hxxps://storagemw[.]s3[.]eu-west-3[.]amazonaws[.]com/videomasthead/lassa/lassa-darussafaka/index[.]html

Analysis

max time kernel
29s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
24/10/2023, 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://storagemw.s3.eu-west-3.amazonaws.com/videomasthead/lassa/lassa-darussafaka/index.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133426283260857987"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 3376	5080	chrome.exe	54
PID 5080 wrote to memory of 3376	5080	chrome.exe	54
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2104	5080	chrome.exe	88
PID 5080 wrote to memory of 2420	5080	chrome.exe	90
PID 5080 wrote to memory of 2420	5080	chrome.exe	90
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89
PID 5080 wrote to memory of 4088	5080	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://storagemw.s3.eu-west-3.amazonaws.com/videomasthead/lassa/lassa-darussafaka/index.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0x100,0x104,0xe4,0x108,0x7ffdff059758,0x7ffdff059768,0x7ffdff059778
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1892,i,7602128956824700118,2320712606262843187,131072 /prefetch:2
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1892,i,7602128956824700118,2320712606262843187,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1892,i,7602128956824700118,2320712606262843187,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1892,i,7602128956824700118,2320712606262843187,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1892,i,7602128956824700118,2320712606262843187,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3828 --field-trial-handle=1892,i,7602128956824700118,2320712606262843187,131072 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3744 --field-trial-handle=1892,i,7602128956824700118,2320712606262843187,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3952 --field-trial-handle=1892,i,7602128956824700118,2320712606262843187,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 --field-trial-handle=1892,i,7602128956824700118,2320712606262843187,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4560 --field-trial-handle=1892,i,7602128956824700118,2320712606262843187,131072 /prefetch:8
  2⤵
  PID:1168

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1508

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x4dc
1⤵
PID:3940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
745a5d9173ef04e6be98755423a9a673

SHA1
4d842d4efa564b12146c6b0290b6931f5edad86e

SHA256
10b1be9685cb7daebb4b1baec44e19f81b13bb71f96a7542a686d0cb6cd47ae1

SHA512
492ce8fd7445a6273a17aece69cc976e6b7c511cf656dfb34d379c40ed57948f0d10a37596c315b28e0664379e11b969798a7b9627b9dcda3ed6d4206a3f2ea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3ed99555929789ccd1e0aee9d66851f5

SHA1
33ee6b2efc2d77a68797a01c5d88220ac77aa0b4

SHA256
28283022d71bc4930d8c24a60ef2881a498e4816c3c75a0f1bb69cd2b704a23f

SHA512
b577ca5e4a312bb91cfef929814d3fb8739683669cd2dcaef3d1f85e687de84d44684d5e4790bad3c8dc92edfe7e75189b8fb897eb809da1db3980170f55a04f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a470d9ad8175791924ba0bc9cfd03c71

SHA1
3369eb8b6eb936329fa736b985f59e04b7777e4d

SHA256
6a2f457820fd54cbc134c64dcccbd80437762c7f558882ed57af9e529b7da095

SHA512
4a805d866b63fc6108300bc616a5df5afa11dfeb7b25ceff855b5e47a938556aa81aeeb66c245ebb9988c38a143faa2a63e684a75506224ac6ee4f38d56de885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57e83d.TMP

Filesize
120B

MD5
fda0d6666d9eac8d964682d6ed44bd2d

SHA1
854df294e38ffde87e9b18e6e4dc29763fd12abd

SHA256
bd2bc74c944c1cd41baa16ad69afe8122d600c592ad2db87791f665a15518177

SHA512
d5d15257e4139e2b87aa5f277b901e25b78693c492fed214febd10fb5a4b14c473f2806fda5ed0937cf258c72241846596df0c9cee113a18b85cb5f32799809d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
6ad10ad451b23650e78640668b2d4585

SHA1
0de96fac583e8226694d24142810582223031d95

SHA256
e8a9a4cd94b7c962c296c4f9403e7e0050094f82844a9a5b966f2556eac904d1

SHA512
c36ab9596df42ae88547f98a32bd48c3761951c8ccaaf1ebb66fa7187dcaa7d35b0b1a83464f4da28902f754ad027298e8d8e0d24ba19537e60a747a18fab950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit