hxxps://d2fe6afh41xruv[.]cloudfront[.]net/white-label/vidmob/vidmob_dark[.]png

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2023, 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://d2fe6afh41xruv.cloudfront.net/white-label/vidmob/vidmob_dark.png

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133368387025986474"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
4280	chrome.exe
4280	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 3824	2828	chrome.exe	84
PID 2828 wrote to memory of 3824	2828	chrome.exe	84
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 844	2828	chrome.exe	86
PID 2828 wrote to memory of 2364	2828	chrome.exe	87
PID 2828 wrote to memory of 2364	2828	chrome.exe	87
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88
PID 2828 wrote to memory of 4628	2828	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://d2fe6afh41xruv.cloudfront.net/white-label/vidmob/vidmob_dark.png
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9132f9758,0x7ff9132f9768,0x7ff9132f9778
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1844,i,13532902129620964189,5343484986336704934,131072 /prefetch:2
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1844,i,13532902129620964189,5343484986336704934,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1844,i,13532902129620964189,5343484986336704934,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1844,i,13532902129620964189,5343484986336704934,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1844,i,13532902129620964189,5343484986336704934,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1844,i,13532902129620964189,5343484986336704934,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1844,i,13532902129620964189,5343484986336704934,131072 /prefetch:8
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1844,i,13532902129620964189,5343484986336704934,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\53275c80-3c09-4e44-9d28-a7fcb1c28803.tmp

Filesize
6KB

MD5
40e5bc98e6c4a23edcd2311efac46915

SHA1
872e10868d369fb46ce8f18960f63b7705fdcdb4

SHA256
c833196a53161095bfba433098c3ff62cbc2661022383c37ed80f6d42cb33be9

SHA512
988e70a61abea014de36d99f8cd8df51e706eaa6959f7f14fff0201d8945943d626cd9aed27a1bea8836b9080e49992b7e537917f9c8a9ec7388059208e534fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
909B

MD5
94c104563db2e186f697576b4bcc1426

SHA1
3f4c60a205f6615975e3dee55dc03174b3fdfcd2

SHA256
ba06f2225e2f9aedbd2596c99da15694baead1d6b8a905a7e422c30302c90830

SHA512
9bc2971bc0a0138277e59e2d40559f871abf9491e31a91d746220e96723bbc51be4d299863fe0f710af52ac2d8586900a5985ba71557482085ea031b70e9a8b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
a325cf6699f337b030199c2e684bfd0c

SHA1
76384a5e58577191916454307304ffd1bb3a4794

SHA256
eb67b505a93634a6ee4e42302788d79f6b0180cebf4bc8f15c8c9f869b3e3a9e

SHA512
1016903b43da0ce64594a1308c71d48446ece761019ed6badc68bd2f68725886be69a72b1cb289252344227a9eca243a58e0a871f8c0e7ad00f836bef5db3109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit