Analysis
-
max time kernel
0s -
max time network
82s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
30/12/2023, 18:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://expressdollarfast-2045.finance-images.com/online
Resource
win10-20231215-en
Behavioral task
behavioral2
Sample
http://expressdollarfast-2045.finance-images.com/online
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
http://expressdollarfast-2045.finance-images.com/online
Resource
win11-20231222-en
General
-
Target
http://expressdollarfast-2045.finance-images.com/online
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 2 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3312 chrome.exe 3312 chrome.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
pid Process 3312 chrome.exe 3312 chrome.exe 3312 chrome.exe 3312 chrome.exe 3312 chrome.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 3312 chrome.exe 3312 chrome.exe 3312 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3312 wrote to memory of 1892 3312 chrome.exe 14 PID 3312 wrote to memory of 1892 3312 chrome.exe 14 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 4344 3312 chrome.exe 22 PID 3312 wrote to memory of 3740 3312 chrome.exe 21 PID 3312 wrote to memory of 3740 3312 chrome.exe 21 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20 PID 3312 wrote to memory of 64 3312 chrome.exe 20
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff886ff9758,0x7ff886ff9768,0x7ff886ff97781⤵PID:1892
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://expressdollarfast-2045.finance-images.com/online1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3312 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2600 --field-trial-handle=1768,i,17732081758532903430,12558670526994406602,131072 /prefetch:12⤵PID:1868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2592 --field-trial-handle=1768,i,17732081758532903430,12558670526994406602,131072 /prefetch:12⤵PID:348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1768,i,17732081758532903430,12558670526994406602,131072 /prefetch:82⤵PID:64
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1768,i,17732081758532903430,12558670526994406602,131072 /prefetch:82⤵PID:3740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1768,i,17732081758532903430,12558670526994406602,131072 /prefetch:22⤵PID:4344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1768,i,17732081758532903430,12558670526994406602,131072 /prefetch:12⤵PID:4648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1768,i,17732081758532903430,12558670526994406602,131072 /prefetch:82⤵PID:1908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1768,i,17732081758532903430,12558670526994406602,131072 /prefetch:82⤵PID:996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4852 --field-trial-handle=1768,i,17732081758532903430,12558670526994406602,131072 /prefetch:12⤵PID:4652
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:824
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96B
MD53162c017a7c74a69dc6c75fdccb8e018
SHA1f7fecf1350fd742a89b0112e796713ba8a602fb3
SHA2560dde10340eec8b333eeffdd70792f52255b3d7f498add093e220610c46ed8f5a
SHA51288b1856f77afb7a4ff45983f8c092c61ec29e8b9c1737a3040f6bdbca18dba1a9f0aa88b61b3f5f034f8d80213785634c67c6e2d254fcdba9cee49626cd1d565
-
Filesize
144B
MD529a33eb052c3519e1e001cb37cba0ca8
SHA106e2f259f8cc14ed04b34d2d6d2b16bd30b169e0
SHA2562bfe98e54cd0efbc5e9113ce7bf17d5b575c019d14e9e33d6e90f663a0e9d39f
SHA512678d47b5e4955983f601cc989ec6a49ca8da2ba89b430d70a668507e4f56a0887a037b369a3f07d24ec9d51ae1cb776695cbafa5d6a98f26fd4ad6d1f06d3dde
-
Filesize
1KB
MD599750c08fed14ee3532f3eb132e287e6
SHA133c4c3edd30efe1f87f994867e9e8500808a75cc
SHA25643119abdf4b080d690db5251135c928affedf97ea02a56ee35385f7953646448
SHA512166b4e6d02e1cce176c700625d427258948bc15047af45f331378261ee39d1b04faf23a2a1c6d3da54a4c2cde0d039ef96069384ffdce190931bad2aa716994d
-
Filesize
538B
MD5f7dabb2fd42943cb09932886875f273a
SHA146763113541a9b070f9a94029276a638a259fde1
SHA256d704f502e7fc2eb57cd853676f6751b65a22d290f6ae383d8423343063811e60
SHA5128f3a8e9847b8980f90ccfed0e31c26ae131de309d82dcc14e9c724a8dfca25c3bae7da08b25be7443f8caa0663c454fdf25e8ff44fbf09b2f3b27b660ad451e6
-
Filesize
538B
MD5b704b0e49fa114a5ff2e0b6bc8de8a39
SHA137ebbc32deb91ddd1729f0ecfac19fe7c8e55341
SHA256e8fca7340fc62ae624a0e34f03989d9d20bd9cd6586659f02001397ea2297f11
SHA512c50750b684213c904008bcc13c4a42471bc496339b81b9731229ffc66f1da6290db8b52bcbf09d25ef70808bb9801c30626db4bd996b675c504757d2e2d61940
-
Filesize
92KB
MD59dec14d1ac18458ba0ceb8b8b168fbd1
SHA15e2bc467199ab22d663c0890c9d554ddf6b515ab
SHA256f4738027c199aca2ad059c3deadf3b44dce0efbddf705190506674b76cdb92a6
SHA5123c6fcd887ee4cf24570b1e876e0a60a5e6fa1a939712862b691626190e85132231858f681919b6ab0fb89177287a804e07f21d789f9211082a0437e4f87f0236
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd