Resubmissions

24-02-2024 11:54

240224-n22eqsbf2y 5

24-02-2024 11:50

240224-nz4r3sag77 5

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24-02-2024 11:54

General

  • Target

    AutoClicker.exe

  • Size

    854KB

  • MD5

    c500a7318204cc39a9e4b544fbf4f4ff

  • SHA1

    f35013967cb5ff638491edb409eee863c5f8ada0

  • SHA256

    45bd2a14ac56f7a71d9c8b358cc0769972b5477edd1744e1f2085961558040a8

  • SHA512

    f57d2c6ad185bff1824ddfcdd1f8fea9da6a832c6ef421cbd8645b7ac78a9d5b4d0d321ebbf6559729d470c05ef579020bb2411fa361e9b0acf51e640e4e1580

  • SSDEEP

    12288:maWzgMg7v3qnCiWErQohh0F49CJ8lnybQg9BFg9UmTRHlvh:haHMv6CGrjBnybQg+mmhJh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe
    "C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:404
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffc345b9758,0x7ffc345b9768,0x7ffc345b9778
      2⤵
        PID:4292
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1816,i,16869196691554065512,6290034284313526333,131072 /prefetch:8
        2⤵
          PID:4224
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1816,i,16869196691554065512,6290034284313526333,131072 /prefetch:2
          2⤵
            PID:4600
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1816,i,16869196691554065512,6290034284313526333,131072 /prefetch:1
            2⤵
              PID:3528
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1816,i,16869196691554065512,6290034284313526333,131072 /prefetch:1
              2⤵
                PID:4840
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1816,i,16869196691554065512,6290034284313526333,131072 /prefetch:8
                2⤵
                  PID:2452
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1816,i,16869196691554065512,6290034284313526333,131072 /prefetch:1
                  2⤵
                    PID:3328
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 --field-trial-handle=1816,i,16869196691554065512,6290034284313526333,131072 /prefetch:8
                    2⤵
                      PID:2800
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5068 --field-trial-handle=1816,i,16869196691554065512,6290034284313526333,131072 /prefetch:8
                      2⤵
                        PID:3248
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1816,i,16869196691554065512,6290034284313526333,131072 /prefetch:8
                        2⤵
                          PID:1336
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5256 --field-trial-handle=1816,i,16869196691554065512,6290034284313526333,131072 /prefetch:1
                          2⤵
                            PID:756
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3200 --field-trial-handle=1816,i,16869196691554065512,6290034284313526333,131072 /prefetch:1
                            2⤵
                              PID:1100
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3244 --field-trial-handle=1816,i,16869196691554065512,6290034284313526333,131072 /prefetch:1
                              2⤵
                                PID:2400
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 --field-trial-handle=1816,i,16869196691554065512,6290034284313526333,131072 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2548
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                              1⤵
                                PID:2432

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                Filesize

                                195KB

                                MD5

                                873734b55d4c7d35a177c8318b0caec7

                                SHA1

                                469b913b09ea5b55e60098c95120cc9b935ddb28

                                SHA256

                                4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

                                SHA512

                                24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                168B

                                MD5

                                3d921abdf6c43e6fdff85fb313bf36d0

                                SHA1

                                3c4db9dbfff35884e5cb728455a431c34a8e9ef9

                                SHA256

                                bf8c7f8a2cfa4e727879a9a92675a0e1ff72c8cba6088eb34ced159f70d07a36

                                SHA512

                                9a60b093837c525ee69a471eaed82476a5dff312a062fb597e0e1fa56b3e0de8414e4c6c6675dde4671d6e4a7c35b7c8b42382fc0743d24c9ec9a30e314fa416

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                168B

                                MD5

                                424e19cadacba79686981aceb93618f9

                                SHA1

                                612ad1ff5c2a0b8c3bc2d37a5d203347ef718630

                                SHA256

                                3db48bbac73d85193b2fcd923b90e7512542b2c7e93cabc17abdd19ae42734f3

                                SHA512

                                d2bd11df8866d26df82aad6c024a051d39684e75185bf7e80104ad6963d76a9ad09866d6828e142eaf76b88489a484731ae231cd767c8a3585e2729e88aded07

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                2KB

                                MD5

                                dbe56be493f71a331987cd46b69d3cbe

                                SHA1

                                f63d544bb23b6da794f2df34a4119cc465e4ddf0

                                SHA256

                                caedc49144da197dbefa26bc7779969fe0633eee790aeed2d75032970966ba29

                                SHA512

                                fc5985f07cf571db37f6c2e4fc02a009ca5c05eaff8a45a8a4c82dd1b9b0cafbf9db2cc87510e49a872e3033a3db2d2d9e58b421b5fb70b602b9372425b391ac

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                cca074d9e6d778a4846d12171c20e446

                                SHA1

                                26575a29fc3841c946995ef37f30365c9371303e

                                SHA256

                                064800140cff236b54621fee31cf92e6ddce58c3a19b93879626e65fd38fa0a8

                                SHA512

                                c1790837392810f276628fa5aced8ee0975efa27f4182860b370223732507d838b38a279b28634f5d8d5156da488e49b759cf70323a8f9ef042ceb1a0eacb4ee

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                19a32340874cf404d6f7dae78e708a4b

                                SHA1

                                f4162996165d5e2976ebff91dc5e1e2270a5de0e

                                SHA256

                                bb31ed21780c2d5d5e6502a6a8aee9a616af8b6d223d99dad2f90ed9757f109f

                                SHA512

                                6973397a3a7b1a0e973754252095caed57794217dcccc907c0196931ad59a18341ef5ab033b09bee11430c92329069bd174c3b2542dede4c8957fc48a3e19d95

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                e310f3d2c5fcb0ce49c1958e2fb88081

                                SHA1

                                12522204bf1dec4f2880db5da54e55580ddf2e85

                                SHA256

                                7f332bb35751c6cab684b60130a36f5d7e0a1354986c5d379855ab3985a839d5

                                SHA512

                                1491faa6854482aa8cef643243b807fa669e91832768d46870d546a50fc876d8d0c6feb5a8a5f593e5a85be138648a77e49433f608709ea4b96a9dabe40d258d

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                9a98998f4b698d1431318be5d6367504

                                SHA1

                                9bd8a4df25a39d7f8a4ec63b2ce3c75cfede18b3

                                SHA256

                                dcedc74978f183d150d115747640adc8dd197432f2c416d87389732d12a49c08

                                SHA512

                                b0e90db27c71486b81f7ce482eb83c9aeb00655820ce721b69cd1301235e18fd9fe41b2e5c3e78080eaa3335dc10603defac42ab1a6c917c99b44fe8ecd545cc

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                371B

                                MD5

                                1df1a2d271c18374688fca577573b555

                                SHA1

                                e7d7ac50e2361d60f5d57c838125a3473518f5c3

                                SHA256

                                7ceb3d07c82b717fd5f8fa05f3145631ed988e0d72a12ccd90cf4e2d705108dd

                                SHA512

                                940efde1ab7aa0824099d17e38c2d24cbe0963b48c47e61f68b763ca191127b38cdc7f9c322d57e29cc7ec579618d9f68688db3ecdc5c69f8eed6fbfc92906ab

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                371B

                                MD5

                                8c8caf38f349d87b6eef2365496a00ad

                                SHA1

                                07d9d67c8d47aab04a6e6d3e884564f6c88f52fc

                                SHA256

                                7f4809c2246ecf14ebcec623f9b50b14601a1a9db79b2d5cd82b32e548123711

                                SHA512

                                37f939160cc9b77754ca3397873ae3dd3fec9786572093055f18be0746d33f59b650228a341ee7f48d02deae42201281f517f8ae2bee06289c61c1e4fcf88e3b

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                4e0462f2c1c84596cba7f5fe72445099

                                SHA1

                                549b2be115f89f683d0cdc64b1a18564d72ec799

                                SHA256

                                0f1a96536139bc8bd077d42124718c7a17efd15aac411ebc6e836b0a84e8710e

                                SHA512

                                8f8677cf6688145fea9e66273941301dcd2ca7c87198aef098ad834eee7af70ec87d9e0ed59f9b50c5c5ed84c3949d57a67d9e98104bfafcba572d18e7fcd061

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                7KB

                                MD5

                                0de50a8c0b88348898755abc885a42de

                                SHA1

                                47cb06d31e18d6a08b87e4ea44d0a6363c3f585d

                                SHA256

                                907322cf6fa042efc770e4dd3acda58e90f0236660014d84bf784752da1e10bc

                                SHA512

                                d0c1c20e4b0cc8482596d5e5a5f4b86d5e86f1822cec6211a469458abb8f96c8cdd397a8384b6c9e77b7e42153d2f6eacc9198e8c683e4e088ec717791a6994f

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                d5c4b5d9b2fad7ed51840646c9316b03

                                SHA1

                                a9973d6ed2eb215e7eca5e6654a572b25558c15f

                                SHA256

                                a282a16eea2d4320056d0e7ad1fc3e83b0a400c3e629f4663869f4a703258dc1

                                SHA512

                                619a4d810804ba525bf59c8a7af0e25ca1fb4a23c318429ac7ef1abc2aabb845ef8a46a8359de5b81fe0134520fe5d8a82e72e7d0b17d83387b1e01f13e22bb5

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                37b0e42e47bda40601eca54f5bf4f585

                                SHA1

                                434d486e5c879818f4474d9d10ba4eb14c520b96

                                SHA256

                                0697798f9e3748da5fa38416ff25f4da2e6e4347e67bb7881585440515e033c0

                                SHA512

                                cd0150800c9698fcf53946fd1ca46ae004c352d4492bb19e32f57d4db7aa10940ce46d4930f223e366a877fbbdfe5595dedcd7f233394408963b04777a1d85e7

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                Filesize

                                15KB

                                MD5

                                7b5928d0d0cc7e7dcba9b1dac4bf8df6

                                SHA1

                                168949bcef6accce5984785972da6d913c23806c

                                SHA256

                                cb4e75e0f930dba59216367e473daa949484679baf2fb570790946103d9e3838

                                SHA512

                                fa118dfb6c0874ce14b351dea712d673d07a3b6934e9a26db0b6019c2306964392f0d5f2dbb5b80397441f27c7a925614e35ccb9fcee090efb6efa15bf4e6eeb

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                257KB

                                MD5

                                8bdfe9c2d6eadd0e05defefd1bef26a5

                                SHA1

                                cba775930609b919343eb2076374b5d37c73dac6

                                SHA256

                                4b79d87b37023f7a2c3ec3f2ad010b26adfc0001c3d3ac7a91e834e0107a53f6

                                SHA512

                                9fa330f396666dfbce2570dd80ac144245bab8f6311f39a55515c7b2c90db7d9111056c2311f1070f83dffaff446316a574dceb431adb470063299a6df3afa34

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                Filesize

                                2B

                                MD5

                                99914b932bd37a50b983c5e7c90ae93b

                                SHA1

                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                SHA256

                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                SHA512

                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd