Analysis

  • max time kernel
    93s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2023, 07:33

General

  • Target

    https://r20.rs6.net/tn.jsp?f=001KyiOQr5NG80Fzn57jM4Ke_HWp6AkxxFaq-QZHr0SB5kGY03_32hvdgVHe-sYdWzsHex71tyd33ZG72ha7b-aLedwopqEjRTpjOeD13CN380CoGPZ3Y2vpDaiht80Y1jEVCId2gvuzBCBUuA_teqHGA==&c=&ch=&__=/asdf/amVubmlmZXIuZmFnZW5zb25AaW9uZ3JvdXAuY29t

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://r20.rs6.net/tn.jsp?f=001KyiOQr5NG80Fzn57jM4Ke_HWp6AkxxFaq-QZHr0SB5kGY03_32hvdgVHe-sYdWzsHex71tyd33ZG72ha7b-aLedwopqEjRTpjOeD13CN380CoGPZ3Y2vpDaiht80Y1jEVCId2gvuzBCBUuA_teqHGA==&c=&ch=&__=/asdf/amVubmlmZXIuZmFnZW5zb25AaW9uZ3JvdXAuY29t
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4792
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9e9b9758,0x7ffa9e9b9768,0x7ffa9e9b9778
      2⤵
        PID:2832
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:2
        2⤵
          PID:3400
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:8
          2⤵
            PID:2952
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:8
            2⤵
              PID:3452
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:1
              2⤵
                PID:232
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:1
                2⤵
                  PID:652
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4688 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:1
                  2⤵
                    PID:3876
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4944 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:1
                    2⤵
                      PID:4704
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5112 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:1
                      2⤵
                        PID:2040
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5272 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:1
                        2⤵
                          PID:1512
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:8
                          2⤵
                            PID:4648
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:8
                            2⤵
                              PID:2732
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5820 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:1
                              2⤵
                                PID:3396
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4664 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:1
                                2⤵
                                  PID:4956
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5876 --field-trial-handle=1872,i,9236442981111049879,9730652208314734418,131072 /prefetch:1
                                  2⤵
                                    PID:2944
                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                  1⤵
                                    PID:1440

                                  Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          240B

                                          MD5

                                          2c126110589145d8d5157fd543e2fe95

                                          SHA1

                                          8512b1ccf19b78efd401ff8c291abac1ab1f658b

                                          SHA256

                                          e590862706ed189cfaf87d3faa555aa3b399cfe41f1ab1768a31651f7fc3526a

                                          SHA512

                                          2a089f8a3ffa19c30e6370a6ce4a0ae511a7d66364d4b0b5c9bc8f10ae25b47e17def19d44a2bedd0542c364bf1ee21e8595b6f8e68dc534b7d5603e0e98d49a

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          2KB

                                          MD5

                                          7933d2f767c5b6c86f61c549d7f51893

                                          SHA1

                                          8a85e9818db97af9cc27cea134c38e1c416fe02d

                                          SHA256

                                          a036c9afa3e2b1fbd4bb8996fd653f9ea09f343405d4e99f2085f48d00612455

                                          SHA512

                                          9154679ed8f4edb5bf96c043fa91d6535cefa0cf0dd0d9ff1c9d14106013fe5727cdca4d0c35614ad3551aeec2ac1cb87f8b0dae0b524e3856394929c6c17e8f

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          1KB

                                          MD5

                                          a0f52b98fccfedc65d5e83d6eef021f3

                                          SHA1

                                          c419870a6ca6f8a28075622077e3674e0d01fc1e

                                          SHA256

                                          46910ca1ac25cbd67b94a5c97b914b751494f3818f9e637a95478dd225962362

                                          SHA512

                                          983b8cca8c806db131492860efa8698a567bdf6d3bfff7b233e191b22dd38daddd43c92088add9a3c864f995c1932eb9a897bf7cdf203fc01e5710c5c4a35eeb

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          eedbe20e225f47fb51589afb27100bfc

                                          SHA1

                                          6a222d565062b22052165fe783f702cb416b6838

                                          SHA256

                                          00e6a112af3b0e6d2918b2ec979d2745c81bec75454f95227b7a71dace661258

                                          SHA512

                                          d6565fc5668ff80729ccb0fecb32fadab831219755c4d5d965d65ec4e6c10e0fa9dbccb5655b936a7f0041713e30a8e320b93406a8b9e90adda55c33b8a0b27b

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          6KB

                                          MD5

                                          5aa82e538b102765ddf217a23e6091b8

                                          SHA1

                                          5529d7fa0bd1d29b3ddb2c2e1fe01acd2e772ee5

                                          SHA256

                                          6b6fee9d2107ae99c5103cb22eb08faee500afb94d70999ae0dc2c61162a093d

                                          SHA512

                                          de1dc8b470427d6133741ef0bc10dfc547c7f30659f35eada9a3b8e46f292e00fa71ce70e97a8be05b157186b6ec598d31fc3c45c50e7d09e014c19e95432bee

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          101KB

                                          MD5

                                          0c4b0f6e6da89400762445ed1c603410

                                          SHA1

                                          91a62eb89fa8893ca5479e6be9ae1d309973002d

                                          SHA256

                                          322202d0f7739d1c8b8e847c5bb93b45f22f4f42d1abd7a603bfacaa416de559

                                          SHA512

                                          5eadb62602577af932864d6edbfe757f575ff289986a939c6c277794dd19006c23fa55a1953bdacc2e7fba517fcee9cd0586cf2411233746270ff416255fb549

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                          Filesize

                                          2B

                                          MD5

                                          99914b932bd37a50b983c5e7c90ae93b

                                          SHA1

                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                          SHA256

                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                          SHA512

                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd