Analysis
-
max time kernel
472s -
max time network
484s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
13/03/2024, 15:33
General
-
Target
f5de75a6db591fe6bb6b656aa1dcfc8f7fe0686869c34192bfa4ec092554a4ac.zip
-
Size
8KB
-
MD5
47ec7c4cb1eeda4ee8fd85a159f389b7
-
SHA1
c0347b44b4107c9c9fe491a66e6bfd507f486be9
-
SHA256
bf0054b884b45c8818aa37902779603e5b0510fc8600a6f2f90fa157f33b6472
-
SHA512
6e8b7581086faaf2707c17f1d621851bcf1b7c6842e208867a551fbc8def89b21ba17a8e088c9283d218852b1ff067a79650fd0068fb7e05602d543da5c54464
-
SSDEEP
192:IDORd6t07AcxxwRpzFqPddpXBEQCJyVh5mUiDlkA2g8bX:eWCwAc4GPlxWyb5mU4Ozz
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 37 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\f5de75a6db591fe6bb6b656aa1dcfc8f7fe0686869c34192bfa4ec092554a4ac.zip1⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0xd01⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\f5de75a6db591fe6bb6b656aa1dcfc8f7fe0686869c34192bfa4ec092554a4ac\" -ad -an -ai#7zMap2988:208:7zEvent82941⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\" -an -ai#7zMap12402:208:7zEvent74431⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\f5de75a6db591fe6bb6b656aa1dcfc8f7fe0686869c34192bfa4ec092554a4ac\" -ad -an -ai#7zMap15384:208:7zEvent211301⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5b09758,0x7fef5b09768,0x7fef5b097782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3232 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1128 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1208 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3456 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1292 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3860 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2584 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2296 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1948 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1372 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1672 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2512 --field-trial-handle=1392,i,7468350121109013080,7574786933319321669,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
Filesize
344B
MD5613537ddd32d150215c678907513745f
SHA1b6c68172563b762aaa35ceef2567fc5197a77d19
SHA256a7f649cb5f1632346d0d5046521d103436b8c2af147ad16e24278442b71a65cc
SHA5121f68030011044326124cfed04e85da3e51768ff9ad63f3e999f4319daa2f04df0c1073e7228b1c2ae75adbbbf124651144180a90143b87aa66956bcae8fbfb7f
-
Filesize
262KB
MD5a738dc459d24b48c15911f786cda7f31
SHA110fd47058b54821b90832b047d31889837ec9876
SHA256b3c38e52c09d0dbf8287df66df170a11224453e0db2eaf7d40dfd6b34c87af3a
SHA5129e78e54834ce1ff1333aabda8a3a81e432ef2d473d9e83aee140db2c1742077736a151fa8295a3d4e4a6da2d27ba86d1651825505d4909f86ada50d6ce2fa699
-
Filesize
72B
MD59f04dadf79d0f0d34702eca9d6f33e71
SHA1c0e6533191c8a96ea34d623453d7b5acb380fd9d
SHA256de425f062b0968067b08daf32aed5dc4870f410e70a01b543e683ac4ac20485e
SHA51214758324cb45d8378b476dc52109ae3eb41c700b1c611602c0f80e9d16a90087aa6aeb71315fa39bef17f8a289c5abcb27ea423a8cdfecb0f54d83f895953430
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
986B
MD519d5e0484e3764ebfc685058453a881f
SHA17519191b6e09f843b128a12aa13cd27b008743a6
SHA256ddd63b856308fb696ba389bb99a7e7c20d04908d684db2b91fa55a438373a4bb
SHA512a7468f89ad6dfa223b53f592ec20d4473dd659049d7981f112415fe397b11613ff7ca96b0239cbb5f7b2bade0329c6789d43b01ac19bbf87037ca934424f8ae2
-
Filesize
4KB
MD5e4e515d5efde6874adfa433ba720fdb1
SHA13baa5e64068e4e6bb614e2b22d3b025291303846
SHA256ad7117bec53e9d88e7a5318be349ca20fbe44787c66e24c12a6bed2cc40b31e5
SHA512ae36ff31dcbb3e221a99c07fe70b650bae6bcc35d996b14d60c53013bdfb813e62eb428a1137bdcac39026e515d8fc02cb2853d5d6b8e815cc59064b8dd58ee9
-
Filesize
5KB
MD55c277c552e808d2e17378a7f1928595c
SHA1d685f8c4fd82c4633147c406dc071fd301edaef5
SHA25607bb10812d28ddb65e8af82aedc6752d2a08c9a1ce31ce036339aee52f5efc7b
SHA512ff2c1527b33ee3e022788f571aad92b91055e5cabcb56edce5024b3e1ac0bf150b4ed4ba90ffa679a6ea0b3788d61b211b02bbb64ce0295f116d11ede8fb8dd1
-
Filesize
4KB
MD5995874817b5fc36344c3e0414bf13f71
SHA16bf544035aafc627d4a6f94205d2a6aa5628aeec
SHA25650398a52c15aa412da7c4a069a92fc4743501e7a31b4d9720547733e9312e43f
SHA512f3bac6611afdab10e18d6daf04ba3ef8b2b1aa479d5809132930fb0d5c0e2c89949d7d8288382ec06363bd61329c0c6668237d4e60bb9cf3df284abf9e4491bd
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
261KB
MD5809b6c613ca5e6e7e66c0f6f3e70a403
SHA138e4febacd0994eed3538617c60a64dc736ceb2a
SHA256caf8ed0c5b2e325ae4e2ee4caecbe60629ad0d80c0a58eba05ee7d0ca04ccfb7
SHA5125bb5ccbc673b91844d0f371a2828b4a295047ffee5ea0d363247422dacbcf69d38e4b5c264f94ff0eef29d90c721c0ba0d352e278951aff7d71aebd0d015f461
-
Filesize
292KB
MD50cfa4ab79aab7e6fd86a9d45ebe6f16a
SHA1e42aa8abb37d30e0571337d323f9efc7a02a6474
SHA256c5536b4c1ba76a0890ac58d22c33e107eee5d4739d8b33d9412e1aad582a3e65
SHA512e03809a41f29f0bbb8e8754d0e6928cbf9adbf51a6fe95b6d8eec209addffbf5e95c8f4523dc99372fed4b0c78b23823a6bc9794f74d736135f25a21cd881f73
-
Filesize
257KB
MD519cfdfa5f52275799fcce6d6e96c4b00
SHA1bf74145d69c1af8f1f9403fdf87f795a17d94b77
SHA256aec50ce08901fabb7a148c538e3d49ac4a9f635c7539e1932a3142d4f550b31a
SHA51278d19aa33d5229141d86be85be8d6d21ea3b3feec4e09ccf3481cde4e810d14823b9e8febb6c13af824dade670eac3f36bc8e5d6bf2b00a3cb5ca784a220f44a
-
Filesize
175KB
MD5dd73cead4b93366cf3465c8cd32e2796
SHA174546226dfe9ceb8184651e920d1dbfb432b314e
SHA256a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63
-
Filesize
23KB
MD56ba060cc4ca5510ab5c0776b9cdf6ef9
SHA1182f103e514c9945fea9bed04b5dcf8b5627c6a1
SHA256f5de75a6db591fe6bb6b656aa1dcfc8f7fe0686869c34192bfa4ec092554a4ac
SHA51282e8494de6fb9cd73d27ebfdf6e1f1997f7bc6ad51afdde1f878133e3b1ea806dbff25bdadb492e76beb9388931b8149ae29644ac2a6ae07f920ecad02b802ce