1

Analysis

max time kernel
11s
max time network
42s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
07/08/2023, 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18-07-2022_G3wmY8f6KhkWLp3.zip
Size

2.4MB
MD5

5b66d0f2ac8fac094ad41ed5170f89a9
SHA1

53795eaf7686a55327e19b2cee5a39ca709d9f5b
SHA256

7f14d5db6e9a523c501fa2f69165b131ace609b6c4389ad55debc449d2cfa07f
SHA512

3786a43f11abcb4ed18d182ae9af73c459ff0fdae2ef29f070e43966c278cfb871ba3201f54c332a2748f877a807f600726e06e210bc07e0f2b40af3daaca97d
SSDEEP

49152:5uK4aisLH/qM3mIyGK6IWoBwBPv/djZmZas2BCUBqVUnw+w5:nb9Ly2mIyGgWoBwBPNSzUBeUnwX

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2160	chrome.exe
2160	chrome.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2484	2160	chrome.exe	29
PID 2160 wrote to memory of 2484	2160	chrome.exe	29
PID 2160 wrote to memory of 2484	2160	chrome.exe	29
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2832	2160	chrome.exe	31
PID 2160 wrote to memory of 2696	2160	chrome.exe	32
PID 2160 wrote to memory of 2696	2160	chrome.exe	32
PID 2160 wrote to memory of 2696	2160	chrome.exe	32
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33
PID 2160 wrote to memory of 3032	2160	chrome.exe	33

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\18-07-2022_G3wmY8f6KhkWLp3.zip
1⤵
PID:1440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6829758,0x7fef6829768,0x7fef6829778
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1396,i,16191927799711951868,7637501590187761385,131072 /prefetch:2
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1556 --field-trial-handle=1396,i,16191927799711951868,7637501590187761385,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1396,i,16191927799711951868,7637501590187761385,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1608 --field-trial-handle=1396,i,16191927799711951868,7637501590187761385,131072 /prefetch:1
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1396,i,16191927799711951868,7637501590187761385,131072 /prefetch:1
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1156 --field-trial-handle=1396,i,16191927799711951868,7637501590187761385,131072 /prefetch:2
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1256 --field-trial-handle=1396,i,16191927799711951868,7637501590187761385,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1396,i,16191927799711951868,7637501590187761385,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1396,i,16191927799711951868,7637501590187761385,131072 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3824 --field-trial-handle=1396,i,16191927799711951868,7637501590187761385,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3684 --field-trial-handle=1396,i,16191927799711951868,7637501590187761385,131072 /prefetch:1
  2⤵
  PID:3040

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2336

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
232aa48f878916c8d73a6a6256b3b823

SHA1
bfd1f9d5e33ad3fdc122ba73fd429bb5599bd95a

SHA256
5370d4feac0f24e64427a79ad8cc9f6772ee83e605b9288eddf5ea7201832ea6

SHA512
479edbe5af031f042d21d8ac2224112a123775bee26a561238c1a0124aa15745ffc168461e026658c64b885f9ed9a04c55fe0e78cec492186134679a037405a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
fc828407ebc6376e0ce627d6178326a6

SHA1
7ce249075753edaef6d2d6e310ba46fa7c3cd2a8

SHA256
ab3ad87e274d1eeea0f8e8d3b0c927d2884c33c497144d026d13e8eccb6a105a

SHA512
f5f99a81f0a3f087d25f73984ae913af923627e52b3e0fe28e03b985b8a7f6a91e62e5e6d8227eefecc2bce3a450dc70850b61dd9471ea28f6ded0f3b5daa199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
179KB

MD5
9bf3087ca73f453fedc76fb800e11b59

SHA1
7bf4cfbdba643c8c6d54b46f0d8bdeddfcae0152

SHA256
c4f64a585a2a3b0576d8e666d6c83e477a69220d9dc70c7f20012e2cef464682

SHA512
f5dd5b02d0861d06614bdb7f63cd96c741b24d800d587ae404e89b87743dd03f3a603bb21b972a3cbad61565ca309a0e367b4ac08fbfff9e49d90551db65b1c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
179KB

MD5
cdd0dadc7b204dff9c6cde4f56d2017f

SHA1
4d0b3398e245aa0b39690bd6bd71410a40c4c3f1

SHA256
9a2e7167665319e4f31669c7f627e5ebd03a003c4e7c394232b89d9438093ae2

SHA512
9cf67625d7cffa6ebf01dfa5bacfacd67a10010dba04181923e57c812b0704360c067e537bfd76364815ee9abe710dcfa60cc308545f1d2d548098dcd12d7c89

Download Submit