hxxps://file[.]ac/eEQU9mpf5j4/

Analysis

max time kernel
11s
max time network
160s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 11:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://file.ac/eEQU9mpf5j4/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1044	chrome.exe
1044	chrome.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe
Token: SeShutdownPrivilege	1044	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe
1044	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 2368	1044	chrome.exe	14
PID 1044 wrote to memory of 2368	1044	chrome.exe	14
PID 1044 wrote to memory of 2368	1044	chrome.exe	14
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2660	1044	chrome.exe	25
PID 1044 wrote to memory of 2596	1044	chrome.exe	27
PID 1044 wrote to memory of 2596	1044	chrome.exe	27
PID 1044 wrote to memory of 2596	1044	chrome.exe	27
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26
PID 1044 wrote to memory of 2736	1044	chrome.exe	26

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6fc9758,0x7fef6fc9768,0x7fef6fc9778
1⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://file.ac/eEQU9mpf5j4/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1220,i,5186356868091063819,14953064324289343589,131072 /prefetch:2
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1220,i,5186356868091063819,14953064324289343589,131072 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1220,i,5186356868091063819,14953064324289343589,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1220,i,5186356868091063819,14953064324289343589,131072 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1220,i,5186356868091063819,14953064324289343589,131072 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1220,i,5186356868091063819,14953064324289343589,131072 /prefetch:2
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 --field-trial-handle=1220,i,5186356868091063819,14953064324289343589,131072 /prefetch:8
  2⤵
  PID:2592

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0fc721bb5aad816acbe9ce65ec57d72a

SHA1
bfdcac2566faf2c1211a605ab819389f498d65a0

SHA256
a4dfd98611e70aa6e1ec5ffb3bdce781114c2c97eaeef611c3a7b904f7a215b7

SHA512
9dc4424c806e3b74f719635cd24078c233725d30946c60e56b4f0c337497a6d0bc8691f91cd6f2326d5be9f4f629f9355cbb5456cf894e859ff6346fe62786d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
d28c3b51a741dfd025d4ebcd904c4a19

SHA1
b7313b9ca502d21d2e6d44b055ce8dd57195ce08

SHA256
08db0833d496cddd6867779fb9e3a0115d0350ac042099fe8d6b9bc3a3fe31b2

SHA512
4ccbea72dd8023eafdcae113e575bc1fc8a2b7afe547f6e04ad1188e3dfe5df79367a3abf9d46ba22eda57fb652de36543da95b06e3157d32c727a48832b138b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
b89012731a0544580239fe44e70158b7

SHA1
0bf45ed8301925bc511db4d097f70fd2c390875f

SHA256
6ceabd1af888106bf2164c44eb55c953b687bc5c63f035496b32a01b4a517f93

SHA512
8c2f3c6665a6375d9f04cbc1a2fb071ba5f3ed53abcd793d086dc25f02ce0314eedc84011e8153efee7efaebd920703e1bc5960543bd18a1e062b0a8a0d88879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0286ec1752116e511f218f1ab6e25858

SHA1
7c513d0d94c2e017fd3e17e1658738a9a03e9a4a

SHA256
d8e3be103d22737c85af2a8bc99b5eed082dbfe59acf7d506dbd40a2ae79c642

SHA512
861190b1703fcf58fd2d443487c3859573733ae9ed07bab1d4f26fec21cb7a8747772a8d3983f5404ec4f41e6b0aad6a227eb2359f54832ae5bcf2c058cf95e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
a727e532e48cc961b6f271f73ebbccd5

SHA1
54144b95ad629620eb336f7924b238273153030c

SHA256
4d13b00c1683156c1027a0cc3c68ba6d2bd95977e34d690cae5f6201cd65f746

SHA512
258f0fef1d5a42786e1b1aaa34365b8d7d854790a0a9b0ed857cd1e364d352e84482b54148bc5c48766cb7730841a1e587eb4c1245e46c140a4f02fd8f0a64d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c0ef0e0d-b1ff-4b9a-8909-372a1665b634.tmp

Filesize
5KB

MD5
27c956b6bfb2340be3a28998c96ec4ce

SHA1
27ee042a26075a021941716e08efa425268136eb

SHA256
46f2969c7aeb57b3be501ac82851d567b0faf7f85f95bb122212b3ccddac1614

SHA512
66461992aa98c8f6c52e4a9f0c781459e4525da55ee7b02af0c9d78a7af5e682262ef89dbbc5f8a50081500fdd7c58c09f2fb566af3c495ed4d207ff076b888d

Download Submit