Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/10/2023, 22:36

General

  • Target

    https://www.bing.com/ck/a?!&&p=645d98e2974d9183JmltdHM9MTY5NzUwMDgwMCZpZ3VpZD0yY2NiZmUyYi03ZjkyLTYxNjQtMmQwZC1lZGFlN2ViZjYwZTAmaW5zaWQ9NTE0OA&ptn=3&hsh=3&fclid=2ccbfe2b-7f92-6164-2d0d-edae7ebf60e0&u=a1aHR0cHM6Ly9jZW1zb25saW5lLmluZm8vY29udGFjdC11cy8#cGF1bGEuc2FsZXNldmFuc0B0eGRvdC5nb3Y=

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.bing.com/ck/a?!&&p=645d98e2974d9183JmltdHM9MTY5NzUwMDgwMCZpZ3VpZD0yY2NiZmUyYi03ZjkyLTYxNjQtMmQwZC1lZGFlN2ViZjYwZTAmaW5zaWQ9NTE0OA&ptn=3&hsh=3&fclid=2ccbfe2b-7f92-6164-2d0d-edae7ebf60e0&u=a1aHR0cHM6Ly9jZW1zb25saW5lLmluZm8vY29udGFjdC11cy8#cGF1bGEuc2FsZXNldmFuc0B0eGRvdC5nb3Y=
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ca899758,0x7ff9ca899768,0x7ff9ca899778
      2⤵
        PID:4960
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1852,i,10815041298078706955,135370240734123584,131072 /prefetch:2
        2⤵
          PID:2176
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1852,i,10815041298078706955,135370240734123584,131072 /prefetch:8
          2⤵
            PID:4276
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1852,i,10815041298078706955,135370240734123584,131072 /prefetch:8
            2⤵
              PID:3048
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1852,i,10815041298078706955,135370240734123584,131072 /prefetch:1
              2⤵
                PID:1844
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1852,i,10815041298078706955,135370240734123584,131072 /prefetch:1
                2⤵
                  PID:1428
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1852,i,10815041298078706955,135370240734123584,131072 /prefetch:1
                  2⤵
                    PID:3704
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1852,i,10815041298078706955,135370240734123584,131072 /prefetch:8
                    2⤵
                      PID:1072
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1852,i,10815041298078706955,135370240734123584,131072 /prefetch:8
                      2⤵
                        PID:4388
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 --field-trial-handle=1852,i,10815041298078706955,135370240734123584,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2576
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:3368

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              120B

                              MD5

                              8818a9c7e4012dc1bbdf9ef5f3a9b1d0

                              SHA1

                              5ea997e4f5cb8d8d164d8895e5f09d05aa06f5eb

                              SHA256

                              d0ff33326d4ce65543f9605cd24c1f4ba33fcce657443a510dc3ba17a42e824e

                              SHA512

                              47f0bce24952a79bbd638abb44e1b4e638953ad2e24bb8820c14b4314a9d0b963204334acb5f3d682a3bbc5fc76c5281d12f3801cf12433836645f62b266a60a

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              1KB

                              MD5

                              24febc77fa3b106d501d1b022b321e65

                              SHA1

                              72016961b490b2e93dbb2143d6fa6cf5caea37c1

                              SHA256

                              643ce41625d7a138564f0be151835f53b4fa532206cf1f5eedf5121f15a7b086

                              SHA512

                              705365a7a800154e5ee129ecd0c0b370620d6c2623aaf98e321fddf5fe62f21ab9eaf094a50be982c4438d1c148215da44f85a02370d4c9d2060b95062cca977

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              539B

                              MD5

                              369557ef836556d9931afef64556bb08

                              SHA1

                              4d6683b68d4c176199ca065a7d839e9ff5db0695

                              SHA256

                              2b010b884c6ef4a8fe0404d1a0d0620523f00043f91fb2944332fff7caa13ffc

                              SHA512

                              5aa73ac86b404195b16f0fbd40c99c3dca635ce75ecbd18edbe228ff85acc4bf3e9cbe94c00e22d214e19e2625b5f9ff4ff33fe6c2840e8cb2376351674975bb

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              237564baf1b3fc2faee3fcdde2ba90ba

                              SHA1

                              b89c6b3a3a4b26fb28936d0022f08c569a9e2102

                              SHA256

                              c834f1ac0f7fb8785b0b552a5bd950495152ae10bf593b1ec68d924faf9e82f8

                              SHA512

                              03d3ceaced47624a785dc640603c2ffd4b65529eeca61210489a31ffb258884b0274f7459a5c2a4a49b11d22f6ecc96aa0a74d25c32e803f432c2b47e057de97

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              3d605b850b4894ca402f5f638a86a3ce

                              SHA1

                              fe5ffc2cd99bc87f999c99924605e4b8de5cdb26

                              SHA256

                              ca9c474264d2c666fd1b575d77044deea89213272b13d41498ead45c9873fb87

                              SHA512

                              092c530ae5a26f18180d5868126e97409d940e6b7abf07434805092dbc7a0ae2164450e46cc5e2344fd1d823f907ad8b2ee97e2c31b3195fa61220dc944e933d

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              101KB

                              MD5

                              f8868686a785dfbcff9f51a9b6cab1c0

                              SHA1

                              3e58fbe9f520b73f3288274d3892ed1417187081

                              SHA256

                              7b46f27caee57b4d30fe98458046643016cf63f57b5d2a0b75732ff2dd009bed

                              SHA512

                              6dd1286aa297fd6dc14f1c49edd220dea643ad75fd96fd12b89e37353190b42ca2a8a5cb9e3f48c56bd3d7a684d7300e94efa9142a629708448bbf3e863e8118

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                              Filesize

                              2B

                              MD5

                              99914b932bd37a50b983c5e7c90ae93b

                              SHA1

                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                              SHA256

                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                              SHA512

                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd