Analysis
-
max time kernel
149s -
max time network
140s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
23-02-2024 01:12
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Da2dalus/The-MALWARE-Repo
Resource
win10-20240221-en
windows10-1703-x64
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531243725147131" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 316 chrome.exe 316 chrome.exe 824 chrome.exe 824 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 316 chrome.exe 316 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe Token: SeShutdownPrivilege 316 chrome.exe Token: SeCreatePagefilePrivilege 316 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe 316 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 316 wrote to memory of 4656 316 chrome.exe 73 PID 316 wrote to memory of 4656 316 chrome.exe 73 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 1432 316 chrome.exe 76 PID 316 wrote to memory of 3860 316 chrome.exe 75 PID 316 wrote to memory of 3860 316 chrome.exe 75 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79 PID 316 wrote to memory of 2812 316 chrome.exe 79
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:316 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaeb159758,0x7ffaeb159768,0x7ffaeb1597782⤵PID:4656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1648,i,16907581669326118786,12933641321771473802,131072 /prefetch:82⤵PID:3860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1648,i,16907581669326118786,12933641321771473802,131072 /prefetch:22⤵PID:1432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1648,i,16907581669326118786,12933641321771473802,131072 /prefetch:12⤵PID:4472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1648,i,16907581669326118786,12933641321771473802,131072 /prefetch:12⤵PID:3900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1648,i,16907581669326118786,12933641321771473802,131072 /prefetch:82⤵PID:2812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3744 --field-trial-handle=1648,i,16907581669326118786,12933641321771473802,131072 /prefetch:82⤵PID:1340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1648,i,16907581669326118786,12933641321771473802,131072 /prefetch:82⤵PID:1924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4576 --field-trial-handle=1648,i,16907581669326118786,12933641321771473802,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:824
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4688
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\54a3aa4a-0da1-4b66-bfb1-e33ff5ea54b2.tmp
Filesize5KB
MD59b3229e29a1f73019d12ee96fd615f37
SHA136b131e0aa229d65feda58e58a9a4d98a4e6e0d9
SHA2560363bff840e982522f19fd3095398cfcb75fc61a4c797a46d772445b5e427306
SHA5124be763d81d2d977641e9ee4ed4502feb22befdf6cfc1c0044924dad3cca7a64df062e9482e16931d8db2f2e1a23437d276d137d900b3f4566cc8628f89d58e21
-
Filesize
2KB
MD594a119c0d3d9f15c4f28345d8857ae79
SHA163e72f4890ba2a78e77ee51d7fdd11de476a6c57
SHA256308bc92b314057dec711173621343f13beef8d369e97bde4b7beef83ca4f3e00
SHA512adc9f408d4391fe291380593de0c6059172664892786ca8fa55a4425d8240570dc741f8072e00c39514293ecc3ca87a05afcc18c49b8993d6b47432fdb18a792
-
Filesize
1KB
MD5def2c58e814f047d6daf234e2bea1341
SHA1dc219182c626094fba3b114e43739ea0c592b62f
SHA25697cb9a836b696a5314b07543b0cabea452fd8cad4f8b0c1150dfb92dd993f6e8
SHA51234ed18ba65c38744d00286bc099f3d7c97d7507a083595fa7bd8bbb1f3c65d38cf9908384fc8980c53ab40d9c0171ef710a9cb73535df772dd77e3e040928d05
-
Filesize
1KB
MD57b4225c799aba4bd57f22aabf6ab1770
SHA1c4867a7a92c0cbccb9250876a5d0f231ff08e5c6
SHA256ac1f77eb0dc19a59d5f5b11d758644a744c941f76bb6647af54536de42304ad8
SHA512fdf1f439d3876c571cd83fe7d91d1d4e3779dfa6d67570731184f2a08ed378381eaa048b807c0e5eb7caa04d110e00de70a1b916f54a11a518d18574d8154ef8
-
Filesize
1KB
MD5354933ae4f8a5aa88c1836f35cb1205c
SHA179567bf3ac81a78a0abddd90854cbf85ae7684e2
SHA256ca7d09e785123771017efc326d4c3422a45abdf45c038a7d77fb43a246fcd4a8
SHA512b9641a6cc685633e640f0ec20ae697a9a2ff33aed35013ed4b27a787cf5ed7a5d111907ec22b6a57fe550b590363796fb091e05034f76774aa72e115a269f4e1
-
Filesize
1KB
MD5c90ad4a9fbf17c59e165ea56a59bf944
SHA1ffbb910db0e6a092cff05880482c1ea5510e4500
SHA2567f3cbf935491737e5f12f9c071239a7ff9b5ae91ea0ddefddf357164a22e5c0c
SHA512eb9580999d7332eb71897fd41081c709edfb407def88980d58f7d25029e8dad5fd1458f4b81090309c506636c6132e79b6a2a1aae86f17400c464e7d3ec6fe39
-
Filesize
1KB
MD54c11eedbe57b899a0ccbc22879082929
SHA177d6dfa58522b9dd4fbf557f6cd1eb9d4b9d63f7
SHA256042e12c7d1523ec81c1b8faaf344e5d2c97d2274907704b25072f773ab554f2b
SHA512bbec40e656dd897221987a7239b6b3575ebd9fbaac99ec3b0d6d515a44c010ae5f7a392945448479adb40b767d2cff2c446c1d92750c0ea454de9c05a900836b
-
Filesize
5KB
MD52f0efe63a329427d8198f3620b16896d
SHA13215dfef2a0847a101f48f2cca9e53d1d92f7a2b
SHA256d9a015f51ebc301f85e7f78d357f42933a90b7d77966ff8e06228ebc6e6bef29
SHA512080aff3cdb5c36ccffbcdcfe203206a8e1ad45863c0cc2fb7dd632bb4dce924ab91315c8c7636705971cd5ee0bf809a96d154f2ccd9bdf3c2d5eee0a69138815
-
Filesize
6KB
MD5e8ec5f83e49faf4eb606114c37d4a72d
SHA1feabe3de42b5f9c54adf60fc7c41184ee7b2d035
SHA2568f3d9f0a85f0cd192824a70ea9031a8640e8f42617862e5b3e633203cc442ce5
SHA5126ee0bc462d8876280e4f985aee869dd57ba51bf381b85354df667ceb3273e9777f7a6bdd8b0c4f8d53313e3c21dd30fb2a2378ee0dea3b5f189a852de15d806e
-
Filesize
5KB
MD56e553acd0be6ad3e4efafbe4b81ffc5d
SHA127a866e7b7ace175e9b08d3f423c7e9aebc4249c
SHA2564f940fa96b12a6cf117c7ce9433446ce36388b112643b7e15197d2f15919a2a9
SHA512089b6cebb11685ed19aaf0d7d7b039a85cdc3200760c428a47e0494d34ed9e4d884e64650b0fa57641b90ee15d8f68c6f4730d6f11466499efb9a24af3b9e7c7
-
Filesize
130KB
MD54f7ed325bc87e49b9229f103f9fde1dc
SHA17b38d3d3657914894fa03408d2704e545a5dc5e9
SHA2568b150aef153e3713261ef3a9ffae882d6c2272051e6de2e6c3c265a5f40a24af
SHA512c352644b46bedf07ebe82142459ab5e4e22435896c124ea56003feb9cc707aa37989b612b6a56e8f75839e9a6fdbbaf7fcfc8233cf416e3749dc3009261710c4
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd