Analysis
-
max time kernel
78s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
27/01/2024, 15:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Vision.exe
Resource
win7-20231215-en
windows7-x64
7 signatures
150 seconds
General
-
Target
Vision.exe
-
Size
46.5MB
-
MD5
29693197d553c3c149ba8a12e6dcde00
-
SHA1
dc44c1c7b251a657a9ea0069fca213f9e4ebf172
-
SHA256
8a6a229f2484b75e1dd03c23bbdd0626efdd17a0bb31c9c0c1587414ce932f12
-
SHA512
980105f745223beb034ca41b736048472d5acd2948adecd4d45755a5bfe8babc0defc9a0727670b5c654b541e520e295ba220a55324aa499c103d9372b665670
-
SSDEEP
393216:inkmThiwFxN39FcALS1JnB3Zdp1uPGiSPWw1J9bsgoLaCStu:ikmTh599FnLUVfp1uVS+w1dCSt
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 24 IoCs
pid Process 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2716 chrome.exe 2716 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2740 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 19 IoCs
description pid Process Token: SeDebugPrivilege 2740 taskmgr.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe Token: SeShutdownPrivilege 2716 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2740 taskmgr.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe 2716 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2716 wrote to memory of 2036 2716 chrome.exe 32 PID 2716 wrote to memory of 2036 2716 chrome.exe 32 PID 2716 wrote to memory of 2036 2716 chrome.exe 32 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 1764 2716 chrome.exe 34 PID 2716 wrote to memory of 2052 2716 chrome.exe 35 PID 2716 wrote to memory of 2052 2716 chrome.exe 35 PID 2716 wrote to memory of 2052 2716 chrome.exe 35 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36 PID 2716 wrote to memory of 1200 2716 chrome.exe 36
Processes
-
C:\Users\Admin\AppData\Local\Temp\Vision.exe"C:\Users\Admin\AppData\Local\Temp\Vision.exe"1⤵PID:1352
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2740
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5f39758,0x7fef5f39768,0x7fef5f397782⤵PID:2036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1224,i,605280860965859951,602095837133014389,131072 /prefetch:22⤵PID:1764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1224,i,605280860965859951,602095837133014389,131072 /prefetch:82⤵PID:2052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1560 --field-trial-handle=1224,i,605280860965859951,602095837133014389,131072 /prefetch:82⤵PID:1200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2060 --field-trial-handle=1224,i,605280860965859951,602095837133014389,131072 /prefetch:12⤵PID:2692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1716 --field-trial-handle=1224,i,605280860965859951,602095837133014389,131072 /prefetch:12⤵PID:2892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1432 --field-trial-handle=1224,i,605280860965859951,602095837133014389,131072 /prefetch:22⤵PID:568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3292 --field-trial-handle=1224,i,605280860965859951,602095837133014389,131072 /prefetch:12⤵PID:2440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1344 --field-trial-handle=1224,i,605280860965859951,602095837133014389,131072 /prefetch:82⤵PID:1560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1224,i,605280860965859951,602095837133014389,131072 /prefetch:82⤵PID:1616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 --field-trial-handle=1224,i,605280860965859951,602095837133014389,131072 /prefetch:82⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2636 --field-trial-handle=1224,i,605280860965859951,602095837133014389,131072 /prefetch:12⤵PID:2224
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2156
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
361B
MD5f9ae2e48223dea3b0e9af69c867774f8
SHA10b425a325f85bc9c316ae0e0fd98999b4174db2e
SHA2563449e81b084f86dc2c97b1c24a3e780ff97627844bf4de4cfcdd0f3b4d5a3edc
SHA512e922c0e439bc519bac7ddeff22ea687fd464fe3a215549895df085ab31c9f53b41c2b4085a264e544f7e76dab008594c7d1846100627506f6735e5ddbe6562ad
-
Filesize
4KB
MD5549170b3c5972fbcd664a09fbcd23080
SHA14ea3324a2a7a23ed6d204ab393064c193363f127
SHA2567dba3818096af2b30fa66524c1cae49051a792d76ce8c2a766abf0e8af1f53d7
SHA51271d2b1a20a254f0b613bec6f8b7fc8d378dcfa790e0b053580d55c39db123bd9277826d2d8bed257b9a2bb96c2dc160ac29666b15b50b2325dcaab227389c664
-
Filesize
4KB
MD52359a1e09bd355b3c106ee4b4a20fa4d
SHA156096fb5167054c2b27bc2132c29730835de01c1
SHA256df999c75a04758deae9e2fbc8ebb1cbd3c739a609917b2bb1515e4805551a1f3
SHA51290b917109178bb79331da6306416a8707a7b09305b25c7670bbb762ce57f080ab8dd1d1d840ff39579dcaa7536a669ac55295e2084a520f65764a89c32e4859d
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2