Analysis

  • max time kernel
    104s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/04/2024, 20:19

General

  • Target

    https://teams.microsoft.com/l/meetup-join/19:meeting_Y2Y0YzY1YjAtOGJmZS00NjNlLTliOTgtM2RmMjczZWFhZThh@thread.v2/0?context={%22Tid%22:%22141c92ac-0676-4927-8872-31ac367a826b%22,%22Oid%22:%22279fbcf1-0a09-4856-b140-06a1b5b5d2b8%22}

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://teams.microsoft.com/l/meetup-join/19:meeting_Y2Y0YzY1YjAtOGJmZS00NjNlLTliOTgtM2RmMjczZWFhZThh@thread.v2/0?context={%22Tid%22:%22141c92ac-0676-4927-8872-31ac367a826b%22,%22Oid%22:%22279fbcf1-0a09-4856-b140-06a1b5b5d2b8%22}
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2edc9758,0x7fff2edc9768,0x7fff2edc9778
      2⤵
        PID:648
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1872,i,8972783924816805087,7470696972982139049,131072 /prefetch:2
        2⤵
          PID:2204
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1872,i,8972783924816805087,7470696972982139049,131072 /prefetch:8
          2⤵
            PID:3424
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1872,i,8972783924816805087,7470696972982139049,131072 /prefetch:8
            2⤵
              PID:4676
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1872,i,8972783924816805087,7470696972982139049,131072 /prefetch:1
              2⤵
                PID:4424
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1872,i,8972783924816805087,7470696972982139049,131072 /prefetch:1
                2⤵
                  PID:3148
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3856 --field-trial-handle=1872,i,8972783924816805087,7470696972982139049,131072 /prefetch:1
                  2⤵
                    PID:660
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1872,i,8972783924816805087,7470696972982139049,131072 /prefetch:8
                    2⤵
                      PID:416
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1872,i,8972783924816805087,7470696972982139049,131072 /prefetch:8
                      2⤵
                        PID:1832
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=900 --field-trial-handle=1872,i,8972783924816805087,7470696972982139049,131072 /prefetch:1
                        2⤵
                          PID:4140
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3856 --field-trial-handle=1872,i,8972783924816805087,7470696972982139049,131072 /prefetch:8
                          2⤵
                            PID:2448
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 --field-trial-handle=1872,i,8972783924816805087,7470696972982139049,131072 /prefetch:8
                            2⤵
                            • Modifies registry class
                            PID:4736
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:3216
                          • C:\Windows\system32\AUDIODG.EXE
                            C:\Windows\system32\AUDIODG.EXE 0x4e8 0x41c
                            1⤵
                              PID:4968

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    9KB

                                    MD5

                                    f25f98880f08e666e4b675d0f105efb2

                                    SHA1

                                    e3e124b580ace0e1bf5648ae1a60145a0a52902b

                                    SHA256

                                    d4e96b5ceff87b20c0e50480a6a3ad49d76083a56d3ba640c0099e0983f72618

                                    SHA512

                                    f84219ce3a2f8d89ceac6d48774a3e65b110b84d16859617e75fe84f88603fa2001ce1417acd23b8d02c50a2395bd5db430a3a6bf8dbbbec18875270e94031e1

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    72B

                                    MD5

                                    240f6f30daf68827e091458ace0b9b23

                                    SHA1

                                    6c2700a37e4de7ad4b2ce062202499928ef0493f

                                    SHA256

                                    bc61f7dc005b571ced538418a12ae9b5c2046c70abb087d73c800d0beefeb131

                                    SHA512

                                    977b351f2525bf1afe44385393f777fae4edd0f26154fe452453168ac00025bc04fc7df935ae210d91c05f59b7f76d0c933546dae4c35bc24965f3cd41ebdc5e

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    929B

                                    MD5

                                    835a903f1405264a516b429e05c3691e

                                    SHA1

                                    5682f7988c18f1a99e5321d262aac248d8e92292

                                    SHA256

                                    45edfbe1da8fdaa980c901e8cd23077ed1a1d76cddfc65d807b10e1444cae855

                                    SHA512

                                    6c6ee35cfe59022965e98281188912da5179c928c7ac44359de3433a3dff80f8935cec1f85e1b6cf3bc6dc640d9baa37fc405c8102f0d1477c19b70ed4d0ba29

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    bdc32788b7503f7e4b528ef175af8d94

                                    SHA1

                                    7e4388f341eb8fe40918513ceea42907ab1a20e1

                                    SHA256

                                    8816725d21322787dd68c948783b9ef05563a47267251f5fc9e67b5227f14ea4

                                    SHA512

                                    6524d9a17f9f46cba229961e78b8411c25ff5829358222b6086d5a4069bae2235f08c163fff3cc34ba4e16ecf7c509ecafc8767b577269fefaafe5cb7bc31b5c

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    704B

                                    MD5

                                    c778873e7ef2ee5db8d78738980b70cb

                                    SHA1

                                    41825a6b4b9de8390a3acfe8057d871fc739e805

                                    SHA256

                                    80735c75c26cb28a6d7ff5bbfa874b3cfcc2939e5d5e90dfa81189bbfb4450a7

                                    SHA512

                                    d57884edb774fc802ea0391eb8bfdc052957d5c743d440c7371c0957305622f45542f1af099117039785e91acf908fbcdc79a951969700950c3432b757fec0b1

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    ecae1e9b781c4fc90e40f8462de508b4

                                    SHA1

                                    6fb522d0a6b73cd50b802b4a79bc469759f11b26

                                    SHA256

                                    71c44de4ed08b729ead67eeccf141bf1021ad0f51d4746180179691bcfa9c3de

                                    SHA512

                                    b5edf96f4d451b8c9434c664231b58fec96b553f5d019a19b01791dc0a9d87dc0546b1045b6e852ef1ceb6d350e54fd70bed07f3e68b8ae6add1ab1d2a948d3b

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    d8dbff116d36310141fb95ba211ba158

                                    SHA1

                                    427a53714f1c4312b65c4da852b21ba2faa735e8

                                    SHA256

                                    f0d9551df573592ee3e1a1639fb9646dea8e1d1e96bd490c2836b7f397c65681

                                    SHA512

                                    ba14f8dd47f21eb66c17b70a4dcaf1d5aa1ec42b8bd14aeded0677eed0c45161a6e6b0576f52977dae9d994c022283a169f6b706e18eefb36d52eb670034d71b

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    b0d9dc59a4e6e28f86ba1a4983186d1e

                                    SHA1

                                    ea2f8888b21bade57d26ecaf907c2b74098bc2cd

                                    SHA256

                                    71ad21ed163464075ffd8197cc379b32c0b3cc24c1b4f2c11b5c8dcb9e6e5c8c

                                    SHA512

                                    85cd9183a4507d70bd7656a446d931e470eba4dec3d03cb0af20242e52cebf75abe50eb85cda22b12635da57bd24e579b3f8fad95fafa5b221c275c87153685d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    54e2a022bc4f510b1459dd11092b746a

                                    SHA1

                                    4049d565855f203715c072106c09f5f2b8d5b172

                                    SHA256

                                    712b932693bbc54578901880caafe3a9f34f7f577f3d49b476cf87c36a504869

                                    SHA512

                                    e0cdd27bccdf08e72db047d610e6ce43a82a7706af7ec46bd2c52df916b2d6b642025084d154419ce09df914d21383a3f5065a08af69fac8713d72997805844f

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    b041f3f4929f26928ea1bbbc599215d4

                                    SHA1

                                    27566b704c646924391bc6347824e74b30a7ce86

                                    SHA256

                                    7254541e21a8a1ab70e3e8baf2664ef34c4c5e7b12bf9f435fce11d96939d931

                                    SHA512

                                    98bf1fdcf3341a142e3db4c223a1e78cd777128317e8326dafb8634f84daf1d0f09797a541a7fbb17a6f26e70387cbb931e7f2c493eb5fc199ca6e7c4d69e044

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\1d3579ed-c2b8-42d5-ac5f-3331a61854d4\index-dir\the-real-index

                                    Filesize

                                    96B

                                    MD5

                                    3b89125a09398a0004fd8eb934c2c521

                                    SHA1

                                    6cfb896cf2b57f9e72645d5f10c972c804615abc

                                    SHA256

                                    e790a72efc173ac15efb410c1eff75ff6dc74463841c88ba9b89a7dc313f7f99

                                    SHA512

                                    cb3a5ecfe888cc6849a2f41ce0fc67aeb84ed6d48ba0650ab7e03ec3cb22eed8af3a546b4520174d42a5e0bc72f8a91cd92fcacda10ea5b6887bfd478ab1c96a

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\1d3579ed-c2b8-42d5-ac5f-3331a61854d4\index-dir\the-real-index~RFe58b9e5.TMP

                                    Filesize

                                    48B

                                    MD5

                                    a3e8ac78d6caf2077c1c820310925158

                                    SHA1

                                    a2aee6598db24f94b2a3e3151f8ab228c80b4449

                                    SHA256

                                    a8004e21748c2a9d838e19c4252a110c9ed04c7534fb4ea1492e026131a9a599

                                    SHA512

                                    e4f0c0819f276a6080e0b90f18b8114a17605fdc171e09bca2a00c5a9efef66c46133ef84aac0b12c3c56a2a28de6d1fb92c453a932daca06f22d6a1c1c7fbb2

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

                                    Filesize

                                    137B

                                    MD5

                                    6e9f3e6c831df0b94fa13495344fc924

                                    SHA1

                                    bc85bcdb4d4cdce1560912be9ce03942584cb37c

                                    SHA256

                                    ed1a97fd8ffb2ed81a56193cf0214983552329177fb1e1614098367afa821ca9

                                    SHA512

                                    9060a0ce4915ed267825c29fc4616a0fee1cba0fb0369b3eef170511be1fb8914a46d55a1b072118c1be96f11c9a3dcd4ffb98c72b33dda268af370b47eebf76

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt~RFe58ba23.TMP

                                    Filesize

                                    143B

                                    MD5

                                    95d63f5ff98c76e46e2d21d8f21fdf70

                                    SHA1

                                    8f5edfdf75e4b9935111920e30d87039b620ada1

                                    SHA256

                                    714e60159499b291973efeeaca3317b2d87335a1cbcd781031060b213c213b09

                                    SHA512

                                    b7f5aa13aea7e0b08c6349a95a0d79d887d9dc1a72f32469787b64ea2d91aa4abc24142432f910d8982ba515648bf2378addc4df0a6a143f4b32a24d2b387d12

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    128KB

                                    MD5

                                    074518b92408898832c32da1cbb3d822

                                    SHA1

                                    ec2ece5ee92916d1516ccb5e7b2325f7b7d199c3

                                    SHA256

                                    1573c8328e7db446816877980d0c5a5793ee646ad1845d9eb66e51ba1cce0fa0

                                    SHA512

                                    545db3abfc1b010911d73afbfa3654a02009782c9f050c096ce7172ad81d6abf13dc8379a41ce2ad8454c428f05117802e881d123b56801d2a979df97eccbbf8

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd