837415683d56ba17ab5b260587855ac35076e05018a6281f4064cd1d03a46ac9

Resubmissions

18/03/2024, 15:07

240318-shhkqscb9y 8

18/03/2024, 15:03

240318-se9j2scb51 8

Analysis

max time kernel
144s
max time network
201s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gx-browser.js
Size

165KB
MD5

e276a501681746b6a8c8a53352ee754d
SHA1

8d1821e0ec5d967e36cb4969763dd3c63e4cc220
SHA256

837415683d56ba17ab5b260587855ac35076e05018a6281f4064cd1d03a46ac9
SHA512

50fbbc879c24f13c85134d4713a66072eec6b8c37c60452f505fb624b85e94ef28530a2f1118be31936d503e3ab3af20398cab244ce87a056633c70d13afb393
SSDEEP

1536:WasZT/zlXf87fita72252wj+YSLct/xWpmgLODCcsLUazNcpBzaMB20AWiigzzoq:oL8Ly92YwNJ0PzDreFOHDlNDuG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 1196	1924	chrome.exe	31
PID 1924 wrote to memory of 1196	1924	chrome.exe	31
PID 1924 wrote to memory of 1196	1924	chrome.exe	31
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2640	1924	chrome.exe	33
PID 1924 wrote to memory of 2624	1924	chrome.exe	34
PID 1924 wrote to memory of 2624	1924	chrome.exe	34
PID 1924 wrote to memory of 2624	1924	chrome.exe	34
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35
PID 1924 wrote to memory of 1556	1924	chrome.exe	35

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\gx-browser.js
1⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6af9758,0x7fef6af9768,0x7fef6af9778
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1392,i,17851212674921763845,18018210286446048990,131072 /prefetch:2
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1392,i,17851212674921763845,18018210286446048990,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1392,i,17851212674921763845,18018210286446048990,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1392,i,17851212674921763845,18018210286446048990,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1392,i,17851212674921763845,18018210286446048990,131072 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1392,i,17851212674921763845,18018210286446048990,131072 /prefetch:2
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1324 --field-trial-handle=1392,i,17851212674921763845,18018210286446048990,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2172
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f677688,0x13f677698,0x13f6776a8
    3⤵
    PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 --field-trial-handle=1392,i,17851212674921763845,18018210286446048990,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3492 --field-trial-handle=1392,i,17851212674921763845,18018210286446048990,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=1392,i,17851212674921763845,18018210286446048990,131072 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 --field-trial-handle=1392,i,17851212674921763845,18018210286446048990,131072 /prefetch:8
  2⤵
  PID:2636

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240318150612.pma

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1c9adb82-f279-4a60-acfd-ae2e0875116d.tmp

Filesize
263KB

MD5
52c7e910cbab74c4eaf76f40d6b150fa

SHA1
1d40d2701ccc885d5f3141d2d282ffec09733db9

SHA256
a4cbafa07b0e206dac6560dcb0cde9007b5b289295cf36f9349b8d9cd401d622

SHA512
8f5707a115b9293ec2fe7d1cee0a97f99269224b068202614fa8603e5b0ae7934d723185b1177493e7cccec357336373ea400f30a7bf2f6555b1c2c6cbef9501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7be57ca9163ec7c60947fabe4e57b9e7

SHA1
1b4ca378ca95da521abb3e806302d49c1871fc62

SHA256
830b8d970f5b298c078f8e36338688fef918ebde40d1e132f15a65d13a94cc1c

SHA512
7a4fa9ebfdefe23b28e9ea4b123d2ae4bfafc35069b8039ba8bfcc550fab56a776926d3b170747b26aef85e9f4329d63936747ba460ec48269b9a6465a9f3ef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2444c70082e6ae4908e73d8037c4cfc3

SHA1
dddf119bd304fc9068436548e32ea32fbd58fa82

SHA256
efb4170d77b3f769f9b0c65f54f05952f99eeaa58008d620d99b4e18066606cb

SHA512
50ac4357b795cea48d34c5ebdbf5ccab8e0ba2f4146232e57f744006e61305698e5547c1c67f22ad40d6295411c187a7be22a3e64dd864cb57e3673c51d313e9

Download Submit