Analysis

  • max time kernel
    30s
  • max time network
    60s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-04-2024 23:19

General

  • Target

    https://enderman.ch

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 60 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://enderman.ch
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7449758,0x7fef7449768,0x7fef7449778
      2⤵
        PID:2472
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1008,i,1129693791008118767,7050756508813000981,131072 /prefetch:2
        2⤵
          PID:2528
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1008,i,1129693791008118767,7050756508813000981,131072 /prefetch:8
          2⤵
            PID:2436
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1524 --field-trial-handle=1008,i,1129693791008118767,7050756508813000981,131072 /prefetch:8
            2⤵
              PID:2664
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2204 --field-trial-handle=1008,i,1129693791008118767,7050756508813000981,131072 /prefetch:1
              2⤵
                PID:2120
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2212 --field-trial-handle=1008,i,1129693791008118767,7050756508813000981,131072 /prefetch:1
                2⤵
                  PID:2880
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2820 --field-trial-handle=1008,i,1129693791008118767,7050756508813000981,131072 /prefetch:2
                  2⤵
                    PID:2056
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3744 --field-trial-handle=1008,i,1129693791008118767,7050756508813000981,131072 /prefetch:1
                    2⤵
                      PID:2828
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3988 --field-trial-handle=1008,i,1129693791008118767,7050756508813000981,131072 /prefetch:1
                      2⤵
                        PID:2572
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 --field-trial-handle=1008,i,1129693791008118767,7050756508813000981,131072 /prefetch:8
                        2⤵
                          PID:1436
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3544 --field-trial-handle=1008,i,1129693791008118767,7050756508813000981,131072 /prefetch:1
                          2⤵
                            PID:2388
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1048 --field-trial-handle=1008,i,1129693791008118767,7050756508813000981,131072 /prefetch:8
                            2⤵
                              PID:284
                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                            1⤵
                              PID:2892

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                              Filesize

                              68KB

                              MD5

                              29f65ba8e88c063813cc50a4ea544e93

                              SHA1

                              05a7040d5c127e68c25d81cc51271ffb8bef3568

                              SHA256

                              1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                              SHA512

                              e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                              Filesize

                              344B

                              MD5

                              85b3bb40d5ddc8212a80854671128065

                              SHA1

                              5fff69aafc86bb313f61f63ffb8f0c433bc25725

                              SHA256

                              e8398e149f7de6877da5c71bed977c93181620d463c13ea0b80141d45604c8d7

                              SHA512

                              5f75527723ed8aa73d70bbe6e6db64807b3824890756c979aa53872484a6c0803fe1cf1fd1c12abfc9a61640bb49066ab7efd9bfadd8584d5f6438dc2a5e1376

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                              Filesize

                              344B

                              MD5

                              65c8877d9a9899158e237d81b45ba5eb

                              SHA1

                              a823abde6f31d16d4049e259c1104e34b1edaa55

                              SHA256

                              7d36c57e1cb65e973e1ffe855ea8a0d8bbb1990a2808561b61ee7a4697dbae52

                              SHA512

                              521e895d70cfa647d1b8abafbfc1c302a4649b2c65337647f4415e7dc67ce585084ed8fe520bf5df1cb2b48967ab384d9d3d04a64f2fce8c088fbfd10806e31e

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                              Filesize

                              344B

                              MD5

                              54f676d3103bb2cc63ab11bcdcc41316

                              SHA1

                              25284377030e1a6aa8971dca268c8dc2510d6f29

                              SHA256

                              9b424bc8482c8e3e9e2f8e261f554d5d108cf2aa11c8bac2b38f7279168de068

                              SHA512

                              25e85b451e6dc11e9c50736619427cf396588dec92796a9e2e467ba8a8e842c486b3bec26230517e50b55b0c7ad211395da9bf1e00755366a362c496f2e3ae8d

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                              Filesize

                              344B

                              MD5

                              0e55137c3f4dd26b8ded2df0bbebc337

                              SHA1

                              8309d32f180851c3c35723dee3ce715da6da2349

                              SHA256

                              a2c71b2ea55cf9f7f166709e1cae048e1f91d8dc9330d7162f6e9bfd02454c1c

                              SHA512

                              0afa3d8d2077402c602ad13e36fed6cc1323f6926119ad5c7e6e6a6cbdc2bf930ec9a0e478c7ac325edd9f650f4a88d201801a09b6f70e2ccdc8659b462935fc

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                              Filesize

                              344B

                              MD5

                              5b96371b7248e9c752b3357633c2a7a0

                              SHA1

                              fcbdcbe4441c1d0104b72170b109b0f1ee16a820

                              SHA256

                              7ade55fd248f8682816fd987d1a58c98901f8e5844986102e5cab33a9d3aac76

                              SHA512

                              e5d1cf2b60dcb162ac972545c0567700ce03d2c2649f158861989b53ecbd0a3da35f68fcf4b905910f647de4a1effb1cad4451825caef71edd4d45cc1eceaaba

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                              Filesize

                              344B

                              MD5

                              02baead17aabf610ee3cf0112fc77ca1

                              SHA1

                              98f8459f86c9c5ab0a870e6fb01a8ad7a25e9f8c

                              SHA256

                              1f4308f2c6c5ddd5f6697d9c23981df12d1b60b4b741cf830eb96ec006d8dcf6

                              SHA512

                              ec4310e70120565d149bc5d42a200a4479e972e8f6cf03062cc62e9b97338d2ba899628524ecdc58eecb77d5aaca4bfce81e34b14fec2adba6174070d3e3f68c

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6ff95cb7-9f54-4b81-82f2-e1155c528f8e.tmp

                              Filesize

                              6KB

                              MD5

                              7c464d3db9ffac35093224cd44afad7e

                              SHA1

                              6c7b7bf20fea41b626fb61ae332b1752cf75e77e

                              SHA256

                              a98ccb5aec5be140f3b437033bf627d0dcc2a9bde200a8e54c5351e3acb7be40

                              SHA512

                              0786d513c5de814fe7bba0c928b50748d03de201d3e84ce8d598ad32675a712859cac633fa0c792f85db7133c59b8baa000ad47d45a10a501b09de6779d2f3fa

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

                              Filesize

                              16B

                              MD5

                              aefd77f47fb84fae5ea194496b44c67a

                              SHA1

                              dcfbb6a5b8d05662c4858664f81693bb7f803b82

                              SHA256

                              4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                              SHA512

                              b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                              Filesize

                              264KB

                              MD5

                              f50f89a0a91564d0b8a211f8921aa7de

                              SHA1

                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                              SHA256

                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                              SHA512

                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf767697.TMP

                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              1009B

                              MD5

                              d7622403de1243d6de7cec36d8d93e30

                              SHA1

                              f75dd22c232467a3e859487b9ba4acc0390c3278

                              SHA256

                              d09b774188fc155421c0e71c8493670c0b4083ba75132fdc36b23b21bd2226ba

                              SHA512

                              a4a8d8853a1b151c512e1fcaadbd9215162e7e6ccba8a03365c33e566e7e2c86b1210337ce21bc202df87630025a9122be6d6b624119423b7a4a655cde1a22ed

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              1009B

                              MD5

                              f65b38a976692ebf832bba4fa71d1c75

                              SHA1

                              c6d686b8f2a1274b76d247deac5258f536041740

                              SHA256

                              daba9c259aa7be32beb3491c2305f7536dd896f47ce6ef881f95f8318b818f92

                              SHA512

                              7e7c9fa25dbda4a60bb12a0456cc0a5b5aae22ba62440e9125be837edab926bb43c3d22a19d4b8417b4249d71c24d0219549ff9e75bc26958cdeff59f1329806

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              2fff158175b3a5b220c28e4c7943dd2f

                              SHA1

                              07c0a701adebf068b05b70db867cc6fa3a85e067

                              SHA256

                              a15729e9c182aca6ee74d16bc9549d3fcf623e4d3ee9ca7940752c677526bb76

                              SHA512

                              d4fb601d6fd1d5badb0d0daef4bd29e349a93b5ec9080ebdd8c54e07040f634f4d465b95fc1cd81bd6e2b11a9ddf547b810f78cdb5194e1b825380adac032c0a

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              99e7c4f14858d187a6710eda9815285a

                              SHA1

                              1e6d8fa9ec7c88a4f040b21d9506aef63e25fcf3

                              SHA256

                              b33c4f43210df7dc84c9c4f75af6212f1558517a7819030a94cbc7b933872252

                              SHA512

                              dc9d649b95ec7be9a765662727d4812a80da79fd2bc7850e4d00caecf24fca23af24fdf86229879626fd9c3b59da54894b6c1bdf2467f65051d8dafb1ffb499f

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                              Filesize

                              16B

                              MD5

                              18e723571b00fb1694a3bad6c78e4054

                              SHA1

                              afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                              SHA256

                              8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                              SHA512

                              43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                            • C:\Users\Admin\AppData\Local\Temp\Cab20DB.tmp

                              Filesize

                              65KB

                              MD5

                              ac05d27423a85adc1622c714f2cb6184

                              SHA1

                              b0fe2b1abddb97837ea0195be70ab2ff14d43198

                              SHA256

                              c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                              SHA512

                              6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                            • C:\Users\Admin\AppData\Local\Temp\Tar2323.tmp

                              Filesize

                              177KB

                              MD5

                              435a9ac180383f9fa094131b173a2f7b

                              SHA1

                              76944ea657a9db94f9a4bef38f88c46ed4166983

                              SHA256

                              67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

                              SHA512

                              1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a