hxxps://www[.]mediafire[.]com/file/wvgauaso907lgjx/Whole_Lotta_Red_drum_kit_%255BUPDATED%255D[.]zip/file

Analysis

max time kernel
0s
max time network
44s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
03-01-2024 08:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/wvgauaso907lgjx/Whole_Lotta_Red_drum_kit_%255BUPDATED%255D.zip/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
428	chrome.exe
428	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
428	chrome.exe
428	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 428 wrote to memory of 4276	428	chrome.exe	25
PID 428 wrote to memory of 4276	428	chrome.exe	25
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 4712	428	chrome.exe	38
PID 428 wrote to memory of 1712	428	chrome.exe	37
PID 428 wrote to memory of 1712	428	chrome.exe	37
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33
PID 428 wrote to memory of 2028	428	chrome.exe	33

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/wvgauaso907lgjx/Whole_Lotta_Red_drum_kit_%255BUPDATED%255D.zip/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa422f9758,0x7ffa422f9768,0x7ffa422f9778
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:2
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5096 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4752 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5428 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5856 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5976 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6160 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6140 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6480 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6980 --field-trial-handle=1820,i,16710310651625994609,18418236967521532169,131072 /prefetch:1
  2⤵
  PID:3932

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a6e8ddaf25aea83cdaf70aa1f81889e9

SHA1
135d02767163d5abbbe3c43d248cc282f917db5e

SHA256
194bd580031d069353a996878c16b849be4f65a7b8ae1f64d4910c1cea0bb859

SHA512
cab49f905cb90e14739f22539712b17629f7d6b523dd268bf50c955769421845ddbc186f8b0bee54967bf0bf5b9427b95bbe5e32e33726768b9fa63414b17bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dc39aff683f3063ab9410177098af424

SHA1
f568410008f512c6612558de68ed69372efe1756

SHA256
64613fad10390ef6d1312693fe6288f02ac1f4459bf7d28f045e9626b8769664

SHA512
f1e94bd076213968daa7d22889010a08227c2c4c78da3bd5f19f812480b277c35c1c8498b726510c5496bcde2a2dea9b6beb3bc8e0eb3a2dc6421664de4eee23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
34105e4a496e22594579b65d9f6f916b

SHA1
5611a069beaf17cb9af15fc7807da5966f66d184

SHA256
cf63e1afe72e849151bddde0b3faf2096601885b0fcdfbfa01c25f8c7d5898f8

SHA512
53388b6cb67d702ec2ba228b9ce6f01af5a50293c44173b60d6bf53b0caac7e4f96ffd8fe87aa50f431558b00387f020ce0041e20838dec56f3f01e78e5a866c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bf210f83f9f2e70a72bfa0d411882163

SHA1
e0df6c74ac68e0c9b123f15bde78464ee82dd3a8

SHA256
f7e0068affc5e8202575b8db0cac9045e0750689ab4ef692789bf9e24cf4f5e4

SHA512
391f2971a1017269203495d8d95f0cce0631b113de02068ab3fe8cd32fed232a1d97470cad3b97b004ddd6f938e61d30de1b70216a4e739ab448bdb2448a4fdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7031730199c851bb554f92391c46321c

SHA1
d59a71b6d861fc029dcca91a959c858074c384a8

SHA256
1b0accff3bee8e142a0ebcaa68c2601e6a157a8ac54d323b601226c6a12fa55d

SHA512
8f0d8850267ca37adafdbf092a388138e72b2be69e390cd11baccab6961767dd5dc2333354da2acc35fe31fa39eb41c6f53550b782bf4ab19e79d7975aba8a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce0ced6491e5356015cff68def751b9d

SHA1
ea665a9c1bd2cfd1b6b4dd9f7742cd0882652d1e

SHA256
5a7f55e6f9ae85a367b423320273053838e5f5d221d519dccb179bc630c3d9dd

SHA512
5575551d1afeabaee3f49caa5c7c470114994b3623ca7175e7ca50f98da04b37fccfdeed9560c4fae53ed61e70d774f7e572ebea1404ece6ac917fe261a887af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
98KB

MD5
1b21706102154925ca7aed1a18a810d4

SHA1
41b75dce0d37a7be3191e2cc730f2855a3f9e30e

SHA256
59f5b4b3d9777643c9d5ba44ad528ebec5f0253d61f393378e8858e107eff2e3

SHA512
240206a2e5ef4d66ad576e883df2d305b448541a49ad64dcf0f00aaa4a97543a642c69d1ae6a2b4da545c3cc2f3bbecc5ca673daf550a9ba1cd677f8657ce8a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
dec4bc87be6784a3e153fdd1285f4b22

SHA1
d6baa725f6c8a31097d8493044173e07ac76761d

SHA256
7c85e4ecf06134553e3d47b641cca3b73f846b150eff88c67a09825f3f6ee273

SHA512
abe3e687c956b577ab7927e1af21628d19d6110de6d44ee40bce7b95cd43fa141eae6ef99a19d940a3ec8fbdb39be4ec408a2ba8e59ceed49c3034b7d41b58e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f1c2.TMP

Filesize
93KB

MD5
54f10e19bca7aaecde0a5dc92c9823fe

SHA1
509b7c394d3b656edb5d7123ab575d312115211d

SHA256
13ec08de7bc9716906caecb57cac67b0939efa27d5ca1be5893c26022c40949f

SHA512
d204fb1e88b663a2a137e7cb99a95aa776a4146347847eba20803d6e09ba5bc5c64ebe6d811f7e30b78ffdfaaa088b0f5a0a8853f55db7d65c3dda71d3119676

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a8e018b6-f131-4f0c-bafe-402c590bad9b.tmp

Filesize
98KB

MD5
51b5dcc71377d47561b980cec1c7bcb0

SHA1
c8990f63702f57e58ee421549fc22a50b1b18176

SHA256
d0fdda52e4fe6919b627d08a7817663e59269f5212cf1a49219db910a9126dac

SHA512
f0e5730ff57ef02392c67eb34da47411cae65048325d2de598b98c9e336873c616758521f98ac85c685d1e99ef487520df7fce721990ebbab37ebc07b120e0f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit