Overview

overview

7

Static

static

3

16f78f3d51...ea.exe

windows7-x64

1

16f78f3d51...ea.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    5s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16f78f3d5123d196e4463e1f78507fea.exe

  • Size

    14.9MB

  • MD5

    16f78f3d5123d196e4463e1f78507fea

  • SHA1

    b8be73107d224bed592611f92a5e15931aeb409f

  • SHA256

    18c4a0ea170026c0a9d6d257bc4be5fcd1b19d96c0b752526a3a27c78188823a

  • SHA512

    79d369e747f863a529076fd08373707178a365c90066792be3697b919058c16cb07fafc8392de4005dbaa12fbbf81eb1d5a22cb318b1cea4dbb2e76edf4e80da

  • SSDEEP

    196608:b37hQWf2CsXDjDyfGZkJMsuI9yJld+fZiHXxwicfQRVJwvqA3Kd4Mug4brFQx1RP:/hQLCEDrZk3ry4iH3XWv136WzvFQH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 15 IoCs
  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16f78f3d5123d196e4463e1f78507fea.exe
    "C:\Users\Admin\AppData\Local\Temp\16f78f3d5123d196e4463e1f78507fea.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:224
    • C:\Users\Admin\AppData\Local\Temp\16f78f3d5123d196e4463e1f78507fea.exe
      "C:\Users\Admin\AppData\Local\Temp\16f78f3d5123d196e4463e1f78507fea.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3600
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c "ver"
        3⤵
          PID:3720
        • C:\Users\Admin\AppData\Local\Temp\_MEI2242\chromedriver.exe
          C:\Users\Admin\AppData\Local\Temp\_MEI2242\chromedriver.exe --port=56277
          3⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:4108
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-blink-features=ShadowDOMV0 --log-level=3 --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir4108_563589807" data:,
            4⤵
            • Enumerates system info in registry
            • Suspicious use of WriteProcessMemory
            PID:5000
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir4108_563589807" --display-capture-permissions-policy-allowed --enable-automation --log-level=3 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1760,i,6403491872037202116,13513003687094551346,131072 /prefetch:1
              5⤵
                PID:3260
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir4108_563589807" --display-capture-permissions-policy-allowed --first-renderer-process --enable-automation --log-level=3 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1760,i,6403491872037202116,13513003687094551346,131072 /prefetch:1
                5⤵
                  PID:2984
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --log-level=3 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir4108_563589807" --log-level=3 --mojo-platform-channel-handle=2224 --field-trial-handle=1760,i,6403491872037202116,13513003687094551346,131072 /prefetch:8
                  5⤵
                    PID:3816
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-level=3 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir4108_563589807" --log-level=3 --mojo-platform-channel-handle=2060 --field-trial-handle=1760,i,6403491872037202116,13513003687094551346,131072 /prefetch:8
                    5⤵
                      PID:2200
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --log-level=3 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir4108_563589807" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-level=3 --mojo-platform-channel-handle=1684 --field-trial-handle=1760,i,6403491872037202116,13513003687094551346,131072 /prefetch:2
                      5⤵
                        PID:4048
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\scoped_dir4108_563589807 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\scoped_dir4108_563589807\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\scoped_dir4108_563589807 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9227f9758,0x7ff9227f9768,0x7ff9227f9778
                1⤵
                  PID:2496
                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                  1⤵
                    PID:4420

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads