420b8fa29bb45c778152cfc9a8356cfba5fa5a9c71f5a17f49d3ff1ec90c5b95

Analysis

max time kernel
56s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NO-ESCAPE
Size

238KB
MD5

14755a3b8cf2ddd53807e71dde9b781a
SHA1

6af06d592d2658df1ce58491c3306ba4baaea9cb
SHA256

420b8fa29bb45c778152cfc9a8356cfba5fa5a9c71f5a17f49d3ff1ec90c5b95
SHA512

d78b4dddedc9f97064fb9f7d55c13a16d04e4fa06d68442545115d5f6e772aa4bd6045373d92ac552487609ed6312534075bb5c117b8e82bbba7799e69d051d7
SSDEEP

6144:jDuqJaufBiVSgE29xxspm0n1vuz389nvZJT3CqbMrhryfQNRPaCieMjAkvCJv1VO:JfBiVSgE29xxspm0n1vuz389nvZJT3CI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 1212	1352	chrome.exe	30
PID 1352 wrote to memory of 1212	1352	chrome.exe	30
PID 1352 wrote to memory of 1212	1352	chrome.exe	30
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2384	1352	chrome.exe	32
PID 1352 wrote to memory of 2380	1352	chrome.exe	33
PID 1352 wrote to memory of 2380	1352	chrome.exe	33
PID 1352 wrote to memory of 2380	1352	chrome.exe	33
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34
PID 1352 wrote to memory of 2544	1352	chrome.exe	34

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\NO-ESCAPE
1⤵
PID:848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6fe9758,0x7fef6fe9768,0x7fef6fe9778
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1372,i,6518063758418662884,4367466414080263651,131072 /prefetch:2
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1372,i,6518063758418662884,4367466414080263651,131072 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1372,i,6518063758418662884,4367466414080263651,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2360 --field-trial-handle=1372,i,6518063758418662884,4367466414080263651,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2156 --field-trial-handle=1372,i,6518063758418662884,4367466414080263651,131072 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1112 --field-trial-handle=1372,i,6518063758418662884,4367466414080263651,131072 /prefetch:2
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1244 --field-trial-handle=1372,i,6518063758418662884,4367466414080263651,131072 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 --field-trial-handle=1372,i,6518063758418662884,4367466414080263651,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3724 --field-trial-handle=1372,i,6518063758418662884,4367466414080263651,131072 /prefetch:1
  2⤵
  PID:1872

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
15b5688dbd16e7633657875d3bd14ad3

SHA1
335ba4670a3304a409ddc9e81f2453e519b003fc

SHA256
9718436073cedcf47460a22e3b60f6e8c600a6af5f9ce072da3b313c79632ae9

SHA512
dab50a299a7fb261d4ffb5308db48eaae619e0863df26652ca86e03944ae10f18cde544164f942b9030afd8ed0f97ed51875e0b47f17a5feb78b8ea03a69f692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e1cbb30a3d3fef1a623eaa1b02a0a4e3

SHA1
661f82bf5195c3f1c46667b0073dcc4cba61febe

SHA256
c366088d6b28d6968c5a188822441ed0d49823c10d78a4b4c37fb4a103ef9036

SHA512
1caf5384a24c338918a103d2a6ee6fcd8b744c77d17b8bcd444051a23131445d18af667176745dc2b762a752972e6db9c28eb1c2a6ecb39b1c7b7c47a981e6c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
a75fceeceb2594bb64da192d5f12e774

SHA1
4dc222643eb368a973228de8cb55045f1be6ed88

SHA256
1a48faa6b1a8aac8c5cf7c5cb67f2e43d98336f41443cbd9c62943693cff234e

SHA512
311fcb337d12631a08df2e57063188f041c713a1cfb9cda656ccc4df7f1f70c27bb9e45eeef51ef188226f76006abeed5b739991664b366c4b084faca97059c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit