7a4b185a74fa6d210443cacc9c21c823ba8026e5d8576aef1cd1f6d34da70edc

Analysis

max time kernel
51s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-02-2024 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a4b185a74fa6d210443cacc9c21c823ba8026e5d8576aef1cd1f6d34da70edc.exe
Size

1.7MB
MD5

f4a036e7d8e8578cd7619b3f6bd689fd
SHA1

9a4501ec0e8689a5975eedee72214d667f8b8797
SHA256

7a4b185a74fa6d210443cacc9c21c823ba8026e5d8576aef1cd1f6d34da70edc
SHA512

5c682cc179665ea057bcc60acaac09af651f532276cd274ffedb67539c7c0ec38d2cee26e393f48ae98c8c2f4bdc55f10b2f5afd9784de7e07e01998603c2c85
SSDEEP

24576:8Wwa+ea2+k0PQhD5xm749ZaRarCjFX0xPwvVBgnyydfZcsvM0sIObQ/:uaOvP01xm746MxMAyydfZ9sIGQ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2992	chrome.exe
2992	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1288	7a4b185a74fa6d210443cacc9c21c823ba8026e5d8576aef1cd1f6d34da70edc.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2992	chrome.exe
2992	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 2992	1288	7a4b185a74fa6d210443cacc9c21c823ba8026e5d8576aef1cd1f6d34da70edc.exe	28
PID 1288 wrote to memory of 2992	1288	7a4b185a74fa6d210443cacc9c21c823ba8026e5d8576aef1cd1f6d34da70edc.exe	28
PID 1288 wrote to memory of 2992	1288	7a4b185a74fa6d210443cacc9c21c823ba8026e5d8576aef1cd1f6d34da70edc.exe	28
PID 1288 wrote to memory of 2992	1288	7a4b185a74fa6d210443cacc9c21c823ba8026e5d8576aef1cd1f6d34da70edc.exe	28
PID 2992 wrote to memory of 2532	2992	chrome.exe	29
PID 2992 wrote to memory of 2532	2992	chrome.exe	29
PID 2992 wrote to memory of 2532	2992	chrome.exe	29
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2052	2992	chrome.exe	31
PID 2992 wrote to memory of 2480	2992	chrome.exe	32
PID 2992 wrote to memory of 2480	2992	chrome.exe	32
PID 2992 wrote to memory of 2480	2992	chrome.exe	32
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33
PID 2992 wrote to memory of 2444	2992	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\7a4b185a74fa6d210443cacc9c21c823ba8026e5d8576aef1cd1f6d34da70edc.exe
"C:\Users\Admin\AppData\Local\Temp\7a4b185a74fa6d210443cacc9c21c823ba8026e5d8576aef1cd1f6d34da70edc.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" "--app=http://127.0.0.1:49209/index.aardio?rpcServerPort=49209&rpcAasdl=%7B%22%24onLoadUrl%22%3A1%2C%22%24onUrlReady%22%3A1%2C%22%24test%22%3A1%2C%22copy%22%3A1%2C%22find%22%3A1%2C%22fullscreen%22%3A1%2C%22hitCaption%22%3A1%2C%22hitClose%22%3A1%2C%22hitMax%22%3A1%2C%22hitMin%22%3A1%2C%22hitmax%22%3A1%2C%22hitmin%22%3A1%2C%22isZoomed%22%3A1%2C%22paste%22%3A1%2C%22print%22%3A1%2C%22quit%22%3A1%2C%22showDevTools%22%3A1%2C%22test%22%3A1%2C%22zoom%22%3A1%7D" "--url=http://127.0.0.1:49209/index.aardio?rpcServerPort=49209&rpcAasdl=%7B%22%24onLoadUrl%22%3A1%2C%22%24onUrlReady%22%3A1%2C%22%24test%22%3A1%2C%22copy%22%3A1%2C%22find%22%3A1%2C%22fullscreen%22%3A1%2C%22hitCaption%22%3A1%2C%22hitClose%22%3A1%2C%22hitMax%22%3A1%2C%22hitMin%22%3A1%2C%22hitmax%22%3A1%2C%22hitmin%22%3A1%2C%22isZoomed%22%3A1%2C%22paste%22%3A1%2C%22print%22%3A1%2C%22quit%22%3A1%2C%22showDevTools%22%3A1%2C%22test%22%3A1%2C%22zoom%22%3A1%7D" --hide-controls --no-proxy-server
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6659758,0x7fef6659768,0x7fef6659778
    3⤵
    PID:2532
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1304,i,5255979130082807209,4790706674344576921,131072 /prefetch:2
    3⤵
    PID:2052
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1304,i,5255979130082807209,4790706674344576921,131072 /prefetch:8
    3⤵
    PID:2480
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1304,i,5255979130082807209,4790706674344576921,131072 /prefetch:8
    3⤵
    PID:2444
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2136 --field-trial-handle=1304,i,5255979130082807209,4790706674344576921,131072 /prefetch:1
    3⤵
    PID:2404
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2144 --field-trial-handle=1304,i,5255979130082807209,4790706674344576921,131072 /prefetch:1
    3⤵
    PID:1732
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1480 --field-trial-handle=1304,i,5255979130082807209,4790706674344576921,131072 /prefetch:2
    3⤵
    PID:1456
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3596 --field-trial-handle=1304,i,5255979130082807209,4790706674344576921,131072 /prefetch:8
    3⤵
    PID:1712

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e4dc8f4ca94a940b0d0c946745e7c66e

SHA1
757c4fc1a17209f460040161a1ea2717be9fe6f9

SHA256
e9fb1340fbbd56547724c464473d49ceb5f9ef795144e7cbbd4a88da92a0eb1a

SHA512
42cde86f424e8ae2ddda2144cf9dc4419136965cde49561bdf61f8b042fd866ef6c9f585e03db5b877a0ab8a433dbfbd0012cf4c03f5a53d47baa3d23674ef47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c7fc652a0d3d117343842d49ac93937a

SHA1
055c1849c6c1d21405209024eacffb5d0beb31e7

SHA256
4b4bc28f0f510ae88239154622356ce8c0b8fd0a4f1b5a5f89c7032ea3fc57e5

SHA512
64bbf6f0acb875fbf67d006557fee0c03b21feb2a106b4a6456b6c8214b464b4590f3251aaaa904676d0c290536cb159b6ed8b48c41409e0b227ae37cc1f02fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cc3f202687eb354547f2418aeb796ec3

SHA1
a645ccbcb12674e2d81f43a4c362fb27e7beff3e

SHA256
c70724db6ce80a2e94c13e2c6f07230d96a820c8e6fce5ea71fcc3d0327cbf89

SHA512
92dff8988a6fb947df8ac5884d332a4a1e6b06a6de57c03109c7fff2e16b001867d4227559b9863cbd4b316059cbe7f83fa64101af52215490263399ac0b8abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/1288-0-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1288-1-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download
memory/1288-5-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/1288-76-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download