Analysis

  • max time kernel
    59s
  • max time network
    52s
  • platform
    windows10-1703_x64
  • resource
    win10-20240214-en
  • resource tags

    arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19-02-2024 03:10

General

  • Target

    http://200.197.79.204.in-addr.arpa

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://200.197.79.204.in-addr.arpa
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:428
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb56699758,0x7ffb56699768,0x7ffb56699778
      2⤵
        PID:3204
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:2
        2⤵
          PID:4896
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:8
          2⤵
            PID:4820
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:8
            2⤵
              PID:4976
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2652 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:1
              2⤵
                PID:1636
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2644 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:1
                2⤵
                  PID:4996
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3896 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:1
                  2⤵
                    PID:2528
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3076 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:1
                    2⤵
                      PID:4576
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:8
                      2⤵
                        PID:1304
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:8
                        2⤵
                          PID:5052
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4480 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:1
                          2⤵
                            PID:4712
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2900 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:1
                            2⤵
                              PID:1776
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1596,i,16249399657420575606,14237992055607979128,131072 /prefetch:8
                              2⤵
                                PID:1012
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                              1⤵
                                PID:820

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                Filesize

                                194KB

                                MD5

                                ac84f1282f8542dee07f8a1af421f2a7

                                SHA1

                                261885284826281a99ff982428a765be30de9029

                                SHA256

                                193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

                                SHA512

                                9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                168B

                                MD5

                                7c7743e2eddaf7b6aaccf95577b4e389

                                SHA1

                                ec5975fe60b86812f5a03afd3295277cd0d3c8a8

                                SHA256

                                2c9ce131b961aa0a39286f02be470fa99acf37429bc4ba7b7cfc42d05f0b6896

                                SHA512

                                dc22c28a1d5759fe912172125d5c3df04d31e6a501171ac23c99dddbde462edabc08e338c7f29d79017128a8ba4f1b2be69d17744e51c0e7244dc0314cdad6eb

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                371B

                                MD5

                                9773f86a1c994b5f7c8d58b62daab84f

                                SHA1

                                9122c12964caa066e5da5a499341c079556b3845

                                SHA256

                                d1b98d50f684253e91b22f8e222cdc3c2048f5d9cfc7ce6989f29cf6506bccec

                                SHA512

                                d611d349811025f1d9c9204276478935273414f991fced87a9453c0c6de2a8a71f51a7ef0bb9ad6061a86b8f627134f081625de089d4c1adff729965643eec9c

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                da72473c3073f6efd1a7f30c3bea10fb

                                SHA1

                                da02428552f7db958e5aeb063905d004540c7150

                                SHA256

                                30b9b424e9e8dfffd891d70b55336aaf004d16826e88aa43270a87ff82c0439d

                                SHA512

                                839d1742fa7ad7c6e099ee69a31b6848c77cc52e022256b2d12fa0f783c8bd89b2d28888843b60e28112fb7d1dae00100d0a65d20b2319d61aa82737c782f218

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                8b7d08cedc32b2bb20804fc9f5ecaa70

                                SHA1

                                db17673edb2cd5ad96bed56f025e9ef81d40d8b3

                                SHA256

                                5e6ecc2e93c7fdc1d894f3af138f4f192c10a77da9dc1f8d37c6fa7c789c9a99

                                SHA512

                                a9c7f9e0c3e1ef13641e37fa253ce50cb6d13b4bd24ef34f332ad8f16cfddf83245d8145c5dcd71c836548d535ff17473b484c256f959739899221e979afda45

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                129KB

                                MD5

                                f1f27eb8aeebe7ef0fb2b1d4386eb664

                                SHA1

                                56bf0dea5722d4669c8d5f8e5937a2e561e77bea

                                SHA256

                                def6ef53b3336e3d90805dc392f75dc5f684a9a3f48de37924aef9bff9276e2d

                                SHA512

                                a877b40ecc1c9355422879003b1cd92572ed4d38a5fa66ed4557a0e8496a9c660db764d7e511c449845677be38a178ac2a92bfa42749257b29572885825fc05f

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                Filesize

                                93KB

                                MD5

                                79ba91f089daf574d86aa022639956c7

                                SHA1

                                b458a8bbaaeb9b87c127c3db21eea697e0538687

                                SHA256

                                461573c10d1a94030eee84cc0b5c664cdd5de26627dfc4abf27ae572eb102424

                                SHA512

                                207402a04d33176081e5e4704c243707fa90c42759cae8c920ba858ff19ce9db6a3fee27e8101a49431ce9563986c38a184d04c022d2fdd64210661280a76709

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e1c5.TMP

                                Filesize

                                91KB

                                MD5

                                483fb3196aa24de90ad21becb750d114

                                SHA1

                                3df5c8d7d6b1a64a80d788e9fa3a1073d0665f44

                                SHA256

                                83a2d3bb96c5c30d3b75ba1b4ec99a0ad8a5ab3cb851355100fc9cf96812ecfe

                                SHA512

                                646e5c3f26b4b9e99fe65633f77168e338a7f325b0f60e7bea456cf3a092e3d8c216f087f9cb6e30a9614658c1003be2a99a5d5c00d9118e0fd56e79ee27d0a3

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                Filesize

                                2B

                                MD5

                                99914b932bd37a50b983c5e7c90ae93b

                                SHA1

                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                SHA256

                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                SHA512

                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd