Analysis

  • max time kernel
    53s
  • max time network
    58s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/02/2024, 19:46

General

  • Target

    http://c6tooling.com/

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://c6tooling.com/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:320
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe70459758,0x7ffe70459768,0x7ffe70459778
      2⤵
        PID:3752
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1772,i,8483331998369179434,14291925847319506450,131072 /prefetch:8
        2⤵
          PID:4652
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1772,i,8483331998369179434,14291925847319506450,131072 /prefetch:8
          2⤵
            PID:4336
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1772,i,8483331998369179434,14291925847319506450,131072 /prefetch:2
            2⤵
              PID:4504
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2756 --field-trial-handle=1772,i,8483331998369179434,14291925847319506450,131072 /prefetch:1
              2⤵
                PID:916
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2736 --field-trial-handle=1772,i,8483331998369179434,14291925847319506450,131072 /prefetch:1
                2⤵
                  PID:4512
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=1772,i,8483331998369179434,14291925847319506450,131072 /prefetch:1
                  2⤵
                    PID:1552
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5008 --field-trial-handle=1772,i,8483331998369179434,14291925847319506450,131072 /prefetch:1
                    2⤵
                      PID:744
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1772,i,8483331998369179434,14291925847319506450,131072 /prefetch:8
                      2⤵
                        PID:4628
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1772,i,8483331998369179434,14291925847319506450,131072 /prefetch:8
                        2⤵
                          PID:4048
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=764 --field-trial-handle=1772,i,8483331998369179434,14291925847319506450,131072 /prefetch:1
                          2⤵
                            PID:4172
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5448 --field-trial-handle=1772,i,8483331998369179434,14291925847319506450,131072 /prefetch:8
                            2⤵
                              PID:3196
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1772,i,8483331998369179434,14291925847319506450,131072 /prefetch:8
                              2⤵
                                PID:3468
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                              1⤵
                                PID:4072

                              Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

                                      Filesize

                                      18KB

                                      MD5

                                      8fe6dc3be24fe73acc9737a2ab56993f

                                      SHA1

                                      4819ba623c14175b23c6affaf7a614a71097e0f6

                                      SHA256

                                      70fdb1c78f634590ab31cc2ccb2003f11b8e2d9627738052f1efbda264c4502b

                                      SHA512

                                      87c6c0b36e13efb089fef9eb26fdf96eb70b2acf240dde727ca4b29b2a729f59bb4b0fe7a513eb25c75b92b78f2542068a6b6dace0002d50f82ebfb52415a4ea

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

                                      Filesize

                                      39KB

                                      MD5

                                      034fbdc5a639edaf4f52560ee7240d88

                                      SHA1

                                      d6a04b2a776b01b05e9a41be9eae95636d88ccbf

                                      SHA256

                                      16dd46298fe533b68592de42085fbb48d706b38cb2d0692481bcf66d5992f38b

                                      SHA512

                                      65ce21aaae8f87523271f26c7e004b8e69daf19b3c5e40193661f6c0312075ee38aa4618e14fc8f02c787d80050806cad920b2b720f4a8ff5fb2a4cd3eeec047

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

                                      Filesize

                                      20KB

                                      MD5

                                      87e8230a9ca3f0c5ccfa56f70276e2f2

                                      SHA1

                                      eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                      SHA256

                                      e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                      SHA512

                                      37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

                                      Filesize

                                      81KB

                                      MD5

                                      51d788fb6d5ec6df3850363850dc5d7a

                                      SHA1

                                      f8b901166c09ed88427ef20bfe4bb173b1e21ac0

                                      SHA256

                                      fd9edb3ef57e9b9ddb78afd2a41c48f140d4633196bc0f845b008dfc63dd7491

                                      SHA512

                                      e037a41abb6318f7b18fde21331a24664270efa7b746fdbf8d0cbcf0c3a4d906b0490a448f01254966e7efd70184e87987b8db1488a8626bf55c758ef6ef7047

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

                                      Filesize

                                      81KB

                                      MD5

                                      09dd15f3711ada86b82b98572769cb9a

                                      SHA1

                                      44561d5e18b55321f4d9f64be8160c660b7b0869

                                      SHA256

                                      99bfe8f76b641d64b8a9783304b9520676b7681a7f52fd202f85e9ec71f79e5a

                                      SHA512

                                      dbd45f6c4a47467df902352a5555336a852ff9b83dbae940f2396f59edc49e244ba0bb75055be5ed3613fdb02ec5ccf5200d2fa52fa9f092262bd91001c799ae

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

                                      Filesize

                                      118KB

                                      MD5

                                      93cec52184d6f2654377c044d7cc353f

                                      SHA1

                                      e40c4a66b8936deedebbaa8b4c686f8578b5c63c

                                      SHA256

                                      93f0b18317fb621a5dbec71fb33a1d1fb49efb8855d787ac85223804a4e84a76

                                      SHA512

                                      fafcb1dfc040af7d6caf6c742a0e6044b7d38cf0444e5af8b28545d5da13e38bfcc5239683af22be6d7139d0c2ee210cc5286d2100d9e5f085a248d659fe545f

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

                                      Filesize

                                      194KB

                                      MD5

                                      36104d04a9994182ba78be74c7ac3b0e

                                      SHA1

                                      0c049d44cd22468abb1d0711ec844e68297a7b3d

                                      SHA256

                                      ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

                                      SHA512

                                      8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

                                      Filesize

                                      17KB

                                      MD5

                                      c36230610c7279c040d2b160f878d648

                                      SHA1

                                      f5d69651745937f089a70408ba11c7677c952a13

                                      SHA256

                                      69ded7f7a54fcce08b94ff84c93689401ce1756baaaf07026687c79d72ef0f6d

                                      SHA512

                                      aede85fa0ef236f8b73685fb75ed9d829fd409e3f48693f1fd5ca67f1161935ee3da1c4da2dd5887f95b054dc546076a3251eb5043cc475afc9e45d188b1ac85

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

                                      Filesize

                                      19KB

                                      MD5

                                      22d0c9fb783be9872e403b59abda6c4f

                                      SHA1

                                      1664f7acfda8dd86abed2ee3065b8fe2031d07c4

                                      SHA256

                                      0e9d548fbd6eb9d25921d5e8a2aa9fc728a099d17f65c9852bd6883dd5faa668

                                      SHA512

                                      5f6df4c1b662234013e1357b8fb8e19dfc23fb823f497250d7eaa1ae0c969a2bd143174a4c913b89d1ca100ae8e0e757ecde7bd60b2ce65411daba8d4d1a1d31

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

                                      Filesize

                                      33KB

                                      MD5

                                      27a05b77e7bba6c2b279f1a67cd6acef

                                      SHA1

                                      3164de3d460475f745bba673aecd9f7d799d7509

                                      SHA256

                                      71aca97ad43f1a016bcc6a04f90587cba90db71a03358130d686acf042e00f83

                                      SHA512

                                      5cdf58d637dc70be10b36d7ca7230404ca4cd58af53028183cfc28335dd8d3ccb24f0653c0844acf67deb18f8b529dfa83ecb2af34dc1129662dbdf20c0bba06

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      2bc51b6fc3c52a813a5f4d5b5d24a202

                                      SHA1

                                      3c0c63bb4e13bd6789ae188731ea867559de7e15

                                      SHA256

                                      00265dd757277024545f3943a4b3b2ac8092cc0e2ac9698e6e351f3c5f2f2686

                                      SHA512

                                      23b75bb0443dbcb319b5401cb4c5bd077b540eab9c3d2db7cfad494ab005bb273a42fcaf56f1aff46cea02704cf3c33675cf9897770d5997ef4685ebfd4d116a

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      951b6dfe3c28748de677750a987d4715

                                      SHA1

                                      82e6f6970cae8a2c353e12e215afe62fc194f8df

                                      SHA256

                                      2a787cc8c7f696c5d9845f9a109fe0525b4148f5053efef83600517ff274c95b

                                      SHA512

                                      4ecbc449d5a296569b65bb2844c6dff6b878b9c2d98ec9a2cc648a5af8ee07d6e083b9b698dcd5b0b591b00e319b0904156917323ba152f29dce9456342b9628

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      ff5c25eb3d088b496c6f2a4cb1e32436

                                      SHA1

                                      2db4ee707cec44786aaa66206f62b8dce513134e

                                      SHA256

                                      6ea8d77e8b090b1e6322073f2a353baba4e34a9a06395d06e3c5b3c3acdf99bd

                                      SHA512

                                      05043a336bf2667b14a43286e725578a4759b02f04a506fabe9cd0a4b8e740d3bc6318f634d3dc5035dce0a765e95bc1e3015f58b69181e5d4d98f9ed0a10694

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      974a0ddb2d9417dd46c628aa147ea865

                                      SHA1

                                      26a18d8188b7c93216108613ff8d83d9726d8eb3

                                      SHA256

                                      bc9a405ab67fbc60dcf06405dd6802cd882da659b5f0a1f94e988da4e5ca1051

                                      SHA512

                                      ae898fa2849e197bb2f1d50e9b749f3bd65737d59e11202e8d29668547f53777818eb5c0bad27868710b10b95e55fe0b307b31aa7d984b944b147440a2cce9ac

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      9534bf7588e0fc9ba6a73da3d3f8ac92

                                      SHA1

                                      6e76b162da6fc95ede18e20f8647715cdc4b2441

                                      SHA256

                                      138bbb9456ac0cb08d80990c0cf34890f833ff49e054c697a2ca42a483b15cc8

                                      SHA512

                                      fffcb8f273d51a717b365258916571e73d613ae1d68da7a6d1c3fd69acdf3a4b9d14e35a8bdfa4d7c8e026c9da9dd568580dc523328d88d596c8f88ed7858a4e

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                      Filesize

                                      56B

                                      MD5

                                      ae1bccd6831ebfe5ad03b482ee266e4f

                                      SHA1

                                      01f4179f48f1af383b275d7ee338dd160b6f558a

                                      SHA256

                                      1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

                                      SHA512

                                      baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                      Filesize

                                      120B

                                      MD5

                                      6eebc7e8db597297b4897d7273c9fb67

                                      SHA1

                                      b7e84eb82682fe42f35931faa51c8e8235320e3b

                                      SHA256

                                      c3b23c62af4d7f317fdc7d314ad7301a6637ee92ce68dc871150897e0e3bb4d0

                                      SHA512

                                      b871481c41e6e54041679b3185e03a7c39232cd04bd312592544acb3522da3a31c7cc8289eb7385a8b2a9f8e54d8be8c9365d5c826f81e7d8a4bf2d60ff13c84

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                      Filesize

                                      120B

                                      MD5

                                      2e4921a83f08cdf4bba3be01b6e7c03c

                                      SHA1

                                      75defbe8955fac6b9abafbaebc42b10fe7d0e799

                                      SHA256

                                      05725102864137d1c94efb14b60b724f7279333ae0fd0fe3e0aee48206f8bb7c

                                      SHA512

                                      5dc0492481aa27c30b0ce3354e6d731dd7a7f992d3ffdf63f0b6c1c81fd9ec59935e6fbed819e1fcd8f03de6eb20f38e83ea351ee2422471128577079c29e681

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe584a62.TMP

                                      Filesize

                                      120B

                                      MD5

                                      668cbdc5820912c0edb6a64e3d40fd31

                                      SHA1

                                      6817914f6213c0c1de376d0ccd9e52b1847be6f6

                                      SHA256

                                      df64f3c79c00e9f929560515bb9efa4aee757b0f8ed49565dc61c247124649f7

                                      SHA512

                                      7cf89e25b161bd2efa937509e5b289e5bfa141b49e3c0a6a7b73f5df5efa56b99d9fde458053cbc3a92b5cc623f23dc08cc9538b7788c87d5dfb098487edb9c5

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      114KB

                                      MD5

                                      d0ca63bcfaef085ce7264a024f0b7cf6

                                      SHA1

                                      8c18b9ca708432b066259729674cfa621632c792

                                      SHA256

                                      bdae5f00e5a92014f2f2c7c107861938100245a6af01337491f5276eca197f7c

                                      SHA512

                                      2a9264e0bcbfa2c7ef05ee247cb30012ec0e87582f3ce87bfa55cf93286d963ea8302fed20de6cb9e79a5e4facc03d18d952bf8ee9a272459dd79786e0ce3708

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                      Filesize

                                      2B

                                      MD5

                                      99914b932bd37a50b983c5e7c90ae93b

                                      SHA1

                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                      SHA256

                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                      SHA512

                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd