bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

Analysis

max time kernel
46s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-03-2024 11:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42.zip
Size

41KB
MD5

1df9a18b18332f153918030b7b516615
SHA1

6c42c62696616b72bbfc88a4be4ead57aa7bc503
SHA256

bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
SHA512

6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
SSDEEP

768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2908	chrome.exe
2908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2688	2908	chrome.exe	29
PID 2908 wrote to memory of 2688	2908	chrome.exe	29
PID 2908 wrote to memory of 2688	2908	chrome.exe	29
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 1876	2908	chrome.exe	31
PID 2908 wrote to memory of 2408	2908	chrome.exe	32
PID 2908 wrote to memory of 2408	2908	chrome.exe	32
PID 2908 wrote to memory of 2408	2908	chrome.exe	32
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33
PID 2908 wrote to memory of 2544	2908	chrome.exe	33

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip
1⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b69758,0x7fef6b69768,0x7fef6b69778
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1376,i,15977753023850699101,3410647186795294356,131072 /prefetch:2
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1376,i,15977753023850699101,3410647186795294356,131072 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1376,i,15977753023850699101,3410647186795294356,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1376,i,15977753023850699101,3410647186795294356,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1376,i,15977753023850699101,3410647186795294356,131072 /prefetch:1
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1512 --field-trial-handle=1376,i,15977753023850699101,3410647186795294356,131072 /prefetch:2
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1276 --field-trial-handle=1376,i,15977753023850699101,3410647186795294356,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 --field-trial-handle=1376,i,15977753023850699101,3410647186795294356,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 --field-trial-handle=1376,i,15977753023850699101,3410647186795294356,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1376,i,15977753023850699101,3410647186795294356,131072 /prefetch:8
  2⤵
  PID:1188

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\91707ebe-9e63-4cd7-bfd1-e9b2e0d9e7e7.tmp

Filesize
262KB

MD5
33bf11523ae960461a092a2594ac7405

SHA1
3bb98e13642cd6463c8c0fcd5093bc5171c3ced6

SHA256
85969f29c04ac457929c3cf2514d84e45008246b43b9edce11477e4f21e8638f

SHA512
20b0cf23bcdea2e3b56aa8282be697edd2803b4f2a28b27a72bfe0ca1380055c6889561a63d4d18f22f1f662972fd22e196b36fb8a779b68b0d6949f0f89fd68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
ff739d82d564f7db457dd9fafb5a3bd7

SHA1
3362254a3e046e373d1cbf35663bf6feed06d801

SHA256
73be173532fcb3e3ff5c095515cdd7add53106d923601c3aa9ef56882448069e

SHA512
e66ad174dcea2996a54574f3e2cd513105e27fd318f7b870690b93b7ec3e5b8932793cb1f1f49e1ac77b223dc06802ab8b803411f0e873f9fa14f089605a678d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
54e362bbc766c5ea3108bd120f8588f8

SHA1
19c30ce215d407119a0e5eb038ec4a46c4eaf6c7

SHA256
67158784b564499abe9d90f06f99ac2a942de3df276554a267e50e46cb624e72

SHA512
98e4509b9d65fe9b0f2225a5e64c9f01a66245cea13b4921c8131113a4d4d48f114cfee7f364f68831bc3d1c4c19fb265a7c03faba08462d14add1dfd02b4d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
33be417bee98c25e8073063c9aed972b

SHA1
f4b57e945dad5c4843b95d7cd3afbb1454698198

SHA256
d5e2763c394f938803854681babaf942304ec25bd8896e4578808bc94fbf6c85

SHA512
c8ea18a9e0c38dbec0fda684dfe354fc93d6193a4553f2640b1be377b7955c8f0997300bc0408f832ff425310fa23e607dd87261b927492638dafef9546475df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
290KB

MD5
6a240c5a55fd545bda59234300f46a13

SHA1
f9baecc85f3b6c16650d8088aaf2bc49f4829a21

SHA256
ab0de38bce44a93c374343e6a42a7f64550cb9e58a238307763a7838a3d1c74d

SHA512
a1c1c58a9f10781178b4b5c7cdf5cdcdfd3f23eec959a04897e527784bd4d9b4c6f8177768d951ba28a11fd5443598326113625d1195ac24b0a4b1fe44873438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
07c0a6e55eb69c63634dac9fbeef33dc

SHA1
40851f5c8400a44171c1160919abae331ea9a54c

SHA256
c9af6b59510e1b7490580604e795203f2a4eb2dcaf0e475f69b21340da298780

SHA512
674391ca22ee079b87310788bfa2d1c4e3dfeb9817821f48ebe8d46b7ecc27639a643991263c1b3b835a6d700c18f79dd4a93958297a97920c59fb1ad8b426a1

Download Submit