hxxp://apkbark[.]com/dowload/gta-v/mod/

Analysis

max time kernel
600s
max time network
490s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 06:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://apkbark.com/dowload/gta-v/mod/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133550733062847711"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4964	chrome.exe
4964	chrome.exe
3544	chrome.exe
3544	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 4360	4964	chrome.exe	87
PID 4964 wrote to memory of 4360	4964	chrome.exe	87
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 1604	4964	chrome.exe	89
PID 4964 wrote to memory of 3940	4964	chrome.exe	90
PID 4964 wrote to memory of 3940	4964	chrome.exe	90
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91
PID 4964 wrote to memory of 4536	4964	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://apkbark.com/dowload/gta-v/mod/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff878439758,0x7ff878439768,0x7ff878439778
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1872,i,5644946058244842215,17763156042001582875,131072 /prefetch:2
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1872,i,5644946058244842215,17763156042001582875,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1872,i,5644946058244842215,17763156042001582875,131072 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1872,i,5644946058244842215,17763156042001582875,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1872,i,5644946058244842215,17763156042001582875,131072 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4684 --field-trial-handle=1872,i,5644946058244842215,17763156042001582875,131072 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 --field-trial-handle=1872,i,5644946058244842215,17763156042001582875,131072 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1872,i,5644946058244842215,17763156042001582875,131072 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1872,i,5644946058244842215,17763156042001582875,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3544

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
67cf7276e03f543a0443da38548e176b

SHA1
154aab6079d6955705c9f24b38a542a907bdf1c1

SHA256
6787f5237ed5fd189694f660b814dc19f71bec842660523a8b16be2b8e7b55e3

SHA512
c410de8985b1df7ed59e78b1e62525460624584ffadd7249f8444b28f0c4c50622835a8b768cbf5ff41e26b21c51af325c255c715148e8dfd12ef6dfb9d00fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
066f7e4577f04e96d73a069d1b25d043

SHA1
1fb4ecaf0c3395746f008ffe31eb02d0d3acf203

SHA256
d576022e893b9a92b9cfa947344efaeaea442041cf6fd82e0ea58ec216e42cd2

SHA512
e3b1f6ca15668eb7bf58c608a5e21720bdcd8fd44614e24c8804b23352552146efa22e607bcff6073e2a181893a56c73c6e7205fa8fb07a3d589d3c4c2f48b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
8c17821c8fb781810a41c9a7873ed22f

SHA1
60cfbc1ec698f39b87baf5cf49c99cb77e0788fa

SHA256
c15c8e5d8fb4d4d07e3255b02c537f78d26c5bb14f8de03ac032985f718c9c31

SHA512
7a6c79ffad0e14ce076c7bcbff2907094eab59bd887416068bd061dbbdd84accb7cc2e826d2af3d8117576686d12c094ad8ef74639bec31c8d03f7c3532c58b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0a4dd12cffed33afe75afedd786bfa46

SHA1
20ea710fc2978e93272482631a6b765018274505

SHA256
cc1fb7c6ebfbf196b0c47208c652f6b9c4a00ff629901f51c9748b17da60ddc2

SHA512
4d3461a953666c9304880a875471b662351a5838dfcfa517e704ce642fba867de3acfe8032ffdb88e918587907d27325fe83ef0a1bc860871f4c8904e8f33e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
12c447f95ec378f29416167ceb0391b0

SHA1
29cd369dbd1ff0f56a923876f9220f75125db8e0

SHA256
012dd66378bee5bd01330132b78a2a5ebc1c5a77c6431ed3bd850014fcd3dbeb

SHA512
6926743c7d38c86ce45bd732df8625634e42153be587b36739515b0cbccdd47666bdfcd6243ca56dd5dc24929c9fc7b30d0f5b63976da37fda6e486e616e0ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit