Analysis

  • max time kernel
    301s
  • max time network
    301s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/11/2023, 21:32

General

  • Target

    http://servicourier.com.gt

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://servicourier.com.gt
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4488
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95fb49758,0x7ff95fb49768,0x7ff95fb49778
      2⤵
        PID:2268
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:2
        2⤵
          PID:764
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:8
          2⤵
            PID:3384
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:8
            2⤵
              PID:4544
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:1
              2⤵
                PID:3968
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:1
                2⤵
                  PID:4124
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4792 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:1
                  2⤵
                    PID:1032
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3912 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:1
                    2⤵
                      PID:4564
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:8
                      2⤵
                        PID:4748
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:8
                        2⤵
                          PID:3724
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=888 --field-trial-handle=1880,i,17265761636257498590,2326677419654846387,131072 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:856
                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                        1⤵
                          PID:3016

                        Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

                                Filesize

                                186KB

                                MD5

                                740a924b01c31c08ad37fe04d22af7c5

                                SHA1

                                34feb0face110afc3a7673e36d27eee2d4edbbff

                                SHA256

                                f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0

                                SHA512

                                da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                648B

                                MD5

                                d47051a728877105940d1d2928578dad

                                SHA1

                                ccb63b24804aeb81278412712a5abb4cb0399095

                                SHA256

                                882df94bf613a8616cbf375bc3434d751df51fadef822b7705a8d7637cec8aed

                                SHA512

                                217f7117695ca6dbbef1eaa6fb57450eca1925b74b3c4b9287707e0ac0694e673117ae1823324a7d6aa25b7d89376fb393b7df7bfa01688e35a77bf67b67e705

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                9d2013a36844c1d4ea63d2b13670d94c

                                SHA1

                                ed55121f965ea950750bb8666c707102137ec053

                                SHA256

                                b200b444f695d30ff161def808e6dd52f931daed09aa40f34f7c241d2f7c73a3

                                SHA512

                                7d78f3a327008ecf84f98dd370a7ce32698501c2e9e1d10e0ad8f203ffc7e65ea9c64548ad51ad84c97fe354eb41310be06fb4db0483f12f8b92b0e49d3461b3

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                6e280435217aa56b2f1cbefc7b68fb45

                                SHA1

                                cd9b896402f28c875b9ad630548241875d32b1e8

                                SHA256

                                12bc7cfb4b108c65c23c504293ee2cad4570fb8cae88020e48fc0b77d226ccca

                                SHA512

                                c80f36f86c1f355b90aef6f2327bef26dadc4f585060e1cfadce49ec29c2222fb0ec53941ae2ab96fefbfccb1b4b308ec2a2dea0c3b690505e44cfc6a81f6efd

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                497b85e6c23b153e26acc3f2fd4fecee

                                SHA1

                                edb083e2e362694a88a6d0e8fa7d2c865056833e

                                SHA256

                                1c71ac1fb3fceff320fb49cdebb946f3a28b2179680dde9020ab5775706f2771

                                SHA512

                                641a5b15f55e33e3f3a07ba43a5221a441b59df38896449b0eff4e719b5ed76b8c59cd8dbc6cb10e555d15118d78b25d36efdedc8c823b216a6d97e8631171a0

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                539B

                                MD5

                                215b5e05edb23b221346e4de06bbe416

                                SHA1

                                95ce30e638c87e5d23efb4f3b0002a2ac6c52c18

                                SHA256

                                66680ec59dca5c602de7ac656f634181ad883315bd78a7776c47ed0e786f158b

                                SHA512

                                ca83cdb4aaeb5a79c2f554870dea66ae5e64e1ed293f9169c27123ba4e2fd5e18f98606265c9e5ab35329f455aa1536245dd39ac61935bddb3104944d3b0ed22

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                78f3c52a708daea3d9a6a644d350c17c

                                SHA1

                                4a1ebf2f0fdf7a12eba538f5da8b42653bbdaa6f

                                SHA256

                                2f38ecf0113236bc48abcc7b16559f88ae981cf00577545718bf664b09b32992

                                SHA512

                                6f0dfcbc900f5ae64f32db349da6ad2919377ed329620b787b52d4381a0bba0fb9de558b6773899f4586153d051523e0d96402a2ef84530f6bbebc87d720219a

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                cad541a63002ff2b0908c27802bbeac9

                                SHA1

                                3002a105c01021c1f818ae3ba3edb33a8a5b1599

                                SHA256

                                18ee94b4f43082a06ea30ec6db255c6da7549d797bb42afc0f6074804470e777

                                SHA512

                                ef0345d9090946322651058672691e007fb5dd7857d5393f3b6c4ba0f8c408d333b59e9d8614e1256a4eb7a81e28d91de776e750ca23b8f840a819e0f577c380

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                399252d5c5ad6839ab474c23e7009b41

                                SHA1

                                e091597fd8c7827b712060d4069c06c74b17208d

                                SHA256

                                d41bab1af326971b0be54f0228570709e2f91319adf23a2084bd7da641fdca9b

                                SHA512

                                21996e7585653044af0335be4f1b0f98561c073158548812068b50326cfe868a6efcf7b1f25949eb9ee608107503ee9a51b1e96d7ac23f96b61cfc49b2404f59

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                109KB

                                MD5

                                1ca0af8db2a8207626cf07fd07b6cfb9

                                SHA1

                                080398a78e1312765850ec93315df3ba8d9853d9

                                SHA256

                                7bab7bef7d1ea497e9dd563e58a6290ce726952c28fd2c327269908321f673b1

                                SHA512

                                e9987130333f6276fdcac43f1c8e63ca32219615f7c191dc06104e46803f4861ddedb672ef3e3b862640651419cf4e111c6fef786bd4f38f47c579c2e47833a5

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                Filesize

                                2B

                                MD5

                                99914b932bd37a50b983c5e7c90ae93b

                                SHA1

                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                SHA256

                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                SHA512

                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd