bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

Resubmissions

04-04-2024 13:51

240404-q527jsab79 1

04-04-2024 13:50

240404-q5nzxshe4y 1

Analysis

max time kernel
37s
max time network
138s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-04-2024 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42.zip
Size

41KB
MD5

1df9a18b18332f153918030b7b516615
SHA1

6c42c62696616b72bbfc88a4be4ead57aa7bc503
SHA256

bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
SHA512

6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
SSDEEP

768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1876	chrome.exe
1876	chrome.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe
Token: SeShutdownPrivilege	1876	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe
1876	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2692	1876	chrome.exe	29
PID 1876 wrote to memory of 2692	1876	chrome.exe	29
PID 1876 wrote to memory of 2692	1876	chrome.exe	29
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2640	1876	chrome.exe	31
PID 1876 wrote to memory of 2484	1876	chrome.exe	32
PID 1876 wrote to memory of 2484	1876	chrome.exe	32
PID 1876 wrote to memory of 2484	1876	chrome.exe	32
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33
PID 1876 wrote to memory of 2548	1876	chrome.exe	33

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip
1⤵
PID:2248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a99758,0x7fef6a99768,0x7fef6a99778
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1384,i,978348359625384311,1437701261760715764,131072 /prefetch:2
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1384,i,978348359625384311,1437701261760715764,131072 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1384,i,978348359625384311,1437701261760715764,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2116 --field-trial-handle=1384,i,978348359625384311,1437701261760715764,131072 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2196 --field-trial-handle=1384,i,978348359625384311,1437701261760715764,131072 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1560 --field-trial-handle=1384,i,978348359625384311,1437701261760715764,131072 /prefetch:2
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2868 --field-trial-handle=1384,i,978348359625384311,1437701261760715764,131072 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1384,i,978348359625384311,1437701261760715764,131072 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1044 --field-trial-handle=1384,i,978348359625384311,1437701261760715764,131072 /prefetch:1
  2⤵
  PID:1452

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:576

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2572

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc4
1⤵
PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\491a0680-3eb2-44dd-9eb1-41457009ea67.tmp

Filesize
262KB

MD5
62221785fed990e1e3e835a609478ded

SHA1
5d806b9896b8643539815f326a1c1685c082a6c7

SHA256
0721e304e14f4a97d33afcc7b315680fdabaf76ed2f037a799f003ff73a0970d

SHA512
a5825a18f6823b2d89267b083ad895e911d3d64efe2e4938ee85980544a6eb2879af2472e32c654f8cc766bccaad4df70e1ed30fec05888b7966adcd6d1541fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5cda300313b5af22ae3ac564451cd2ca

SHA1
9ab11ab1d92232e22c7148bf62845014eb5117c7

SHA256
7173764f0d827faa77ccb48373e48bbc87ad68a3862d181106d61f7da1985d6a

SHA512
e9c9e201c22d8010b4326cf4a29bbae3f4fd7ac79999d395837427c2a21b38de83ef1ec8487b3bd9b0ee338c14b355e65c7dffea6bee882b47674e1e8a13ff64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
fc7c3aa7490f27a61400ea0090c6fa28

SHA1
484edded722d19dac5e6e03e22de925b9e43ec54

SHA256
634f149dad07491c4c7227e764600555be3349c0b76b4db1b1a9f6efd690438d

SHA512
96ab870200ac1bdaac8f6c7e8e2b21e8b52cee4e2eeca9c8a4447ad48e2412e364f604955d519d2b7e6434b0184b079f3ecb271892429c580820fc24385410a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f126d4e2fcf5f440cd79c45d44d8ef8f

SHA1
4067e723f09554c01fcdaad6bc4c959a07d68d08

SHA256
6f2d619f0cd31e222850062b708c9a136e859afeacc8ba6dd183ecf432cb9f33

SHA512
c4d2e4b0e3c98bd39e1ffa52f14024809b53e7d9e30c613495383747aca3f0ec64f428df66a8ca491a87144787f06910b6c6d124b7cf75eede07085a7e0830b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
a7ebc931519a9453939d68dcfaa6db2f

SHA1
aba4ff43c8fec1764a3c9064c8c7496b03779f21

SHA256
b605931f837b9be0fd96478ae033948a3b381fd2cbfb42ab37aab8a53a689c66

SHA512
64459036f5fd50ef49d4dab3d10d910f29dd8237a3a07f9027199d19413d77f0a8c270fb265838547d02e0661431bc1410205930f64698e63b7035a573379a7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
78d48153ce4643b20bab6f0dfa6389ba

SHA1
a2958de94b7c2c2bb8c933518b98fb78ac329d4a

SHA256
67537f1dd3fcfc176fe11c36df0f353f10065bbc044d0e439b7ddcd38005b37e

SHA512
c09be3e77f86cd4b0cdad20ab400bbc96539dce0861e17e281553130b43eedd5bb4fc12df5b3d5579ec8d317cd9e5bfcf45b9177d18c29744e780201716e1c28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
deff159097630e3c70d3afa825918cab

SHA1
154b2adb13ac2bdaa369977424ceec3dc87e118c

SHA256
2ba8ca65215d49c9e515ad016fdcb1168687d3f28e39012f3e8fd4fdb90faad3

SHA512
99255c1fbbbf057520e06f2507777a6a012208745c1facbb48d311baaff52f0386cfa3e75eedc9b585e0b2bb99290c8abcbaf59ae0ea46cb4a75cf71cf41f064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
92976130df51ddcc5ab637a36d4058c8

SHA1
9fdc08cfa92cbad0fdecc87afafdbc600d684cac

SHA256
03024b0a5eb6ee9ad403b42bb60d677b406259a317cefefa02560e4d0e8ff940

SHA512
8ec4c38b5cd1d76e6c219b92c46f5877d23b8e34275fb88440032103a5f2d5926b197bd6eee00afb6e06675409396e350a345a95680e3fd7875060507b0ffeb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit