Analysis
-
max time kernel
30s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
21/02/2024, 00:13
Errors
General
-
Target
MullvadVPN-2023.6.exe
-
Size
93.6MB
-
MD5
834230b556ebb998b1b13a63c62b3478
-
SHA1
38ec2be53147808307829bc2f79a3aae8b64d768
-
SHA256
1a212857d3edcfe44cfdf0ac50db27a1fb325721f7fd9aa9a1e8fcc8b4bda64c
-
SHA512
5d183cd91f629c5c75c7f3eec49b799fea3d16810322b5a063c566a61e19cf1327e753a186f730ce6cf659039808b3c69c7d275f6f8bde089851b3841af1c2ff
-
SSDEEP
1572864:9z8Z6VuhipuuP5AyMSH3Jz0l4lJaE8NMkrKDpwGWPJeijnOtHTWCmuwEln2uwZgX:9YZRnuP2yMcPQEirKmvRjnCzWCmwJeY1
Malware Config
Signatures
-
Loads dropped DLL 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 24 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\MullvadVPN-2023.6.exe"C:\Users\Admin\AppData\Local\Temp\MullvadVPN-2023.6.exe"1⤵
- Loads dropped DLL
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73e9758,0x7fef73e9768,0x7fef73e97782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1188,i,5675759532437426354,17629789551755301300,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1552 --field-trial-handle=1188,i,5675759532437426354,17629789551755301300,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1188,i,5675759532437426354,17629789551755301300,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1188,i,5675759532437426354,17629789551755301300,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1188,i,5675759532437426354,17629789551755301300,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1392 --field-trial-handle=1188,i,5675759532437426354,17629789551755301300,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1272 --field-trial-handle=1188,i,5675759532437426354,17629789551755301300,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1188,i,5675759532437426354,17629789551755301300,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\system32\winver.exe"C:\Windows\system32\winver.exe"1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x56c1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5abe53604098a89de63fc6b4f8a748a90
SHA1ba63a017bd541f7c9d3586fd958ff8326090fc3d
SHA25662f3f8cf5729b29f6aaf127329da8f89f47ab5a03d44cfe48917d166a77c3ee1
SHA512089ae214da7afd0b78d5c52bdd7e19769535ff850bfe92d9cb55b8978ed4c5eff907afa39b6968d53a417a7f03e4f9a95c197ccb38bce09d5d273b0aef3bfd78
-
Filesize
4KB
MD5efb56bd39b17768fc2169eb7b361fd97
SHA134fb58a2e7c78ab58e89e45a1c621b923e813133
SHA256b7554fcd4a6f4aeb075ba39c2f25d369b3259b6d1e411ee4ef7a2555aca5da66
SHA5124d55d602495eeef81daecec2f193932f21d73c529727294e703281a4c4e46dfd1b2f631520f14daaa42f28bc0dbc592bf1dfba585c1ebf2e5fb1f1bed67f46ca
-
Filesize
4KB
MD5406aca4ff7ccff116fd9de8d73cbf756
SHA1fe79188efacfbbbb288464fdea4d93b9b3dee36b
SHA25630d5e17387954539a35feda9cfbb2e0c0a1e773f3e61bd45ce0d82c63818c9e9
SHA51223bab8397560033b219b6ce91d6e2fa873fe216b56f8628f1e4e88f628a1445c661e58e2586a24439fe627dc5ba261e401c2190800fac46aed6b4079cba23de3
-
Filesize
4KB
MD5bb05cfc78f6094ce9f1f2c94e7adf545
SHA1486cf97e7e960dd7a9d9c7514f82b0f2abb154c4
SHA2560311fd0d8f3c1a8d8c7061d75332eb10ce2412ef04ca75d04ccd3203e4964a4a
SHA5120338ed284eb87e8420da930d731f38e9ad45eed4956027f4f11b78c0b648365ab044bd9f57f53b2afbd73b878f645e79b8f16cf3beed441ef1ee710b04423a09
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
240KB
MD5dd72037854567fdd01a9327aa67eb3b2
SHA1d73ff7baec52be9e5a4eebaed8643d8f9273d88e
SHA2560cc0bccd58d2510e5e4f97a77794841cc5fdbe2b7525f4d3dbb8923192d58c56
SHA512d4c1c6c3fa6508427b72162162deaa40f36005fa636342af9aecc51661e527fa4f89ebf2c2c06daaa1b62d7d0d5ce32e251e0ed8603d69f31cc43d94a6f76bc5
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
100KB
MD5c6a6e03f77c313b267498515488c5740
SHA13d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA5129870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
Filesize
12KB
MD50d7ad4f45dc6f5aa87f606d0331c6901
SHA148df0911f0484cbe2a8cdd5362140b63c41ee457
SHA2563eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
Filesize
14KB
MD5adb29e6b186daa765dc750128649b63d
SHA1160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA2562f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
232KB
-
Filesize
4KB