hxxp://lyra[.]horse/

Resubmissions

22/04/2024, 14:20

240422-rnx2yacc56 1

22/04/2024, 14:19

240422-rm9z4sce31 1

22/04/2024, 14:19

240422-rmzt5scc48 1

22/04/2024, 14:17

240422-rl8ewsce3t 1

Analysis

max time kernel
4s
max time network
42s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/04/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://lyra.horse/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe
Token: SeShutdownPrivilege	2188	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe
2188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 548	2188	chrome.exe	28
PID 2188 wrote to memory of 548	2188	chrome.exe	28
PID 2188 wrote to memory of 548	2188	chrome.exe	28
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2560	2188	chrome.exe	30
PID 2188 wrote to memory of 2284	2188	chrome.exe	31
PID 2188 wrote to memory of 2284	2188	chrome.exe	31
PID 2188 wrote to memory of 2284	2188	chrome.exe	31
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32
PID 2188 wrote to memory of 2724	2188	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://lyra.horse/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6cf9758,0x7fef6cf9768,0x7fef6cf9778
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=980,i,11933664830462466960,4573516021511535998,131072 /prefetch:2
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=980,i,11933664830462466960,4573516021511535998,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=980,i,11933664830462466960,4573516021511535998,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=980,i,11933664830462466960,4573516021511535998,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=980,i,11933664830462466960,4573516021511535998,131072 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1288 --field-trial-handle=980,i,11933664830462466960,4573516021511535998,131072 /prefetch:2
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3160 --field-trial-handle=980,i,11933664830462466960,4573516021511535998,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 --field-trial-handle=980,i,11933664830462466960,4573516021511535998,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3692 --field-trial-handle=980,i,11933664830462466960,4573516021511535998,131072 /prefetch:8
  2⤵
  PID:380

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
437b0856c04fb16ecf2943325cbfe1a4

SHA1
9baceaab55c273b2523aba6f95da9080505b75d0

SHA256
89447d2c58fbc32841e7ebb248619b2238ee4a024cc404349f67d966f60e7d46

SHA512
703880611ba73b1521d86725b3f022161917a95500f168c3a7a06eaefe3cbe6075898a72a9d007361f67ed2066c06bbea9fc2bffda026364e2df1d896015bd62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
efc3cf3af71d55bf36dbab5b4f16b092

SHA1
ca40cfbc3a6aab3e56777e79906f48bf107b7c4d

SHA256
d027507e035476708d2a779faeac6b26b31dd9341ac6aef385ee97b0585686b7

SHA512
2f1b4ffc2391b19d68bcb5ce35883deb75013deaa10afb55f4d9203c234d404ddef0d0fef7b2b01175b97f42730318a048146bea423c637407005b6304badde0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
1024KB

MD5
233f32e20629189d15563ec2a3f89375

SHA1
49b68e324d23883307fc923b822b7a1c17eb9315

SHA256
798910b347281aa6f571f76626ec59d7984b7c1e63432abeced91c61f9fd04a1

SHA512
2f6f821009c2ffead63773fa5a66073ed11f1c88375cc38b761277b0bcbdc0ffe2aeb116f2270a8d88359d588bcccb0df0e577b03a04fd8560fc76845702e00b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
127KB

MD5
2dff13193657000d7c6e432dee13d5d8

SHA1
67d3ee2cf18eb48f117038867436b2b8bb4f5860

SHA256
2c1f1f389a7ec8903042b5f09be37c8f77f085a71af8c05fb4cdbd5e1c81a291

SHA512
70cd3d11076ec1439390a1f8b400db5532f12a081ac8de5fd2a5d61b3727f231f09270949b0033cf3d909ebdfe4872e0e422370af544af86dca15fc1e9dce686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0bf908b15c6a397667d7a239e1b29541

SHA1
8d6b641cbaccf94258cc608c19c78747c1ce67b9

SHA256
93c988e9a517ebf1166bd784319c78a5df7a57f784e7af3f363a434f1150a83c

SHA512
225fa727a04204599998f7090ec3d10386ad72e7aa1a76484126eff937650d5ab9e60c8a6f59fcc52b5ececf2a870243ca245cbd3d53a8c8d016027211a24d9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7f463c5e7e79cc8395725c5c8bf3bfe1

SHA1
a9f73d06358f598a1ad117ead7cd87a8e8f9b49e

SHA256
45a10b4f1c32bcdf48bff2a520d7f42457a5e4feb716ed57fe3d1b53d970de20

SHA512
a6fe534f5a638724b3af61f06b45e71df5c60310e6b74b79c0cfaf695f99247925cc6ca7f63fb2fc8f6bca82d291551658252bdc035ed41e609930813d3ac3e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2245.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit