Overview
overview
7Static
static
3Dimension ...up.exe
windows11-21h2-x64
7$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3LICENSES.c...m.html
windows11-21h2-x64
1d3dcompiler_47.dll
windows11-21h2-x64
1ffmpeg.dll
windows11-21h2-x64
1libEGL.dll
windows11-21h2-x64
1libGLESv2.dll
windows11-21h2-x64
1locales/uk.ps1
windows11-21h2-x64
1resources/elevate.exe
windows11-21h2-x64
1rush.exe
windows11-21h2-x64
7vk_swiftshader.dll
windows11-21h2-x64
1vulkan-1.dll
windows11-21h2-x64
1$PLUGINSDI...7z.dll
windows11-21h2-x64
3Analysis
-
max time kernel
1799s -
max time network
1691s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
24/02/2024, 15:39
Static task
static1
Behavioral task
behavioral1
Sample
Dimension Souls Setup.exe
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
LICENSES.chromium.html
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
d3dcompiler_47.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
ffmpeg.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
libEGL.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
libGLESv2.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
locales/uk.ps1
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
resources/elevate.exe
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
rush.exe
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
vk_swiftshader.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
vulkan-1.dll
Resource
win11-20240221-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win11-20240221-en
windows11-21h2-x64
General
-
Target
LICENSES.chromium.html
-
Size
6.5MB
-
MD5
180f8acc70405077badc751453d13625
-
SHA1
35dc54acad60a98aeec47c7ade3e6a8c81f06883
-
SHA256
0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c
-
SHA512
40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec
-
SSDEEP
24576:d7rs5kjWSnB3lWNeUmf0f6W6M6q6A6r/HXpErpem:rovj
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532680592552272" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1316 chrome.exe 1316 chrome.exe 1292 chrome.exe 1292 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1316 chrome.exe 1316 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe Token: SeShutdownPrivilege 1316 chrome.exe Token: SeCreatePagefilePrivilege 1316 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe 1316 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1316 wrote to memory of 2964 1316 chrome.exe 65 PID 1316 wrote to memory of 2964 1316 chrome.exe 65 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 2956 1316 chrome.exe 84 PID 1316 wrote to memory of 4976 1316 chrome.exe 83 PID 1316 wrote to memory of 4976 1316 chrome.exe 83 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85 PID 1316 wrote to memory of 664 1316 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1316 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda5049758,0x7ffda5049768,0x7ffda50497782⤵PID:2964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1876,i,6409832061615969516,14246161017892917367,131072 /prefetch:82⤵PID:4976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1876,i,6409832061615969516,14246161017892917367,131072 /prefetch:22⤵PID:2956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1876,i,6409832061615969516,14246161017892917367,131072 /prefetch:82⤵PID:664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1876,i,6409832061615969516,14246161017892917367,131072 /prefetch:12⤵PID:4144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1876,i,6409832061615969516,14246161017892917367,131072 /prefetch:12⤵PID:3244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1876,i,6409832061615969516,14246161017892917367,131072 /prefetch:82⤵PID:1508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1876,i,6409832061615969516,14246161017892917367,131072 /prefetch:82⤵PID:4736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3632 --field-trial-handle=1876,i,6409832061615969516,14246161017892917367,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1292
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1036
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD57af0122de18c1812c4254270c11c0919
SHA1fc02122443c8384f8ec538bc4e6673121bf7f978
SHA256e71ff909d7c50d8d31a99c7b533e01456889cab2b2859679b83e50055a144802
SHA512ba81fe2fff2119b462fad0382101576bb5ecc10f552cc0c2ef47c35ff7d9f83e30652b7f8ac556faf4a081a3d8d2450df255a40578a3633e5364dafc650d7c70
-
Filesize
6KB
MD537cd688cfd347cc0b798ae285df3c185
SHA10258b0ca1de4c9b2c5fa56741d69d0fa316de577
SHA2569370e7f3ac21cafce540db1d1ac7d49be5dbe2863ac6db6311eaa7e137255d20
SHA5123504d25ab93792d66bcac14038efb17b14d00112c08ead5eaf96c4efb9dce934c793a895f218b9fee6e5dbb34073dc97bf192a7c6cd1f28863b89da1fc8e4750
-
Filesize
6KB
MD564299d785494fc303c7d94367e040883
SHA1e0f7fdaa2cf2ad0be24a083b4b10e07536a8c4d6
SHA256b7d4ede487dd5edaaa64f5c75141f148099e949818821c519be8fd8ac670df5a
SHA51227d273ccd18bf3533bd4707a4bb576f419f9195d5061e7603579ef5e83a723b492db8346cc14e2e622841a9887ddc0f610fcd066ed129e83cc1787afed703d01
-
Filesize
130KB
MD52cfcb96d09b08497d221ace85551803a
SHA1d6a4e9ecacf5cb7b17a172938e50bced04976263
SHA25617190054289c10b4960e5f20ee414d86c1e7d3a5d68238bfa68c63f722e66567
SHA512d1be9fa73c3df15be94a7615e58f388b478ebedf6bdd0d38019afe542ab625a26c7e51716cdf07f8760a1dab5ecd4b9e5fb7cc8fc14379147fac34e28d0cdc9e
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd