Analysis

  • max time kernel
    1799s
  • max time network
    1688s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/04/2024, 19:30

General

  • Target

    https://uslu.usspatr.top/

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://uslu.usspatr.top/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7fffdc299758,0x7fffdc299768,0x7fffdc299778
      2⤵
        PID:5004
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1876,i,1841206869132857750,14797091609280322873,131072 /prefetch:2
        2⤵
          PID:3816
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1876,i,1841206869132857750,14797091609280322873,131072 /prefetch:8
          2⤵
            PID:4592
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1876,i,1841206869132857750,14797091609280322873,131072 /prefetch:8
            2⤵
              PID:64
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2784 --field-trial-handle=1876,i,1841206869132857750,14797091609280322873,131072 /prefetch:1
              2⤵
                PID:2788
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2792 --field-trial-handle=1876,i,1841206869132857750,14797091609280322873,131072 /prefetch:1
                2⤵
                  PID:2052
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3916 --field-trial-handle=1876,i,1841206869132857750,14797091609280322873,131072 /prefetch:8
                  2⤵
                    PID:4640
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1876,i,1841206869132857750,14797091609280322873,131072 /prefetch:8
                    2⤵
                      PID:2512
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5244 --field-trial-handle=1876,i,1841206869132857750,14797091609280322873,131072 /prefetch:2
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2716
                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                    1⤵
                      PID:5000

                    Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

                            Filesize

                            18KB

                            MD5

                            620682005074b886b95bcca68262c6ec

                            SHA1

                            8a9396d5a28cb0295996583d9592572837643eb7

                            SHA256

                            5daece83fa479c3d4a31413dc7cd0bbe7d8a6f7514aaf35cb05a850e8d8b185d

                            SHA512

                            3e8c12f6bb4b459af3f777c2c586510ba9facd15edae25f871fb6d3e8f3ae77844e444d49e05d300803e6d5eefb7bb54e902ec35658ba1df2ea3ed2df2d05e36

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

                            Filesize

                            57KB

                            MD5

                            7c4b863c86ce54beb64297fb03c97277

                            SHA1

                            cc737b61415777ef65f60ce53164d9f933d8e504

                            SHA256

                            61e03cd96b2d1f62d86bef36dd2cffd7abc6a703ee043e0d16b1fce7d41b4dd2

                            SHA512

                            60318b64372102fea8f9884782d0fae2f39f1275339f431f70457f6e9c4af72f7ff51af929d3d5087c2c72f9f0dbe94ff6c6fad8f998158c16b35af42fe2a894

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            192B

                            MD5

                            fa9dd70ffcdb508a6370e340750c1f1e

                            SHA1

                            079d798eceaec057830e0e24f7b2ccd3abddf73a

                            SHA256

                            75fa2ff180fb48cc99ebb6c0e8a148e9100a8a0ebe4283db473067e5cca4f87e

                            SHA512

                            ccb4fa5b2d9ae28e494ac25a91ae1bcc982b6ac21fd00acda03b2f75341792d88171b5786ea1917e6541b6b8a010ee1fbcc09e954769750796b425fb805774f4

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            120B

                            MD5

                            789e0c88b4450e65fdb76a63e225a228

                            SHA1

                            d63926de1ec684d24a8b058cca399d8b8ec4fb0f

                            SHA256

                            f5c4c1f3327693cb2d045d85e24d7ee140cc1976e3d0ea13bc81fc25633f6bdd

                            SHA512

                            1a35cf67bc3cf1c919cac92aea68ee79b477df61caa30604d31edd4833fca1c6689f9ac2143f0a34269ceee6d3ad26e940d5ee320f233ba59598549fbc0325ac

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            192B

                            MD5

                            a2242e0a3485db4d80ad7b56b9ec5b21

                            SHA1

                            48e227b4d0ce4a340e93c8ea2058f54ca575d263

                            SHA256

                            42482701c98dcb41bc7c6cb4fd4c9ca04bc24cda925f7a306028fe82ed9f3eed

                            SHA512

                            164877d17d6039d1c7e7cf6225f86785e1b626aed9badaa77d4677812baa462e3e6e1905641ef4afd31a0f45372a7ac239792b27b60a4dae59eb1f6364bd07cc

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            2KB

                            MD5

                            a82a5a95294a00d525c333490537ca84

                            SHA1

                            62e586d4eda107c95aa57942ae2043588c3acf45

                            SHA256

                            a706a08a0f179d931481e14e599715f1b80c92150d94191724e02822c78726f5

                            SHA512

                            349f2ed79604c10c902001c8437101880c23fdbaa6b84fac1bc34663482419ee9ebcaceef9b2b6daa9d5e7114ef225566cfb2dfe5c3a58d8fcc464435e76e48f

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            1KB

                            MD5

                            42366738f30f89c9ecdbe1f1169b090a

                            SHA1

                            e54d86e06e30585f35825213c244e605d1c28d86

                            SHA256

                            6ebe339a0f703adc9aa01e8c0409149133f153fd0dbc2b58799fcfab778b7a43

                            SHA512

                            8433362ee5438b4f3b612afc18f487eed259de5810752026308636b6f7d9bc620d248b605a383e47f5970d24a949d75502b1e1b1159fd1c8b4131dfc0706350d

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            2KB

                            MD5

                            5071d2c331360aef7abc48921813c62c

                            SHA1

                            70722c0d6a2b379c8d57421e36ad1ec8d6080c83

                            SHA256

                            f860adc0b9b1d91b1118cc7f7e41a69832d86c9c45fabef06c1bad1acfa58e16

                            SHA512

                            3cecb4a653432a6e08620a5bf2436582db27e2ff2b1314e80e8817bdb9051a0c683c2d16037810719f74dde9308c852370ae55b8cf7f66a28d1ceece383dce46

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            2KB

                            MD5

                            da84b1be64186310ad91ba1857121b84

                            SHA1

                            8989d60debef5031e717f6889619d063df232bd3

                            SHA256

                            2c4bc6a0ac4e1ae867130169f751a449576df1cd49f807e8b33a6627cc041047

                            SHA512

                            8e08dcf72c49142468af1f20ca0e6cbd1eb292e3d339aa2149fd24898997a538908b3e29302ecc3890067366ef84331e0fb824ec4197455fd723198909f81be7

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            1KB

                            MD5

                            836b4feb8070594056cf1676bd36dc47

                            SHA1

                            b1f838ba6a149ae6aa495c9c2ba571ec8d74c2d1

                            SHA256

                            cd437837d1ee9ee99bf4166cff4451b7310fe1133ab69c3db55305548b3bd0de

                            SHA512

                            4808ddf011cd407b35c7939bb49c38b8aa5cdc1fee6a3b3f575011323cdb419e63744e5e46bdfe34f376b35f9136441400e404afd7a7b68a2f0d5c17f029dccb

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            538B

                            MD5

                            8a02fc3bd66f27c60684cb501ecfd244

                            SHA1

                            bf88fd01e2a4ed4df0e4297cc517801c3fe4f913

                            SHA256

                            aa24d3ffaa024141c7c6d7d69c187c7cbd9c994e8466f94b1196ba30b2334d8f

                            SHA512

                            710485cf14571a9cc5554f101ffd52c601f7481e394591c0e4024d9460ddf1b74c49a9bc9a56ef31ede739d5531b420e45f092565c9dd5493553d6753272df83

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            2486d6b65e3e0f8dade6e40bbab27e01

                            SHA1

                            9af864349302f31a0e5e42dfa6e2134df6ac4d45

                            SHA256

                            3d5b731e31e008d341d8c0f2c44d6c7a336cdf191ea1f2440ce8aa99025ac59b

                            SHA512

                            ea46f61311e051157305af2f53acd0fa04e972defd396cf9ff2e49c9e287658213cd17a829bd52faa371322a8950ca774606edf5d258472f68831fde8880dec9

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            22a2a0d4a7ba4d881d1431f08b6e1d80

                            SHA1

                            c220a597a2bc2186b9c92d3cb7d68245563848bb

                            SHA256

                            2ad755ef399926141bee004dcd9da25b767f35e44aaf422144a5eccae0688849

                            SHA512

                            ecbe29306cf42f5469d8000f02fb20e9ab7a2b731b7da81a55a07b8c61411fc5b947b737c364829cbe35518d9647ddb38f5a1682fbb4179c931c99d022455b00

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            e8577063fb3084b05259b5884c0be2a6

                            SHA1

                            acd9743691242b47cdbe8bf80b7194a18bfb01fd

                            SHA256

                            26df329c1ef716d66c1577619d9912b8be1afc917d876a22660963e9c753e599

                            SHA512

                            79a346c9b29c5126f0152e6324cdd0dc9cc118de052f6128318d3cace8d5d8b8fee1d238151bfd98910696684dab01e8f8534ac245f0e6e95e701839edf82157

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            56e69e16c9374bc75af8f6fac8351377

                            SHA1

                            f178e50ccbb7ab1c0d0b17da4fc76d24de29fd90

                            SHA256

                            1b0ed71d9ba8654aee28e533d6572ae22814a3fa807c31f05c852c64423bca36

                            SHA512

                            7ba0f1a8528c18176bc51b36b058e676f0b8bc9acd670fd4f67ffbc3a96921d1ee04f17b0e8fb323a150161fa6e3cb29f172f76b86e82e1dba422a24ffe7d1a1

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            253KB

                            MD5

                            ea1d743521afed257dae3cf735187aad

                            SHA1

                            a30c10c623a7b67d22ede1940b44f99b1c6aab1e

                            SHA256

                            9a770780b45371c1624a4301c32b725890af9a877bfa1f6c36a76760279df209

                            SHA512

                            8db93b95dd3b857622bd7cf02391597215f88f20075c359df6c3c6b72c8f71de381fd199a0496dc8d303eaf63e238f090d83e53455c84ebdf56443d44053988d

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                            Filesize

                            2B

                            MD5

                            99914b932bd37a50b983c5e7c90ae93b

                            SHA1

                            bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                            SHA256

                            44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                            SHA512

                            27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd