hxxp://www[.]ihateannoyingorange[.]com

Resubmissions

31/12/2023, 01:35

231231-bzx83segbp 1

Analysis

max time kernel
1s
max time network
20s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
31/12/2023, 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.ihateannoyingorange.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 2148	1088	chrome.exe	16
PID 1088 wrote to memory of 2148	1088	chrome.exe	16
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 1224	1088	chrome.exe	35
PID 1088 wrote to memory of 2136	1088	chrome.exe	34
PID 1088 wrote to memory of 2136	1088	chrome.exe	34

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdec269758,0x7ffdec269768,0x7ffdec269778
1⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.ihateannoyingorange.com
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2800 --field-trial-handle=1784,i,10366163015785138005,3478777985629885327,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2792 --field-trial-handle=1784,i,10366163015785138005,3478777985629885327,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1784,i,10366163015785138005,3478777985629885327,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1784,i,10366163015785138005,3478777985629885327,131072 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1784,i,10366163015785138005,3478777985629885327,131072 /prefetch:2
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1784,i,10366163015785138005,3478777985629885327,131072 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1784,i,10366163015785138005,3478777985629885327,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4476 --field-trial-handle=1784,i,10366163015785138005,3478777985629885327,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1784,i,10366163015785138005,3478777985629885327,131072 /prefetch:2
  2⤵
  PID:2348

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
db2619057a4cf57871b785acec775b94

SHA1
3d2c6e1930dedd1ba0db7806456463f41bc3e7b7

SHA256
6d88a86e1d706059d6524678afa65d72c27c5abbf5e190c2b5611e6c5b133cba

SHA512
d9b3c8ba0df11054932e3b6dd5cd3d0acf9f76376252cc641c773fb2d6bd9168cda8d775b7e46471c15c8ff048a8806657ff61476e7eeb3d977f2d6bd7e66f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3af34d9f13704a1f9a98bd16e8b32536

SHA1
85c72231f6aa70c85e4f75e7c97fd417dae036de

SHA256
3bba01635213e07f88c803adc399f8d773069aa31bad476dd6972af1eeb471e8

SHA512
90312a0a408c6b861c121627d9ab429fd23dd9e219e8135315152ca3dca31f92c59bad69aae65f9aa012ac9fc9d36ee14048016dbc0aedb18124dafbdea89a16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
e8a9ceffa0c44bfd2eab852ade9d447b

SHA1
abeb5d3be7bc05449ba28ca3f1d1a4f3796a863b

SHA256
91622b6d39f7bb3dbc4e9539b04318886bce4da09a032db21bb0d8e1e20c89bb

SHA512
52fc446c8dc51b538b4da3d06f57b9c6866910e56a8ddd7a7129e329ce08b62aff86dbfeba969bf9c582bbedd1fdbf90e651bd8926cca42e2adc9e92e0ea407f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
02a5e3fe84450d5cb417e0a899f07b34

SHA1
6cf4d0392613f2e21c96a84b0b36fbd0dbc033a7

SHA256
e78a424850fdf4d5596c400a147bd1751d6b0b6d2b0b3b77944bfa0e3995dfac

SHA512
8a5d706631af8a247e0c767f31b8859fb10ffaf114863ad062c616ec688bef77bd2a9adc4851fcb69cdcdb6e0930439f490e545485b2391650440bddd4168dc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
25KB

MD5
b0c035c61ce3751e014191b7389f7c3c

SHA1
fd10fbf7461958d462da21bffe4818d31d23791e

SHA256
96921a9587c082b00d0d49c73bb62bab819667c3eb44eb45dba2789c5473f6c4

SHA512
56f7f40a1c3fe530b1102ae6d3bbcd203108b0ac0968e1acec6b6f2443576e08d76fc793cad2079832106a4f41567bfbba77e9fc75c02586661cfd21f7da11e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit