Resubmissions
31-03-2024 01:38
240331-b2gzwabd9zAnalysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
31-03-2024 01:39
Static task
static1
Behavioral task
behavioral1
Sample
eicarcom2.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eicarcom2.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
eicar_com.zip
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
eicar_com.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
eicar.com
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
eicar.com
Resource
win10v2004-20240226-en
General
-
Target
eicar_com.zip
-
Size
184B
-
MD5
6ce6f415d8475545be5ba114f208b0ff
-
SHA1
d27265074c9eac2e2122ed69294dbc4d7cce9141
-
SHA256
2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad
-
SHA512
d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4468 chrome.exe 4468 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe -
Suspicious use of AdjustPrivilegeToken 10 IoCs
description pid Process Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe Token: SeShutdownPrivilege 4468 chrome.exe Token: SeCreatePagefilePrivilege 4468 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe 4468 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4468 wrote to memory of 968 4468 chrome.exe 111 PID 4468 wrote to memory of 968 4468 chrome.exe 111 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5756 4468 chrome.exe 113 PID 4468 wrote to memory of 5444 4468 chrome.exe 114 PID 4468 wrote to memory of 5444 4468 chrome.exe 114 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115 PID 4468 wrote to memory of 2088 4468 chrome.exe 115
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar_com.zip1⤵PID:4700
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3668 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:81⤵PID:4888
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4468 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd84af9758,0x7ffd84af9768,0x7ffd84af97782⤵PID:968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1932,i,12465277022611465670,10446565644631811945,131072 /prefetch:22⤵PID:5756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1932,i,12465277022611465670,10446565644631811945,131072 /prefetch:82⤵PID:5444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1932,i,12465277022611465670,10446565644631811945,131072 /prefetch:82⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1932,i,12465277022611465670,10446565644631811945,131072 /prefetch:12⤵PID:4684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1932,i,12465277022611465670,10446565644631811945,131072 /prefetch:12⤵PID:332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4688 --field-trial-handle=1932,i,12465277022611465670,10446565644631811945,131072 /prefetch:12⤵PID:2420
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:5316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
632B
MD52d480b9b33cfadd83926f9226703ace7
SHA180db28a6db16e5f2e103f4c3c48bcbaa94235ed0
SHA256912a03064af08bef286453522393c8531b945a7684fd9bdcd2c5047711fbcb08
SHA512d2da8ebeeb84c3e414fa575e1ff19e0bed75717f9e50813fe9727a87d326e1dc8749fbfd1d55cfadcd0dfc81d9f13ac57c8b595811e6463a36690b821103f7cd
-
Filesize
369B
MD5fce60173ecc8e5fcb704300601404061
SHA142ba0e7297d40d5d787cd1a000b57d918ecc8d65
SHA25654506e58c44e715ea962ead8817a672953af7d45ffd430c55da92a1b6219b69e
SHA512e11d32011414c1f03b2ca0a983983eaf16c45f7a02b9c6daa7a2b24f338cda9b29bfd4a581dd6c9070675347fd794551ca9223f42ffe4494dcdc9266e2b77789
-
Filesize
5KB
MD5ed0a40f654226973182c5c5639b06dc5
SHA1cb7b295719f7b9104539f4a7a8e9752e499df3e8
SHA25603d61ca160fc5634ce4160cca66414eed9cc33951cdacb93d8ba357fdb5b9421
SHA512280f010b6ce61eb93bdbfbdc498138b0778fd97141b35e0addea8ddf82f706be090fb265ec8aa9eaa1c1f681ec53cb0ba6675a54067b1f7396e2e5e2d6b79296
-
Filesize
260KB
MD5177e3dc4bcdb68b630416be383113e70
SHA11afe05d4895d6e515ca6eb4e1c3df6215905bf48
SHA2567d666066d500f8c8d5e9f8f2cdc8ca0037ae7057261b491dc9975ba607b8372c
SHA512a69f28615b6cab85367a5610e9bcdea061b7bfd4a01dbc3532b6ce5cbc317b1b936cdca1d6e680bf0dd5e4033ab074e3a8f1ad9a3dac48b889c1e7c2f5ee72c0
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58