Analysis

  • max time kernel
    300s
  • max time network
    295s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2023, 20:06

General

  • Target

    http://jetstar-pacific.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://jetstar-pacific.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:956
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc22d09758,0x7ffc22d09768,0x7ffc22d09778
      2⤵
        PID:3280
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:2
        2⤵
          PID:208
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:8
          2⤵
            PID:2844
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:8
            2⤵
              PID:3560
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:1
              2⤵
                PID:4432
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:1
                2⤵
                  PID:3976
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:8
                  2⤵
                    PID:1264
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:8
                    2⤵
                      PID:3840
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:8
                      2⤵
                        PID:4180
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:8
                        2⤵
                          PID:1992
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2740 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:8
                          2⤵
                            PID:4728
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3880 --field-trial-handle=1908,i,16842589815482284178,4351798719166444097,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:772
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:3912

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  72B

                                  MD5

                                  f02e47943762b6d8918c289301528ec6

                                  SHA1

                                  52ea2378364d38cd0ebf41d4e8a36fb0da364136

                                  SHA256

                                  66520862ae7f50fa6dcfa73b6af78d13bc11400b61564bfe7bfdf99a201ccd30

                                  SHA512

                                  cb294791f31fd1d8aacca6a1f8fce45174836a7cd5e9607d78840009072e017a593ee04e3fea2e8951fe932f3fb72ec4b8c9fd27fdbb107614864c93e2bb079c

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  eb9d273482748604ba6c31a3bc0f10c8

                                  SHA1

                                  55bfb9849e3e72da77b360d0857bca5a9976386f

                                  SHA256

                                  227582855ef0d446d73207af8a6219e8f4ffec58bbea059fe48bfde658f010bc

                                  SHA512

                                  2e862e7705563af877c9260d07d814dd8d34f3f39b56f1b40612947e64e57ebd63d0956e504bd0a65bdc581b49d59e7737a94cddc4e205908edb7438a890b8df

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  b49964cae5cc0a0f5ac7ebe425b884c1

                                  SHA1

                                  742a30a0bfd863d8d568c962eaf823f4c6f80188

                                  SHA256

                                  277755dd0747fe63a91818e7bdb9f45c496bc5e4b5764c99e30b957ac6fc8b21

                                  SHA512

                                  dba5d41ffb462d36368e01a7f6260a1ecad7ca42f0ee8f0a6375e02a6bd9b69189713499c6165121b3bc4453e2dfbd95e8de8d1c076da54450419f7bce422a03

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  34eeebbb243c457c7fa90ccbfdf19915

                                  SHA1

                                  a3e1659fd2776bffffdde5d12b19cdfbed3278aa

                                  SHA256

                                  d74c16361270ce7ef023a3e9e8fdf67626c0ecf3b0975484ef8738c8d632040e

                                  SHA512

                                  63e87432d4435437fe57b9d5a1874133fa4872f79428ce61cc85786e9a2f37a9b6a869a07af90d31626b72cdcc87500f12056408725a73ed52595e2350dba1cf

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  103KB

                                  MD5

                                  0ee1a0dd94e1bc0f5bf57ca85c745137

                                  SHA1

                                  93b65c0e0ba36708092a9adceb2376eb832ebf8e

                                  SHA256

                                  ec996e50d056bb917b9dde3aa3329f168917510cf0e7c4aba5b77143483c378f

                                  SHA512

                                  3a38f3b8349508a1795f717dc074185783552ef1dcc293b9162b82ad3daaed91c9bcdd7d53082c8e04888098e996162491469663f54147c61761363e320c2f83

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  104KB

                                  MD5

                                  8958cfdf31dd4aa29a57a248e00ed47e

                                  SHA1

                                  b31d27444f126242fbe7937fd2228bc47d66b3bd

                                  SHA256

                                  dcaa0f7c8f319f3b4136889f224ecbd4832c2b0faea054b7c715c60f1100ac8b

                                  SHA512

                                  0cda51ed0f94b9ca5f437d91493b2d2bc13789fd89ec647e7251f152cf5647b615f2475478b7cdb5778b3d1c5a41c8c68d067a907b804f6007ac5cbbf6866595

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  103KB

                                  MD5

                                  5ae5691ee2222a69353f150b153b4481

                                  SHA1

                                  629a17df5bb16e89f4dff0252d7858c2ce00cdf1

                                  SHA256

                                  ba3f6a8376afdd60ea517c852bb8ccfb0274f9abf4c14f2836929b999f6c739a

                                  SHA512

                                  6f60236e44c9ff1badb72a086de0a8446bebd1fb7ec41b0f3188302954d04609f9f919729583eb081f7deda535bc1dd4956f18c0d977cf29ec79762ac63eb897

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  104KB

                                  MD5

                                  0c6afdd212a992fdb6456d7d117d25d8

                                  SHA1

                                  4c2e5082189c32ba3631da98e21c47db06827e9e

                                  SHA256

                                  35662cd22a5b1d431440f3b272fc73b429d6a9632996a682fde72b334b8dfd0e

                                  SHA512

                                  9fb50abe10727a2c18e5e9d01a94b45e8c347bb6f8531ade6befe10b81a1809b0b98bc726e79c73af06f508b6dee3dd59182dce95866101a9b2b1e179a6de990

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  128KB

                                  MD5

                                  13e71f104952043b1c84bb2fc93d905f

                                  SHA1

                                  c4648a9617eb713671c29a3a006fef4503de0725

                                  SHA256

                                  144f4e8c363a50bef54729d454044f617ac40de163a73937c63fa7abcb50edc2

                                  SHA512

                                  2fc7f0f303840759860f4bc21dce916fc17d5d77981c3e7006c6def80ac4643998fdb0f703ed1616aca18d9bda6d459efa9bd6ae36f6338c0ac7e0141c76dd22

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                  Filesize

                                  97KB

                                  MD5

                                  0396bbf29c8175104fc262a973b1a2ac

                                  SHA1

                                  ba4fce2e5365b7dbd91fe15ae5725f7030abd0cf

                                  SHA256

                                  5c08359729cc2cfbb869c4e2e4eb09349b07f8ed2f42eeadad43720ee6efe39d

                                  SHA512

                                  224845e6ceffa2b6f8cd0bcc8ab9751d615ab4a7af70f42b43acd70b87e1e136718d329bc3475f8d58c486c26381ebca5ce252b5e2d08b29ac7facdc954a7446

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                  Filesize

                                  95KB

                                  MD5

                                  e8deb9b0f6011389d2efc9ac7b752dc5

                                  SHA1

                                  292c2d4d229566a4acdf6551dfcb920084d756f6

                                  SHA256

                                  d54017ebe9064b81bcc37c6cdd0f94ce31e2f03314279dd7e3eb5212813d4a00

                                  SHA512

                                  f1ea824069f72b6e943ec8577d07e37662e03706a2b55c9dd35f5587e2e9640efbab634038f3b66d09a04d03b1b148360c28e5ec6179edc2cd4246c196812081

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                  Filesize

                                  2B

                                  MD5

                                  99914b932bd37a50b983c5e7c90ae93b

                                  SHA1

                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                  SHA256

                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                  SHA512

                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd