Overview

overview

1

Static

static

1

URLScan

urlscan

https://github.com

windows10-2004-x64

1

Resubmissions

15-01-2024 13:16

240115-qhxnjsgdgk 1

02-01-2024 07:45

240102-jlpzjsgdg8 8

01-01-2024 19:34

240101-x93gfagcaj 1

01-01-2024 19:21

240101-x2y42saff3 6

01-01-2024 12:16

240101-pfkqjaafan 6

31-12-2023 10:47

231231-mvqh8ahdb5 1

29-12-2023 09:34

231229-lj6wdsgch5 6

28-12-2023 06:08

231228-gv5p9adaeq 1

28-12-2023 05:48

231228-ghrmvsahal 7

28-12-2023 05:47

231228-ghbawaagel 1

Analysis

  • max time kernel
    5s
  • max time network
    21s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-12-2023 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3980
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa4709758,0x7fffa4709768,0x7fffa4709778
      2⤵
        PID:4008
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:2
        2⤵
          PID:3332
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:8
          2⤵
            PID:1432
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:1
            2⤵
              PID:692
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:8
              2⤵
                PID:1440
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:1
                2⤵
                  PID:4940
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4808 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:1
                  2⤵
                    PID:2772
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5012 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:8
                    2⤵
                      PID:4412
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:8
                      2⤵
                        PID:1008
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4120 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:1
                        2⤵
                          PID:3584
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3884 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:8
                          2⤵
                            PID:1492
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:8
                            2⤵
                              PID:516
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5336 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:8
                              2⤵
                                PID:4916
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5476 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:8
                                2⤵
                                  PID:2444
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:8
                                  2⤵
                                    PID:2152
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1888,i,7337333192782785686,11422006947234783801,131072 /prefetch:8
                                    2⤵
                                      PID:940
                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                    1⤵
                                      PID:1380
                                    • C:\Windows\system32\taskmgr.exe
                                      "C:\Windows\system32\taskmgr.exe" /4
                                      1⤵
                                        PID:4680

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        936B

                                        MD5

                                        fc36d2a31679d7bf69668a1ed3b9e6bd

                                        SHA1

                                        6968eadf8651ba21a079fb729a224a2d64888cde

                                        SHA256

                                        31f8da93939c06d4fb529ff701252ab8cf1874c1a433220c0c585e0a3647b35c

                                        SHA512

                                        ff99bd038be06b27a81511b4693f8957c2e9ec849d8a77ff8b953bc808e74bb1fc93c1e0eecaa730aa065efcbe8a7a259d6963d34c27223f768bf3a2886c88f1

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                        Filesize

                                        1KB

                                        MD5

                                        f6400e7db40ce8f4099246288871a140

                                        SHA1

                                        940fa6ebe972ae293442f8b2a3a8d08e84bd650b

                                        SHA256

                                        e0dad2bea8dc47d5f72f54381fe9a4dabd380364a498ddf6877aefb968bc7e6c

                                        SHA512

                                        539b8d64d62f25f240c7cf85fa16f521b274e40f0388464d7a91f7252b332d32218342f00ed7fa09188d9eb1627571558796a3bae9ebe39f783ec5e47b04604c

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                        Filesize

                                        706B

                                        MD5

                                        c60f3f2dc22675d9d8fd1c53fea33665

                                        SHA1

                                        7f110e237c598280a724aeeeb7eabbf7bfbc522a

                                        SHA256

                                        9ba79f6f7d2f08972719e491180ea5e3eb976e247ae0bd252478da3da2ea6b1e

                                        SHA512

                                        e30aa6d388b4d0dc52016ae86b399dfdc08933ccbf7af24b00796c39b6fc01fadfd03214bda5497b4e2d7d94818360dea4127eae161007d886f9e9679718d89d

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        494974fb203cd409022a3d6c3903da0d

                                        SHA1

                                        7fb7670ff4a96c21a437ee897652295d4085674f

                                        SHA256

                                        b21fc5e8006a41a0f9e601389199342ab0556e496bd0df8a8b47d4b0028fb2d2

                                        SHA512

                                        766bb3eed4492f57c60829c8e0b16ea6ca77093d461e4c19b27b02b23ec9e91b24f9ec34dc0cded56b3d8891a6a02d652aac439d96379cc3a00feb0c4d659b48

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                        Filesize

                                        92KB

                                        MD5

                                        511541ea7811ce690254f0d34df2ddd4

                                        SHA1

                                        0b4c33ddf52d5dbfc7f2becb348eebd44293395e

                                        SHA256

                                        48aed660544040f0ba2b7101768c1a64b2b4e1ce12850856da00c12db7bbe20a

                                        SHA512

                                        035d522f977b3106daf6492a3626bf376e6b1a10570a61f126febb5a6d864505223c651534d663972af47659221c4f99e10527212704fe5e7be7f4a43abd725d

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                        Filesize

                                        2B

                                        MD5

                                        99914b932bd37a50b983c5e7c90ae93b

                                        SHA1

                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                        SHA256

                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                        SHA512

                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                        Download Submit

                                      • memory/4680-115-0x00000246F9330000-0x00000246F9331000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4680-124-0x00000246F9330000-0x00000246F9331000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4680-123-0x00000246F9330000-0x00000246F9331000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4680-122-0x00000246F9330000-0x00000246F9331000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4680-121-0x00000246F9330000-0x00000246F9331000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4680-125-0x00000246F9330000-0x00000246F9331000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4680-126-0x00000246F9330000-0x00000246F9331000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4680-127-0x00000246F9330000-0x00000246F9331000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4680-116-0x00000246F9330000-0x00000246F9331000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4680-117-0x00000246F9330000-0x00000246F9331000-memory.dmp

                                        Filesize

                                        4KB

                                        Download