Overview
overview
7Static
static
3CsgoRebornV2 (1).exe
windows11-21h2-x64
7$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3CsgoRebornV2.exe
windows11-21h2-x64
7LICENSES.c...m.html
windows11-21h2-x64
1d3dcompiler_47.dll
windows11-21h2-x64
1ffmpeg.dll
windows11-21h2-x64
1libEGL.dll
windows11-21h2-x64
1libGLESv2.dll
windows11-21h2-x64
1resources/elevate.exe
windows11-21h2-x64
1swiftshade...GL.dll
windows11-21h2-x64
1swiftshade...v2.dll
windows11-21h2-x64
1vk_swiftshader.dll
windows11-21h2-x64
1vulkan-1.dll
windows11-21h2-x64
1$PLUGINSDI...7z.dll
windows11-21h2-x64
3Resubmissions
13/01/2024, 07:04
240113-hwc73aefh4 7Analysis
-
max time kernel
299s -
max time network
249s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system -
submitted
13/01/2024, 07:04
Static task
static1
Behavioral task
behavioral1
Sample
CsgoRebornV2 (1).exe
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
CsgoRebornV2.exe
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
LICENSES.chromium.html
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
d3dcompiler_47.dll
Resource
win11-20231222-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
ffmpeg.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
libEGL.dll
Resource
win11-20231222-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
libGLESv2.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
resources/elevate.exe
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
swiftshader/libEGL.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
swiftshader/libGLESv2.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
vk_swiftshader.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
vulkan-1.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win11-20231215-en
windows11-21h2-x64
General
-
Target
LICENSES.chromium.html
-
Size
5.3MB
-
MD5
dfa12f4edccb902d7d3b07fae219f176
-
SHA1
c2073440a5add265b4143de05e6864fed2c3b840
-
SHA256
501f0b7ebf0be7ed8702d317332a0f8820af837c0a2a1d7645ba04352270e2b8
-
SHA512
eee3a8e0eeae139ddd9369d0869c29c91007bf6c5b0d7982918d5a013214a9e80b9233e7c1ccb43124152f684f0b782831b0a6b3d126558261dd161230004e50
-
SSDEEP
12288:FetnJnVncnJnknE9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX04nNWQFna:WbXZ5IoWSL9bcwVR8mf+/cHBBaRp1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133496034436726178" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4840 chrome.exe 4840 chrome.exe 1336 chrome.exe 1336 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4840 chrome.exe 4840 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe Token: SeShutdownPrivilege 4840 chrome.exe Token: SeCreatePagefilePrivilege 4840 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe 4840 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4840 wrote to memory of 1416 4840 chrome.exe 76 PID 4840 wrote to memory of 1416 4840 chrome.exe 76 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4836 4840 chrome.exe 78 PID 4840 wrote to memory of 4028 4840 chrome.exe 80 PID 4840 wrote to memory of 4028 4840 chrome.exe 80 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79 PID 4840 wrote to memory of 1012 4840 chrome.exe 79
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb08d49758,0x7ffb08d49768,0x7ffb08d497782⤵PID:1416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1796,i,315243983996895855,2589834111308801505,131072 /prefetch:22⤵PID:4836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2152 --field-trial-handle=1796,i,315243983996895855,2589834111308801505,131072 /prefetch:82⤵PID:1012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1796,i,315243983996895855,2589834111308801505,131072 /prefetch:82⤵PID:4028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1796,i,315243983996895855,2589834111308801505,131072 /prefetch:12⤵PID:4896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1796,i,315243983996895855,2589834111308801505,131072 /prefetch:12⤵PID:2124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1796,i,315243983996895855,2589834111308801505,131072 /prefetch:82⤵PID:3504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1796,i,315243983996895855,2589834111308801505,131072 /prefetch:82⤵PID:1308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4580 --field-trial-handle=1796,i,315243983996895855,2589834111308801505,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1336
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1848
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD52b48a1866b091781976407da52ccc64f
SHA1bf48570b0889dd53940fc3bd3bda2c26544f4fce
SHA256406de5f153fc89920c619e01082b5a706381908b15e49935e875eb77739abf35
SHA5124ca4e57c2022aa0715861bc222d820c7d4a9cf422fa9d8f121d13fb9c75ca9f55da9a529467602c689adad798c2d979e89a7f83ee70f58a96425b9eb0cb0ac99
-
Filesize
6KB
MD5316487471f40d42c795d17425e59fc6e
SHA1330381cdfb82b9366876e44939ae59a7a9488251
SHA25661147624d454208b2e09136fdf107f97140a0a45e15a8711c5a7b22ec24921d2
SHA512001f4a02904780b5ae4ddcf96bb5720a5c55d35e493e8d09c3b07a96813693b0b7486f2d91ffbd1398ecdc864defd4b060d26ee4f4f683f8e3d775d8ca949e73
-
Filesize
6KB
MD5a4ac4dc08695a8344e9845f072174669
SHA1c5ef77ee465de3a0f32cdb35dfd4410276413b28
SHA25657a98aedf31995a16e142631e77e9f2a4588c147916f7c15715ab6e3e7d7fff7
SHA512d4aa2a58ef9d6f0a0407d0677edb8ed6bbbe2fc390172a1a6b6b5cce7a07f5ac47f9166acf8b91f77ecb349bb021adaae0b211584780a7de11b82838f4307a6b
-
Filesize
91KB
MD51ee2063d56b50a87dedcf82802eab212
SHA10ba07144ce3a17d9914a8c5d1edf84e36ace03f9
SHA256f87f123b7d69392654e0dc9bc48e43db23fa3997d6591a5745821e81b51ab3bd
SHA512b313233aecda2d7fae6795a1c3d583e189901518a1e6d8d4fc0a10e6aad027c3966d9063efa6559defabc01f51567dfeb9182da3e6f48185ec0baa53d0c8e6aa
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd