Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2023, 02:42

General

  • Target

    https://aauumygov.tech/fliings/MyGov/

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aauumygov.tech/fliings/MyGov/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1124
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7fffddca9758,0x7fffddca9768,0x7fffddca9778
      2⤵
        PID:4000
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:2
        2⤵
          PID:4456
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:8
          2⤵
            PID:220
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:8
            2⤵
              PID:32
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:1
              2⤵
                PID:1556
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:1
                2⤵
                  PID:4900
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:1
                  2⤵
                    PID:2496
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1636 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:1
                    2⤵
                      PID:2996
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5036 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:1
                      2⤵
                        PID:1852
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:8
                        2⤵
                          PID:1876
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:8
                          2⤵
                            PID:4588
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4964 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:1
                            2⤵
                              PID:4480
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 --field-trial-handle=1872,i,16218439400420498346,3044791802158304550,131072 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3696
                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                            1⤵
                              PID:3020

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    144B

                                    MD5

                                    d16e749304c0e10b1a874d7404179cf8

                                    SHA1

                                    20f6cfec95dbb50ae043678762b795c3ae300f5e

                                    SHA256

                                    f98a94908a5835c44cf101bea39dfe35367a19ab73a869fa94096985acc39524

                                    SHA512

                                    a0bbdbbee2f335814af912d5254b0b89f165ca2080c98001302967477c33351717742b6222b6e34abe4e93bd1cf291c2c94e8391b824febaeea7fc01dd8216fd

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    120B

                                    MD5

                                    376c70179ed8c0f85460268b3377fd49

                                    SHA1

                                    d26047f01d79c96a0ae796bfeecc9f390f8659f5

                                    SHA256

                                    c3e242d2b407ae19d2d5596dcbee023ac07ae8f09f63171f584f8c7dbf48b439

                                    SHA512

                                    f16aa1b00dd7975ef810480fcfe8f4316c4f25b3f42e7d7b8a09102044dd411876a8f30dcfc4cc71997d6fe8e235007b0fb69cde8892ce2d513d0cf13684d8ef

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    dc7cece2592dfdfa73aa48b641dda55a

                                    SHA1

                                    277babf817fc8c2917be5d9efb816c10968fbc16

                                    SHA256

                                    79c3443a31dc0978e6cf71b0c2f03eee2603cb81890ae76263739b79f1de4761

                                    SHA512

                                    b60a449566d5e6f2a645cb12f80c16351859cc16fce0ea0b9e972e48bd1bac8a9c22c112c5e8a8002e9b82529afa7b8252ebb157c442df1ea33d221f23bd6caf

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    d5709e8f3bdf3a7e2098527e9503546b

                                    SHA1

                                    0b00630f02821298f9b7a33b15088c10940ea53c

                                    SHA256

                                    5330230789360706f2d8bbafc376fe556c13f75233c7037746272b5f32579a0e

                                    SHA512

                                    7ea116eda1b63cd1e4300bc8168f9a8623d996aab67cad7977946b61ef3c871058676b28b5b9c50e73d174471634d03097eecb45a75185a832d0a2a5b7a12832

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    537B

                                    MD5

                                    0af42450b1f49210681bffdaa130062b

                                    SHA1

                                    ea6473671dc46c2ff2c6b0a83061cbd1f73c6a6e

                                    SHA256

                                    16837c835d76ae1e23cbbe31bf99e0a3c2ff7976d03f175b8aee6b4a08f9d7b0

                                    SHA512

                                    b15a3916805d898f97b8484ea2ab1464df1c8787a7cbf93207a8c38fe6fbe93124559a0b9059c3afd1f3005e5610124fc0eb8ee2c522078821566b11716df0e9

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    ca71c45c4844a97e85b27c28da76b6ca

                                    SHA1

                                    0b9a19c55a6a4d6324240bf2c5685840d1fe5bc6

                                    SHA256

                                    53342cdbb8cf5f954c52496969286d370a7d888038c4f1565b9896ba07978c47

                                    SHA512

                                    a5b879618b7158a38acda7f6373bd54799d242b0ecaad2590ad95299762caba23df55648719365171f1988ebea674f6a2398d7f34b66eebeb5729cc94bf3f956

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    58de27271545c93fd5e5a3aa5dc074f3

                                    SHA1

                                    0476a2b199921c95a5f1a33ae7bef16e04413eca

                                    SHA256

                                    97f8c05ee3e473e75211056912bc9c887a6a834f7fe01c7315df11ca0945a571

                                    SHA512

                                    d89d9f9081488133d34411d52c5d48336b1a4847864be302ad5155280e1c11de5223be4517870acaa3dd45c4be42c83dabc36dd5622c0bcd179a32385e9c94c0

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    101KB

                                    MD5

                                    2a6dbd48f2cf5ef71c9878920259d62d

                                    SHA1

                                    1e97c5c9ba6bd67c568d6eef46b3dabe53194c1f

                                    SHA256

                                    9ba8e5c724890edd1aab6318c75fef4a639c3a43d9428dd99204cb675b3a9838

                                    SHA512

                                    7c012a854574e8b7fbbc1b238ef21040ad20cba43beab584ecbffa415bce6241b6c2622baf8ba131537421990ec1a5337a7d507c927eda7d22ca705715599fc8

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd