Analysis
-
max time kernel
1790s -
max time network
1685s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system -
submitted
01/01/2024, 11:40
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack.rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&
Resource
win10-20231220-en
windows10-1703-x64
8 signatures
1800 seconds
Behavioral task
behavioral2
Sample
https://cdn.discordapp.com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack.rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&
Resource
win10v2004-20231222-en
windows10-2004-x64
8 signatures
1800 seconds
Behavioral task
behavioral3
Sample
https://cdn.discordapp.com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack.rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&
Resource
win11-20231215-en
windows11-21h2-x64
8 signatures
1800 seconds
General
-
Target
https://cdn.discordapp.com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack.rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133485833284560237" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2120 chrome.exe 2120 chrome.exe 3864 chrome.exe 3864 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2120 chrome.exe 2120 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe Token: SeShutdownPrivilege 2120 chrome.exe Token: SeCreatePagefilePrivilege 2120 chrome.exe -
Suspicious use of FindShellTrayWindow 39 IoCs
pid Process 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe 2120 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2120 wrote to memory of 4712 2120 chrome.exe 16 PID 2120 wrote to memory of 4712 2120 chrome.exe 16 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 4936 2120 chrome.exe 30 PID 2120 wrote to memory of 880 2120 chrome.exe 29 PID 2120 wrote to memory of 880 2120 chrome.exe 29 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28 PID 2120 wrote to memory of 3256 2120 chrome.exe 28
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa79529758,0x7ffa79529768,0x7ffa795297781⤵PID:4712
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack.rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:12⤵PID:2180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:12⤵PID:236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:82⤵PID:3256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:82⤵PID:880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:22⤵PID:4936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:82⤵PID:2888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:82⤵PID:1264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:82⤵PID:2060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4620 --field-trial-handle=1844,i,4806437995065324539,16885834456455220615,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3864
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2440
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
893KB
MD51d224e79a4ca8b4dea17621522a22dac
SHA17dbe06abee3509938be531740afd718a82690ec8
SHA2561c2432ecfe07075141511219342bdf9c93ff28a53b3996c90a5c7fc249913e2c
SHA51202bdee50248fc39b63a222d72f661330eebd0ce06a8c6dbe7d6dcb1e0403377e4bb3ac9c5b054edd71754436b47992951894370b29833cff9817471f6cbc0190