Overview

overview

7

Static

static

3

Carbon_v1.7_Beta.7z

windows11-21h2-x64

7

Analysis

  • max time kernel
    40s
  • max time network
    50s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08/03/2024, 23:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Carbon_v1.7_Beta.7z

  • Size

    5.1MB

  • MD5

    8855fac6624b049376156855e13d28b6

  • SHA1

    f93cd06b214f86c63421caa3021e7237c3e504b3

  • SHA256

    db3c5a4659547f2f8b718043becb263990192334a2c8ed900c130ed5c2419d7b

  • SHA512

    c939d46dfac57c0f2e01551adfab8acce2e2fb970433c0649cb58bdcf5316443e2ff240dfdffa4dd321a4f2bb0736e651eb12a83c56e54e36899b6404e210b08

  • SSDEEP

    98304:8UcjhdBp9XJuZEVt5tmQN7zW4WJtLjJJqo5payT0r/BPSdk:8TzxXJvTmQNvcJtLjrqYp3GJUk

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 10 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Carbon_v1.7_Beta.7z
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1584
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Carbon_v1.7_Beta.7z"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3252
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4408
    • C:\Users\Admin\Desktop\Carbon_v1.7 (Beta)\CarbonLauncher1.7.exe
      "C:\Users\Admin\Desktop\Carbon_v1.7 (Beta)\CarbonLauncher1.7.exe"
      1⤵
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2444
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c node -v
        2⤵
          PID:1532
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c cls
          2⤵
            PID:3424
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c start https://nodejs.org/en/download/
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:3872
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nodejs.org/en/download/
              3⤵
              • Enumerates system info in registry
              • NTFS ADS
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:2228
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd49753cb8,0x7ffd49753cc8,0x7ffd49753cd8
                4⤵
                  PID:3868
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,4807768629429569656,752984102414246187,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
                  4⤵
                    PID:5080
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,4807768629429569656,752984102414246187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
                    4⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2540
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,4807768629429569656,752984102414246187,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
                    4⤵
                      PID:1332
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4807768629429569656,752984102414246187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
                      4⤵
                        PID:3304
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4807768629429569656,752984102414246187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
                        4⤵
                          PID:4044
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,4807768629429569656,752984102414246187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
                          4⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4000
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4807768629429569656,752984102414246187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                          4⤵
                            PID:5084
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4807768629429569656,752984102414246187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
                            4⤵
                              PID:2064
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4807768629429569656,752984102414246187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                              4⤵
                                PID:1588
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4807768629429569656,752984102414246187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
                                4⤵
                                  PID:4700
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4807768629429569656,752984102414246187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
                                  4⤵
                                    PID:4684
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,4807768629429569656,752984102414246187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
                                    4⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1704
                              • C:\Windows\system32\cmd.exe
                                C:\Windows\system32\cmd.exe /c cls
                                2⤵
                                  PID:3448
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3892
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:708

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    ce319bd3ed3c89069337a6292042bbe0

                                    SHA1

                                    7e058bce90e1940293044abffe993adf67d8d888

                                    SHA256

                                    34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

                                    SHA512

                                    d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    12b71c4e45a845b5f29a54abb695e302

                                    SHA1

                                    8699ca2c717839c385f13fb26d111e57a9e61d6f

                                    SHA256

                                    c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

                                    SHA512

                                    09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    600B

                                    MD5

                                    842d250c3a94080112e6bd151814e093

                                    SHA1

                                    0aa8f75a9d7d4d547a6f207f3e675f2a9fd40b2d

                                    SHA256

                                    5d26f370dbe5c23603455ecbbcf4ec54705bebef4ff1f9965128fc6b1ab79360

                                    SHA512

                                    578e7521a2c7755a6b25baa1ce783461834de6851f20e700c2caf4828cb1a3572ec8c3653cbc3418da24093b8d11957c16a7b848b524eea536867e85fb9dc3ab

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    b6a138b3bf12926a357046adc6903eb2

                                    SHA1

                                    41f327c464d7ff06ed8addf4808f1a9b169caeed

                                    SHA256

                                    d6c656a9614ab58c613a2f4cab3974c6946b104f01f77a1dc757841a8c923eb9

                                    SHA512

                                    d361765a310000b326e5b0e0cdfc872c9d24dd3e405a6d6a9f36b13eb996d0ea822b7211f8eff69cddaf189c67275a19ddb5d3ec91917718ed92dc7a66a6838f

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    37c3f1c8a7a28982512fb475b91c35e8

                                    SHA1

                                    8af5e711030867769da4a655f87092122cf7ef64

                                    SHA256

                                    8d789c0b118c4b756ab76730457f631f71b4078cfd986f0d32bbd76bb33c2ba7

                                    SHA512

                                    20215939418115ff64bcd6047985c46e5485c914a697e42ea7e0955725a51b8c754a575ad1e80b955416b03be2bf7e1109240c54bbfd7a80c91d248c279b9918

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    46295cac801e5d4857d09837238a6394

                                    SHA1

                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                    SHA256

                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                    SHA512

                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    206702161f94c5cd39fadd03f4014d98

                                    SHA1

                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                    SHA256

                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                    SHA512

                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    d9c89dd958694cd6b58453c5012c037c

                                    SHA1

                                    96c437177ebc6344301641deda43f82bd1101f82

                                    SHA256

                                    3ff09faa6da36a2377ec372eaa64ffa43066cf907a027cef35a2bec6eb0c4305

                                    SHA512

                                    cfe57b696a644c1b3eacbd4c0993195f4f45b00aa7634d2a8184e772e8b7bfdf72185fcbd87297acf73567fa657ea3d28ced1e139400ad38de2f6a715c7b6606

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    61df98e2604dafc0648ecb97d0285c56

                                    SHA1

                                    fcf7e5f97e1e009eb31dfbc51fd6cf2b99f070c3

                                    SHA256

                                    1e27d886c089bf8e9b2c53762857accab0c11b56f49fe6f6cbece692399566f3

                                    SHA512

                                    2a29a137782901892b84f9c0ea5ae2f8b3c58f82d919ede681d6458d452a4d86465bd1bfdd38619a9415cce6c99d579816d94dfff652552842257205078fdfdc

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\7zE4BCCDCA7\Carbon_v1.7 (Beta)\NeoniteV2\.git\refs\remotes\origin\dev-temp
                                    Filesize

                                    41B

                                    MD5

                                    ce5abbd9440c9babac321e44bd591898

                                    SHA1

                                    3ef6cad1ef6136a4cf3f1669e75afcb0f5c296c5

                                    SHA256

                                    a9d88d4f58864d9aa0c47a5e9b06ab9619892dab05426b7091ff25b9e3eeb763

                                    SHA512

                                    2e5486e975cfc3b7b0b35e0fdcdf0ebe78a9ec75e70be466acf651c8f1f6feea36666d272fa10863c9e85b69c8da92783ac13df89a3758cffba43a076bb74f13

                                    Download Submit

                                  • C:\Users\Admin\Desktop\Carbon_v1.7 (Beta)\CarbonLauncher1.7.exe
                                    Filesize

                                    664KB

                                    MD5

                                    318ad69cbc5a7564e85b1cf8fe261904

                                    SHA1

                                    b67fe0979f1d3127e35165246f6494dd59f0212f

                                    SHA256

                                    e3f186881554e11609cfb2fccd16946277ff978418d7f28e7bd07752c40b58dd

                                    SHA512

                                    530dc6645bd55ffc449e83b1ef8bef6ea14edc2c06c7eb497f7e586fb98c08a5ee24a5f0ae6bc429d600c71bda8cff414007531fd31657e40db1bf3317ddef21

                                    Download Submit

                                  • C:\Users\Admin\Downloads\Unconfirmed 95435.crdownload
                                    Filesize

                                    25.4MB

                                    MD5

                                    ddc3834ba30017c8b403f48f802c2566

                                    SHA1

                                    7460683828f21069a33e694801a85557434cefcf

                                    SHA256

                                    c54f5f7e2416e826fd84e878f28e3b53363ae9c3f60a140af4434b2453b5ae89

                                    SHA512

                                    94bb61b403d42ba362d470809e7d4167e1df55280ed5daf96c65861ab031718dce1851838d4b7e3cc873da8dda7b461c39b91edff9af4e7ad6f697c46528ffdc

                                    Download Submit