Analysis
-
max time kernel
1800s -
max time network
1692s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
14-10-2023 10:08
General
-
Target
https://shell.cloud.google.com/?show=terminal
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 10 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shell.cloud.google.com/?show=terminal1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbb329758,0x7fffbb329768,0x7fffbb3297782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1896,i,18409840057078757735,4081043135546397187,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1896,i,18409840057078757735,4081043135546397187,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1896,i,18409840057078757735,4081043135546397187,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1896,i,18409840057078757735,4081043135546397187,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1896,i,18409840057078757735,4081043135546397187,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1896,i,18409840057078757735,4081043135546397187,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3392 --field-trial-handle=1896,i,18409840057078757735,4081043135546397187,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1896,i,18409840057078757735,4081043135546397187,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4764 --field-trial-handle=1896,i,18409840057078757735,4081043135546397187,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1896,i,18409840057078757735,4081043135546397187,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 --field-trial-handle=1896,i,18409840057078757735,4081043135546397187,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1896,i,18409840057078757735,4081043135546397187,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies registry class
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
312B
MD5d94b6f0caae1cdeee57dd43faa4a6c19
SHA1d63dd28cf30a6e9beb5a0af2dc676e0d7dfeead7
SHA2566447bcb284f7db8ff3711e108f766524579d927ef2d10dbc8435748e1c614650
SHA512fb8063d204c488e0379c07532afd3e79ed5eaa41d3fe916e255ee7dbefcbeceb15515594bf1e46c6b43d680db74c3584da4ea2f05da27cfa67ecc7558a41c3bf
-
Filesize
2KB
MD5d2be406af0e8621459d5972373a96cba
SHA1813bae10f78a348b54327aa3fa3e3bbafa5a7ac7
SHA256d83783ee7248f75b8001b5f1b6ef2d45f94088dd0fdc0b085b6a5a98e8469114
SHA5126f7460159e644f49afa7f337a8c5368121c755f774146a5df1098a392bf09b98078f56ccadfd32c7d7ed9b8d289e01cf8e5b3912f5bf07ae396fa819493ce1da
-
Filesize
2KB
MD5b3102effe306a32d6d34298a9ec0243a
SHA1ce5cacfaa10ce5ddf21df509bd75193c7de30016
SHA2563ca0dd7278f3cbba180ba107ae81248e62acb6af543021e7e79dfa985af61db4
SHA51282655832bff47ab7cea4eaa435f027f46efdb585e101eec019dec269994d13aac038b932f0a9c07dcbeef756b5c3db90d921dfa5d1e82033e73dc3ee950e103f
-
Filesize
2KB
MD5302c44861b81641545333b3847d575e1
SHA176e2461d944659808575aa026a306596335664ab
SHA2563b4a9169f20ef2f27f5a4ebfe85b894231648acdb899c08c5eac851868f41d35
SHA51202b957d5551ec2ff36c1f9da441d3ee6a12ad269c350b1824ace13539ff31c7554e41561647a2ac67dc399a992f2ffbc0ce8d0d08a014aa6449aba8786609d56
-
Filesize
2KB
MD50b399b4606e1e3ce4f3c5e10761a2e57
SHA1ac063e34d15b4493f618160796d6f2a92f4b3be7
SHA256e0ba20b0ccc045b3b218ee5b92330bb45cfe12770eeacf00e9c9d3f26c5420d7
SHA51281513ce5764ea9298b8da993af0ce1c9db8e89d5209ff6dba50d541fe651e62d099b4cf88b73f1e44c2de470712100466dd70994b928ea4ebea16e98f2bc8753
-
Filesize
2KB
MD5683fec4014463156ec1269ed8fdd4908
SHA1fffb4b3e1a009d06d8635e32b895a0e112ce5533
SHA256364f9b30b149393b186c4e0c00f3b27fdf3cc8278d6aff3fbc89a9c193ab877e
SHA512af7bcf2593b242abb1f1e342f470d26745aa6fa438acd58901ada967da94e1ba432979f3d5e21a0e0b66514ce538c7942bb5f0681b1a1a88f0ec4ebb095ee24a
-
Filesize
2KB
MD5f4e85f79624034969af5bf34d79c7f55
SHA145eb963164fba6b27bdbd1a7e1954037e0000a8f
SHA256731b4baaed418e28d8cc27c6339354652b7a479280d4368be3ff3cf0e9312c72
SHA5127e667ca2b2799ce40df13163cabf6d539288d98e7371bc74b67a2c8f55016d666b3afa61ca7f600393f72c08dfc7a6099ce7dc62f002c63137f277809a5ff8ce
-
Filesize
2KB
MD5134956638b67bb4139f476f5a755a6bc
SHA1f2df749d069e05011b970c3673c0651cb4ba43c2
SHA25635e86a9827b4c4096b21c23fb80ef93ca94fa9b18a78f3a3328c84bba80ff724
SHA512d217c3be93343ecf9ce003ba3fcce8f820c59d983704bbc463902e536fcc045993bc625fb15a026692ac683dffba58ed864964cc501594dc4fbb717c79413671
-
Filesize
371B
MD5df8353d9120000e6ee47ed37a197c3e0
SHA13d4ef51fb03013a1823c0f42959b068c6e60e18c
SHA256ebb05c801b96ad3acf046580b104ed12966e608ce24a6dfc8100ab07c23c0160
SHA5126bb1fdd9179d50edc74c0fef6616e7eee43a1e4ecc24f28012e567fd1b30645c48fcc5eae7048c419efa196305ff6cb005ab4054c4432fc4863cda35f89c4e18
-
Filesize
371B
MD5d4313ff5730d34c1984f55d8e10401b1
SHA13b0070abccaf4f26722d285853ff71c0e60939ba
SHA2561b62969b2ff2ce5ce4ce60c41dcec3f0fa50eece025c5e68156745e4f2e1326b
SHA5121c2e49f73d219bd58cccda4b065a19af17fb765f89c18d3e1614a32099357bba92a5002370b9e0f32f72f3376cf5541eccbdc353b2a8b321e64d64b0d40bb289
-
Filesize
371B
MD5a367cff5b447120356fc71b7fdbe904c
SHA1c3611ebbb3d2b0ab7276aee6ac706e173186114e
SHA25604a7c56dbca118c26f8b36f41f9c8e3fa17c9a098dd1728c8858ed4eae354dab
SHA51290816dd118d67826a2ed7efea8f28e359af4c2e91c6642c0ebf7c5fe7fb824b362bbb7152a6fba063367dea337916bb473940eab2c41e3f8cddb03e71a48d5fe
-
Filesize
371B
MD5c04a85feef048496e769f99439614c8c
SHA1a3168e7200a7b7e6bf075a7b37661c9f760e4e92
SHA256ef2b8f1acc4a37ea1a9e854b31870e5bd8a100cbb7350cbb0408553410d7c753
SHA5128783e9fd3c8c44388d4465075c75eeef3c38b09b99e2d92e2f1dcb5909831735054e872842c2f9a29a36ee66bfcd32ae2f21fda2c316742c9ca37845e7f4d367
-
Filesize
371B
MD5b74566a1602b6e2244642180dd61a294
SHA1ad8841273707dc848a36cae4b64154097efca00c
SHA2561a2aace3432657490e574e987d5a8af3b4925510cdb5bbc4405c6ce793752379
SHA5120f244e9a981e4483d2eb2c51ff8381269ac0e227ac91b99d8bc04b58b5d4869332ac44ee0decf16e18b7a902b32c706c2330c2cc6d2a23ec08ac86e8c776316b
-
Filesize
6KB
MD591ec9677cf8f661aa83cba88b7e367b7
SHA18af22648185aca705b9c9516915d84f5e2925ff4
SHA256e2201df0a634242f44970612f07803e1b62a468d9b6080f4db6bb9ff1e7cbb1f
SHA51275a0859cba0835c03f6ea51b43b77b8070da6aa0bff7d291b7bb48c1d267c1519b59f7027ec46bc175c56aa77828ce5840785455b2a252f9755b8734e2b40db2
-
Filesize
101KB
MD57b53add22e0ca1a19a3729e69830b7d5
SHA1c66dc498ceb51a8091ee0cae5f5f76f1d50a0817
SHA2563e97682810c3cd0fcb49254842906f30789dad36d11574e5e8c35f2fa23f8d40
SHA51202e55d7f25c7d1a4f5e503a512c0b2419e397b787060e678212114a7fdc8500c83d77d4ce427d0932864d4628dafc1fd42bc986bd263b3101260e1967b1fdcf6
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
96B
MD54114b63fafc98d9307dc8bfae1c379cd
SHA18959adf99facaf14c6be813470286c448b0e0b44
SHA256f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f
SHA51251eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723
-
Filesize
36KB
MD58aaad0f4eb7d3c65f81c6e6b496ba889
SHA1231237a501b9433c292991e4ec200b25c1589050
SHA256813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1
SHA5121a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62
-
Filesize
36KB
MD5406347732c383e23c3b1af590a47bccd
SHA1fae764f62a396f2503dd81eefd3c7f06a5fb8e5f
SHA256e0a9f5c75706dc79a44d0c890c841b2b0b25af4ee60d0a16a7356b067210038e
SHA51218905eaad8184bb3a7b0fe21ff37ed2ee72a3bd24bb90cbfcad222cf09e2fa74e886d5c687b21d81cd3aec1e6c05891c24f67a8f82bafd2aceb0e0dcb7672ce7
-
Filesize
96B
MD54114b63fafc98d9307dc8bfae1c379cd
SHA18959adf99facaf14c6be813470286c448b0e0b44
SHA256f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f
SHA51251eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723
-
Filesize
96B
MD54114b63fafc98d9307dc8bfae1c379cd
SHA18959adf99facaf14c6be813470286c448b0e0b44
SHA256f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f
SHA51251eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723
-
Filesize
96B
MD54114b63fafc98d9307dc8bfae1c379cd
SHA18959adf99facaf14c6be813470286c448b0e0b44
SHA256f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f
SHA51251eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB