Analysis
-
max time kernel
12s -
max time network
61s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
28-11-2023 05:44
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20231127-en
General
-
Target
sample.html
-
Size
156KB
-
MD5
7a2ddb0776b2c29af02caf8bd7866ee1
-
SHA1
86cb48540ad2c687d019c05f9263bd9253b28e3a
-
SHA256
0c32e7701ef8ab1bce10eb629e2369e9b1e787e6637aa423f4ca146b8e902701
-
SHA512
d758002691840e86ee80846c42c1c0da8606d23d6c1c47a6c0d90dcd9f1a1c782875ec28b01b3df50412c5bc4e949282900ce71a91765aea954cc8e5311ad6df
-
SSDEEP
3072:MV2bbtgw4izh1p5NWB3S1+6PyMDssg0iaG4owmaTj:MYt4izhj23Sx
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 26 api64.ipify.org 24 api64.ipify.org -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2288 chrome.exe 2288 chrome.exe -
Suspicious use of AdjustPrivilegeToken 22 IoCs
description pid Process Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2288 wrote to memory of 2760 2288 chrome.exe 28 PID 2288 wrote to memory of 2760 2288 chrome.exe 28 PID 2288 wrote to memory of 2760 2288 chrome.exe 28 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2712 2288 chrome.exe 30 PID 2288 wrote to memory of 2540 2288 chrome.exe 31 PID 2288 wrote to memory of 2540 2288 chrome.exe 31 PID 2288 wrote to memory of 2540 2288 chrome.exe 31 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32 PID 2288 wrote to memory of 2568 2288 chrome.exe 32
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69e9758,0x7fef69e9768,0x7fef69e97782⤵PID:2760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1192,i,18219841975407913131,12906376211855030593,131072 /prefetch:22⤵PID:2712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1192,i,18219841975407913131,12906376211855030593,131072 /prefetch:82⤵PID:2540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1192,i,18219841975407913131,12906376211855030593,131072 /prefetch:82⤵PID:2568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1192,i,18219841975407913131,12906376211855030593,131072 /prefetch:12⤵PID:2636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1192,i,18219841975407913131,12906376211855030593,131072 /prefetch:12⤵PID:2276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1264 --field-trial-handle=1192,i,18219841975407913131,12906376211855030593,131072 /prefetch:22⤵PID:1452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3292 --field-trial-handle=1192,i,18219841975407913131,12906376211855030593,131072 /prefetch:12⤵PID:2972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2764 --field-trial-handle=1192,i,18219841975407913131,12906376211855030593,131072 /prefetch:12⤵PID:2536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 --field-trial-handle=1192,i,18219841975407913131,12906376211855030593,131072 /prefetch:82⤵PID:1932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3748 --field-trial-handle=1192,i,18219841975407913131,12906376211855030593,131072 /prefetch:12⤵PID:2040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3980 --field-trial-handle=1192,i,18219841975407913131,12906376211855030593,131072 /prefetch:12⤵PID:556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2564 --field-trial-handle=1192,i,18219841975407913131,12906376211855030593,131072 /prefetch:82⤵PID:2368
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2908
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD512556c29591efc1aa2250eaa629a26c5
SHA1525e34392cac62f75ba04d3c4c5c069fa8b16116
SHA2566d4b44f68366bc3a7f6b842f9d33583b74d77279dae86258d863f46ac2fb198c
SHA5129d4bdb044072fe46d4e6ed09c2d33f4e6d3aab1631bdcfeda9051d555d1d7278edf6671c5da5639178c35715c2ada47f6078114816010b69f2349b4d682a309d
-
Filesize
186KB
MD59f61d7b1098e9a21920cf7abd68ca471
SHA1c2a75ba9d5e426f34290ebda3e7b3874a4c26a50
SHA2562c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71
SHA5123d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_qltuh.veinmaster.top_0.indexeddb.leveldb\000002.dbtmp
Filesize16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
1006B
MD55240e1ea7b17d0b40497b510c4ff58b1
SHA1efa82b407d2e8bd9bf3bd1a8e91eac1858e6e90c
SHA256c99041ff5018e5305b63be7787c55ee3f5c7e9b891a8ea617b93eb974dae8cd0
SHA51261d18a329ef1ba1a8e6161ff40e62171b51990535c8ab1fd86ce470140602b5fc0e4aa595a4b0783ed7cf8547f072a95a44c16ddb5b3fa44f249e825a0285c8e
-
Filesize
4KB
MD51391bafab32c2bc76bce3a3c6748e46b
SHA13709d538344b4838175dbd6cfad2c6b45843dbdf
SHA256d117d24baceae3f199a157901e4ad9a4bd1f140d0f704b6958d140cd4f8a56cd
SHA512a7ec1150155899bd31e62630231d914f2dfb9f1449484df13371cf02444dc182cf79fae5085c8547f716e811043cda75b4d642fbc709c5a6b0fc44736e395ed4
-
Filesize
5KB
MD58031cac6268e7e39cee7cd20617bb704
SHA1a19aafd5f9224e4f5c6e6e1713f0132978b5f61c
SHA256976724e71599578969b05174060f98b0dd7d1b7ebd75f1ae19275be99b966584
SHA512869aec55e820e6ad294289d7987dca1315ffe6d5886894fb8515bd7f34767757bf259ba489f0809c92f88f1c39a8e383852343a757ff6958e35fe1d3e950835f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf765f5f.TMP
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf