hxxps://cdn[.]discordapp[.]com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack[.]rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&

Analysis

max time kernel
1812s
max time network
1707s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack.rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133485857655160782"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe
3336	chrome.exe
3336	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 3784	2280	chrome.exe	14
PID 2280 wrote to memory of 3784	2280	chrome.exe	14
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 2396	2280	chrome.exe	90
PID 2280 wrote to memory of 1368	2280	chrome.exe	92
PID 2280 wrote to memory of 1368	2280	chrome.exe	92
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91
PID 2280 wrote to memory of 3008	2280	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/969359827971211284/969369944347258900/Best_Of_Loot_Skin_Pack.rar?ex=65a0709c&is=658dfb9c&hm=0cc1778a4e7804810dc89d5880c89d1411da7dd250f46dfd310a6ef1f481765b&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf3329758,0x7ffcf3329768,0x7ffcf3329778
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1792,i,14183539246775957201,2478466731949728391,131072 /prefetch:2
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1792,i,14183539246775957201,2478466731949728391,131072 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1792,i,14183539246775957201,2478466731949728391,131072 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1792,i,14183539246775957201,2478466731949728391,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1792,i,14183539246775957201,2478466731949728391,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1792,i,14183539246775957201,2478466731949728391,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1792,i,14183539246775957201,2478466731949728391,131072 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 --field-trial-handle=1792,i,14183539246775957201,2478466731949728391,131072 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3992 --field-trial-handle=1792,i,14183539246775957201,2478466731949728391,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3336

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9c2a5316abb819fc4e631f9b4f827169

SHA1
924d80b4458e06071b2c0e5fcce7198b2cd1e28d

SHA256
f5834e645d569d9ba19df4b3cc142e764c4c17216f989cc0835896e399706b20

SHA512
d32a1726295a37f4b6f65412cc20f8a42a1d55c9f3016a84dbbd2a87b7a3926fd574aa21cbad657a93e93dcf6e98f2239782ffa76aeebdb49e61f8670f07e9a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac3954029014dbf844a0e9615b4431be

SHA1
bf21783220a0ea69264b6648e4bc97ed7ef0d90d

SHA256
33ed498e019bbaf8f4ffd51fc8cfaa56158de2564c75ac1b96bc73458f3fb4b1

SHA512
5d14ef46c672a4132cd436bd01ef8dcbf9895c12bcd1d0f7a1f81a3bf49ef345619ebf2cb9cd0489fd187c9efdc10b11f6c052651c21261cd343046b748b4779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
49601fb099684a880ab6de9e3c8297b5

SHA1
25f90e729cd90956c6a4a1e149a4e594b41cea69

SHA256
b67f3fc0215013362589b6c82639325da5e49713f05fe91656d5301218b71419

SHA512
c7a66c0f94051d7e9df6a7a4e83c8034d43621323c1430d5e010d9700f8fa2988e409e814f41c7729e08fd60adbbf782eef2302bc4e0e32d28600c5c5afa8173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
2d111c3117b0c2d715e7565147eab7ce

SHA1
ffbd167032f4371ff007153c8c583a28a3d10eaf

SHA256
5c4ed0d1d29066902d16851d96a34a2c22bdf201400a392e9fa4263dbf2d7a1a

SHA512
58163e81f065fbae169c2b7e3095f74c42b09f96fde19fbcf8e248cd2b279a62b08d4aadab8b98d052b5989453021916edd0f518dc896f43b1067afffff1552e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Best_Of_Loot_Skin_Pack.rar.crdownload

Filesize
41KB

MD5
6c6de3ca890cb38ec83fe1d2409b3036

SHA1
ad2d24ff099f551a96a86b54b378ec8d9b5ac85c

SHA256
268fb2ffa5ab7b2abb7545e36b4e5d77bf1b4cb2f17a6407395830dffdb2e534

SHA512
119205c069323a5bddebbb4e9fa3ec37289ee38c4f60588876f1e44c1b11c64e0e736c391c0459c568a8215d692230ad295704229aae0152d33b633ae766bc98

Download Submit