Overview
overview
3Static
static
1Chronos/.g...sample
windows7-x64
3Chronos/.g...sample
windows7-x64
3Chronos/.g...sample
windows7-x64
3Chronos/.g...sample
windows7-x64
3Chronos/.g...sample
windows7-x64
3Chronos/.g...sample
windows7-x64
3Chronos/.g...sample
windows7-x64
3Chronos/.g...sample
windows7-x64
3Chronos/.g...sample
windows7-x64
3Chronos/.g...sample
windows7-x64
3Chronos/.g...sample
windows7-x64
3Chronos/.g...sample
windows7-x64
3Chronos/.g...sample
windows7-x64
3Chronos/src/main.py
windows7-x64
3Chronos/sr...ken.py
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...310.js
windows7-x64
1Chronos/sr...10.pyc
windows7-x64
3Chronos/sr...10.pyc
windows7-x64
3Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
22-03-2024 17:01
Static task
static1
Behavioral task
behavioral1
Sample
Chronos/.git/hooks/applypatch-msg.sample
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Chronos/.git/hooks/commit-msg.sample
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
Chronos/.git/hooks/fsmonitor-watchman.sample
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Chronos/.git/hooks/post-update.sample
Resource
win7-20240221-en
Behavioral task
behavioral5
Sample
Chronos/.git/hooks/pre-applypatch.sample
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
Chronos/.git/hooks/pre-commit.sample
Resource
win7-20240221-en
Behavioral task
behavioral7
Sample
Chronos/.git/hooks/pre-merge-commit.sample
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Chronos/.git/hooks/pre-push.sample
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
Chronos/.git/hooks/pre-rebase.sample
Resource
win7-20240319-en
Behavioral task
behavioral10
Sample
Chronos/.git/hooks/pre-receive.sample
Resource
win7-20240221-en
Behavioral task
behavioral11
Sample
Chronos/.git/hooks/prepare-commit-msg.sample
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Chronos/.git/hooks/push-to-checkout.sample
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
Chronos/.git/hooks/update.sample
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Chronos/src/main.py
Resource
win7-20240221-en
Behavioral task
behavioral15
Sample
Chronos/src/utils/DownloadToken.py
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
Chronos/src/utils/__pycache__/DownloadToken.cpython-310.pyc
Resource
win7-20240220-en
Behavioral task
behavioral17
Sample
Chronos/src/utils/__pycache__/accountNuker.cpython-310.pyc
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Chronos/src/utils/__pycache__/blockAllFriends.cpython-310.pyc
Resource
win7-20240215-en
Behavioral task
behavioral19
Sample
Chronos/src/utils/__pycache__/closeDMs.cpython-310.pyc
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
Chronos/src/utils/__pycache__/common.cpython-310.pyc
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
Chronos/src/utils/__pycache__/createServers.cpython-310.pyc
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
Chronos/src/utils/__pycache__/deleteFriends.cpython-310.pyc
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
Chronos/src/utils/__pycache__/deleteServers.cpython-310.pyc
Resource
win7-20240319-en
Behavioral task
behavioral24
Sample
Chronos/src/utils/__pycache__/deleteWebhook.cpython-310.pyc
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
Chronos/src/utils/__pycache__/fuckAccount.cpython-310.pyc
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Chronos/src/utils/__pycache__/getAllFriends.cpython-310.pyc
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
Chronos/src/utils/__pycache__/hypesquadChanger.cpython-310.pyc
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Chronos/src/utils/__pycache__/leaveServer.cpython-310.pyc
Resource
win7-20231129-en
Behavioral task
behavioral29
Sample
Chronos/src/utils/__pycache__/load.cpython-310.pyc
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
Chronos/src/utils/__pycache__/loginWithToken.cpython-310.js
Resource
win7-20240215-en
Behavioral task
behavioral31
Sample
Chronos/src/utils/__pycache__/massDM.cpython-310.pyc
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Chronos/src/utils/__pycache__/tokenInfo.cpython-310.pyc
Resource
win7-20240221-en
General
-
Target
Chronos/src/utils/__pycache__/blockAllFriends.cpython-310.pyc
-
Size
841B
-
MD5
b0a0e84bf2777b80664ca2a2c47323ce
-
SHA1
432491cab9dc7522aa47feefbb5ff5f69fc6e5a4
-
SHA256
60ad612f9f5b1118e6841e13e6bcc35b17a39ebd48761bbfc7253df2f3e0930d
-
SHA512
cb4c22fd7e4a216847299dbedc0ef428b8c5ffd8da1f0a29cc3269e67f9404d234d41554030f39deed917cfc3bcfaa954560c11baa2d092478e2408bf5309b22
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\pyc_auto_file rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\.pyc\ = "pyc_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\pyc_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\pyc_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\pyc_auto_file\ rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\.pyc rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\pyc_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\pyc_auto_file\shell rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 2572 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
AcroRd32.exepid process 2572 AcroRd32.exe 2572 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
cmd.exerundll32.exedescription pid process target process PID 2620 wrote to memory of 2588 2620 cmd.exe rundll32.exe PID 2620 wrote to memory of 2588 2620 cmd.exe rundll32.exe PID 2620 wrote to memory of 2588 2620 cmd.exe rundll32.exe PID 2588 wrote to memory of 2572 2588 rundll32.exe AcroRd32.exe PID 2588 wrote to memory of 2572 2588 rundll32.exe AcroRd32.exe PID 2588 wrote to memory of 2572 2588 rundll32.exe AcroRd32.exe PID 2588 wrote to memory of 2572 2588 rundll32.exe AcroRd32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Chronos\src\utils\__pycache__\blockAllFriends.cpython-310.pyc1⤵
- Suspicious use of WriteProcessMemory
PID:2620 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Chronos\src\utils\__pycache__\blockAllFriends.cpython-310.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2588 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Chronos\src\utils\__pycache__\blockAllFriends.cpython-310.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2572
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD5ed8f9f27a3debe0c1d9adf95be80925b
SHA1a6919b62748b4489d44a5312a8b8fa37c2dfd801
SHA25647f48b47bbdcdf7fb94a05e3eda5080af2a3c9c2f71923f5c1d9e82b57e4fa12
SHA512907d1e5a7e5332d969fb86344a4d6356b561de2445162a7ad124186035badb68ffd65d565a63e3f30f9ee6c4667fee21b7b59e68d58979dd2d7b4940013dd68b