hxxp://mine-could-13372[.]codedamn[.]app

Analysis

max time kernel
15s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mine-could-13372.codedamn.app

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2104	chrome.exe
2104	chrome.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe
Token: SeShutdownPrivilege	2104	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe
2104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2148	2104	chrome.exe	16
PID 2104 wrote to memory of 2148	2104	chrome.exe	16
PID 2104 wrote to memory of 2148	2104	chrome.exe	16
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2808	2104	chrome.exe	23
PID 2104 wrote to memory of 2932	2104	chrome.exe	22
PID 2104 wrote to memory of 2932	2104	chrome.exe	22
PID 2104 wrote to memory of 2932	2104	chrome.exe	22
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26
PID 2104 wrote to memory of 292	2104	chrome.exe	26

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mine-could-13372.codedamn.app
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7a59758,0x7fef7a59768,0x7fef7a59778
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1236,i,12373621965653823272,16837713839784743960,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1236,i,12373621965653823272,16837713839784743960,131072 /prefetch:2
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1236,i,12373621965653823272,16837713839784743960,131072 /prefetch:8
  2⤵
  PID:292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1236,i,12373621965653823272,16837713839784743960,131072 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1236,i,12373621965653823272,16837713839784743960,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1256 --field-trial-handle=1236,i,12373621965653823272,16837713839784743960,131072 /prefetch:2
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2964 --field-trial-handle=1236,i,12373621965653823272,16837713839784743960,131072 /prefetch:8
  2⤵
  PID:2068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
176KB

MD5
de2846868cdacb76b6ee78e88265f392

SHA1
777375a48235f43510393254d6ce83866488cc81

SHA256
5b63ca1bf0299a0e219071e5ea784e56549a498242d40ff35200c0ca2a10c2ba

SHA512
aedf07e3c3b1fc550b0f92bee4d526e08db9501acbb163a86d506f23058f28bfb69fd6c1083c040d0d23c2e47c500d4ca6df7e7135fefe36f04d96c1b76f2d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9ed43ec2d1a2d068c670b21a96f1da8e

SHA1
11224c34b6e01d22c7d347120c9c1e7838f1cc1a

SHA256
646232e49f52d6225f8aa59f72b4496350a1577f456d5e92fb13983fc5e304d5

SHA512
4832bf55db6f099eca0212282dfc82f1699801a53166780352e13a53cd68edcb878094aeee1db7083a18e2c3e7e66c784b38f5daab3769e057229997e6da3af2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6cc55c734618544c6fef40a05c7ade00

SHA1
cfe67f2119e1e6b4942996b26ccc4e363d003a99

SHA256
b6ac76ea1d5c44a806a5e18ddcb8b819b8da9c5f32c7f2433d3e450caa556d0a

SHA512
8418d8a87518238bdbcf4a144796ab1b7f532f2f493c7a5dc3ff2c65c14516fcaaad3bc088b105cd4671d04a7dbe9371df7be4535657bc79d992bed35e7000b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit