Analysis

  • max time kernel
    1392s
  • max time network
    1364s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 14:07

General

  • Target

    https://pub-f91221c2d13e4686b68b74fd0130ff9f.r2.dev/purple.html

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub-f91221c2d13e4686b68b74fd0130ff9f.r2.dev/purple.html
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4604
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7be19758,0x7ffa7be19768,0x7ffa7be19778
      2⤵
        PID:4484
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1876,i,4856486863576347172,16975814275363469990,131072 /prefetch:2
        2⤵
          PID:2804
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1876,i,4856486863576347172,16975814275363469990,131072 /prefetch:8
          2⤵
            PID:4204
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1876,i,4856486863576347172,16975814275363469990,131072 /prefetch:8
            2⤵
              PID:4572
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1876,i,4856486863576347172,16975814275363469990,131072 /prefetch:1
              2⤵
                PID:2728
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1876,i,4856486863576347172,16975814275363469990,131072 /prefetch:1
                2⤵
                  PID:2132
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1876,i,4856486863576347172,16975814275363469990,131072 /prefetch:1
                  2⤵
                    PID:3264
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4824 --field-trial-handle=1876,i,4856486863576347172,16975814275363469990,131072 /prefetch:1
                    2⤵
                      PID:5096
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=6120 --field-trial-handle=1876,i,4856486863576347172,16975814275363469990,131072 /prefetch:1
                      2⤵
                        PID:1044
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1876,i,4856486863576347172,16975814275363469990,131072 /prefetch:8
                        2⤵
                          PID:3548
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 --field-trial-handle=1876,i,4856486863576347172,16975814275363469990,131072 /prefetch:8
                          2⤵
                            PID:904
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3392 --field-trial-handle=1876,i,4856486863576347172,16975814275363469990,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4176
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:4488

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  192B

                                  MD5

                                  734cb1eab87961a4eed529b99251d9d4

                                  SHA1

                                  febf2771285a8e20be60a1ff51a671e8bcc4df75

                                  SHA256

                                  2c36c8f2be2aca99b76a51f9e4761895857008f31297d642926f3c1ceaa07a67

                                  SHA512

                                  b32f8cebd55f2a06c1ca5fe05b4de1a1279f7440a1a19d1cc2a839029765932ef526158c1e143ca62c78d8ee76f90766b2662ea5b6d8373a93f8e3d9910dbd99

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  2KB

                                  MD5

                                  47560d33dc9b6af1246e38d1e4adf360

                                  SHA1

                                  a99ecde16b2e70077d81fe7038436d4efda7bd17

                                  SHA256

                                  2033b0585723e00f5e796d1d0ca415eac323c63dd22e0a1e16c2aebaaf4e19ea

                                  SHA512

                                  a1f82554f5a6bcb38c4ed65e27efbe2719050856dd042ff47d2f28867659a7a6a29686fe1166fa25d174ef4bb622faefbb513455891707d35e1227d9927e4694

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  2KB

                                  MD5

                                  2a8c9128c913e0962d1eff07d387cc16

                                  SHA1

                                  68bf992d7b2545b08db829cdd6ad1043609e271e

                                  SHA256

                                  1b6c5a2102509ad84b3a499ec50bcd67c82831b06bde03ac6621cc6ef939fd7c

                                  SHA512

                                  b2c018baee74e13f16dc5abcaf958d3f513a3a8b092a5ff83686965964cee7c1f83f68715dd29e9dc9aa0000d85d72729872365b67e06ef9d79bfabd63953042

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  d3caf29f618ef6b03484f8932edc0f2a

                                  SHA1

                                  da6c6348e17c5e45ca3f84e18c108cb070f578de

                                  SHA256

                                  c6eb745ed8404afa74ecb89240b3debeb599c08f6cd22c9dc1f9459e0539f838

                                  SHA512

                                  549dd5e20af5000bad8232a6d679238e623eb4092efe6b73524f545a2d46c8dd598b13fb29f0ca5024b95c3217a8c9e8823667b3a2bf1934bbf7b6ad19865cc6

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  834994175f0c0dd1b67b039f33d1c0f2

                                  SHA1

                                  ee07c2d12d44f957a9c732776568afa0208fce30

                                  SHA256

                                  64ff458959e19066022498bdf623308b08dcf690e5fb55ca44f34e0f57484179

                                  SHA512

                                  bc46525575104c2c97d6933e0477938858f6d6f6993500354d236b0a56b56b44ca28ba196a67d0353bc4d43a34d7ada558096e1bca5d18e97ac9c70642e4e586

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  cbf9127436e1a261d24d1c8612a6ee6e

                                  SHA1

                                  5be54150c27c2f73af7ddede8c7292da38cfe77b

                                  SHA256

                                  c08e602df9ee84ec43de1e7f97c8559919c812dee4f500c9b26cf0cef9552ce7

                                  SHA512

                                  75392097ece0407530583ffcf19ad599ac715be55ce50f4358bb38fa9cf52bcdeadc4932fafee80718059de15005d8250b85ec8aa6d9d243e1d68fa24380f5f4

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  538B

                                  MD5

                                  1f72f61fdce116928e44f4f5bd2eb2bb

                                  SHA1

                                  87062ea93608fcf13249df72e6600ec17e1bae88

                                  SHA256

                                  ec471bcec9636b815729eb47b62e7acefabb540496a4bcf1e1aa4add4883151e

                                  SHA512

                                  df8c4ddce2bf4485e78fb93f662fa240388cc42aa157d00bb1ad01db554fa0ff336a29af8cafbab824519359f227bb3a9e77e372fb73138334adc950853f9f37

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  dc22337352c3cde602f3009d3148d07f

                                  SHA1

                                  f713ef6e7c02fdfc1bedc53c2a80737b7bcae00f

                                  SHA256

                                  414d549d310325633b5b8ec2247aff1195d1ad208f6967ba047b9cca089cb3d8

                                  SHA512

                                  ce034c53eb43debd6ac6e37c75a0cecd0bfcb8d4449c9709b6e7f2b67923a60d1d93a4405e582190898d65051c0929aae8c2a4e48eea75b48f6d0286df2a5c4a

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  7ad3c4281deb1079185f432f0ffbc7cc

                                  SHA1

                                  5d9a96264505954c0560f2b86d4aca4395bc4b53

                                  SHA256

                                  f8724ac946278a65e5c113718caa199b9587070971bb389afa0ad368afa25786

                                  SHA512

                                  99ef0db308604459295f878978a12777e0385054ca2f2d4be2be10dbbf4b113241787efe65fe40a18577588d436976f40ba41c35b69977d2258141fdd0ec02ae

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  101KB

                                  MD5

                                  f2bfba42e90096dca31ca66a706be875

                                  SHA1

                                  2616324a0bc504ac8e8575ac2e1e221115a895ca

                                  SHA256

                                  ec4fdad31ac581fe69fafbb24bd7b28f30d393f8d2e272b6c27a2449fd5707da

                                  SHA512

                                  d8776885d11889805f426df9ee595bbdfbd83773147d89b093d5dff6396a58776a8c48f7302b7c315671b78467f14e9ac4cee7b8eae7f292b5b61fca90511d43

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                  Filesize

                                  2B

                                  MD5

                                  99914b932bd37a50b983c5e7c90ae93b

                                  SHA1

                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                  SHA256

                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                  SHA512

                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd