Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2024, 23:10

General

  • Target

    https://validityscreening838.sharefile.com/public/share/web-38e7e2d669e74ec8

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://validityscreening838.sharefile.com/public/share/web-38e7e2d669e74ec8
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5272
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb7184cc40,0x7ffb7184cc4c,0x7ffb7184cc58
      2⤵
        PID:4352
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,6906952644312051365,16935156059241209586,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1844 /prefetch:2
        2⤵
          PID:2456
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,6906952644312051365,16935156059241209586,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2084 /prefetch:3
          2⤵
            PID:6044
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,6906952644312051365,16935156059241209586,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2244 /prefetch:8
            2⤵
              PID:1300
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,6906952644312051365,16935156059241209586,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3136 /prefetch:1
              2⤵
                PID:1092
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,6906952644312051365,16935156059241209586,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3160 /prefetch:1
                2⤵
                  PID:3804
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,6906952644312051365,16935156059241209586,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5044 /prefetch:8
                  2⤵
                    PID:5248
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5104,i,6906952644312051365,16935156059241209586,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4600 /prefetch:1
                    2⤵
                      PID:2236
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4508,i,6906952644312051365,16935156059241209586,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4736 /prefetch:1
                      2⤵
                        PID:4232
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4536,i,6906952644312051365,16935156059241209586,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4744 /prefetch:1
                        2⤵
                          PID:4852
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5116,i,6906952644312051365,16935156059241209586,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4484 /prefetch:8
                          2⤵
                          • Drops file in System32 directory
                          • Suspicious behavior: EnumeratesProcesses
                          PID:228
                      • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                        1⤵
                          PID:3392
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                          1⤵
                            PID:5684

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\98e7091a-ecb6-4de8-ba6b-414d78972a83.tmp

                                  Filesize

                                  10KB

                                  MD5

                                  91f496f76ad9e658c05cd020f2e9d804

                                  SHA1

                                  35272598d1bb262f9ab21d00b2f75f1205f26b6c

                                  SHA256

                                  950a8acf1351de5e8ba99356f3705e4f75c92db4f026d363c906c19cde7c3f28

                                  SHA512

                                  8023d455f9c084691ccaf8eb7955d00c663639bd3964e02717a0e314b0db78e1fe45750752af85e8514088d0742042d144e4ad2f66616d06b33e9894679b9f0e

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                  Filesize

                                  649B

                                  MD5

                                  7d87c858ee1dca16bdd8292c81da9984

                                  SHA1

                                  33a2a49ef6297a1eef6f1271e7d1b7e6f97142b5

                                  SHA256

                                  47ecf4fa6fa4f0cd9a418f968ef703e5bb6723373ecd709fac9323523f9e906e

                                  SHA512

                                  754388f082991234ed0bd7de4239e62b997be8815b1e6c8d29234bdb5f31e9485096ea3bebe94968f32e05f089231326951598888594604b33922c60255ac925

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  1KB

                                  MD5

                                  002024b8a9ed42c2d91b0c379b3ef3d6

                                  SHA1

                                  ecded0f7e9252ce5d1634908fe3a8ff4100433be

                                  SHA256

                                  3df2502b7c8465dc0b4c64fa4c11b5de9374e24bcb1f49d7ddf71c22fe10c1e1

                                  SHA512

                                  c0c90e6dff08ae6a5f78aff4ec1f1503454481751743af89437916145647fb7dc9684356144efac9c33cd4ae892a0c630b86a139d0c222c2b4e24a198ac2f2f8

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  6KB

                                  MD5

                                  ee6151267fc0687193a9747df6e2c0b6

                                  SHA1

                                  d815c9dadd39e4c615d1f2ef91c903466ea9cb7f

                                  SHA256

                                  b3ce42460ccc7cc8fd0378b835c005ead8c7b9930058f2a9e55d6ff06028e39b

                                  SHA512

                                  087b3316e361b226c5b435841a0f5e2b2ef71a6eff21463c13c4db429658d9790c24ffb1c87e636f780a1efb8d966d6b1b9d73e4df1ba58ce39dd4aefaa46270

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                  Filesize

                                  2B

                                  MD5

                                  d751713988987e9331980363e24189ce

                                  SHA1

                                  97d170e1550eee4afc0af065b78cda302a97674c

                                  SHA256

                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                  SHA512

                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  3dfc37ecf364a7677243a4adb0e7bba2

                                  SHA1

                                  913ec073483d61d1db430bbe533762e8263a2df6

                                  SHA256

                                  1e97cda05b81fc50dad283b1e7acf3230ba7b43a2db61e96f23ff50df496624e

                                  SHA512

                                  61c62714d2fc9041caa663c70fb9cbeb0dc7463128d766938bad088925f481c01a96ac76751a02ab11ff6fd3a8d323da77295662ac2763ef3ba170da2d79cea6

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  3532fafab4f8209e863be09b4f930b01

                                  SHA1

                                  b02de1a3ac634db38bd4918734fd89862a89384b

                                  SHA256

                                  2d8980a66a03e061f0f0cd709b48e2c3d23b0239b89a2c0d608f392deabb5679

                                  SHA512

                                  39e107ac56d78e930edd373fc5f3b5ae452e1e9003c6566153edc854094c3eb858ad442f20d7c65606ecae9085de40bf51ea77638906253688512bf2dd6cc4ce

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  10KB

                                  MD5

                                  ceb55fff0d1ea220c9a5d97eafe42e20

                                  SHA1

                                  6643268c945507250711d8c5bbf853ecc922aa35

                                  SHA256

                                  7c03a59f12c99af07fe17eaee0c29ba0a18c665e4409d4e98f75c8926983f290

                                  SHA512

                                  5073eed1589d842f71c68ed46300ab056c4b9120ba92813308adf8c0ef7c495c490ce3dc9ea79270b4913cdadc76815aca2d95bf4b7e126e35c3224ff9eee69a

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  9KB

                                  MD5

                                  bf2135b7526ef4cc83798011c9ecf8ac

                                  SHA1

                                  d9c991a76056a3bf1e1ff390b50f171be29e28c8

                                  SHA256

                                  5d0c7371422db35e2dbd3853c958a8ccc6c89da9c2d036d9ab3aa76f11d549d0

                                  SHA512

                                  7e6d0d01936df9644ad2ff197a1bd31c4cc9c051bedb4961b69d97811adadf38a17cefb93955acecfc2bc5b3bf3dc89e303c10e246e46a31273921761b254f59

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  10KB

                                  MD5

                                  d522197c1090a56f72f22522bcd7545f

                                  SHA1

                                  b19e081b9cd86c13da46d81c05adaaf87e5a6cc0

                                  SHA256

                                  ef570faeac7037e7fa16165eaa7e658e694f8b246cf9bf3dad85c53ec4a5b45b

                                  SHA512

                                  621a3af3126aac4db593f3dac2c2fe67f643c8c7ffcba2b9c37038f065828fce5e82b6cdb66578330bc60d8a8ff53241a6ba87a807b9b33fccf880e1d7c4388b

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  9KB

                                  MD5

                                  7a667cd7c428eae105b642785d5ae334

                                  SHA1

                                  68c12611c7b6b71f84b12cc06d3ffe0ff5991ddb

                                  SHA256

                                  9c7cb76da8362c8aaf0d29ea0e778ee6c710826867a47386c000a71d307e9ca7

                                  SHA512

                                  9f92b3f01d4b96df3043346a583448e5cee2ef44af3ab3105b00d2a1dc909fbb34697983be07135fbb2dfcaaac16b8f723a5457711089465c158546c070e64df

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  10KB

                                  MD5

                                  6c24434a954e6c85baab9ae770791e99

                                  SHA1

                                  e6b3b893f508d492853c7ba892c77d5a1a026110

                                  SHA256

                                  6e58a121ddecfcd5667ea8e2b524b5e14de4cb8e83fab150cf8342b3b6d1b15f

                                  SHA512

                                  eb5daf25e1394df2a35fe1a578d0eb5f6a44f4fa8262e957fee94cb792a0815ede4e951f2ea8a60d2533059dfb24871094275c8a24b58a611d172c82adf3df2a

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  10KB

                                  MD5

                                  a4a8aca384f68f53493c42d23357b0ea

                                  SHA1

                                  4cab9fc8aef85e971a445dac7e067a401e870bdf

                                  SHA256

                                  bcb038937009979f926bab9c592b1fa46315866368d4a3d7b9964e83e7783a82

                                  SHA512

                                  808d0027ebf02ef109a375f235d03fc6bddc89fa5b160a64b6e9e192ef984f80cbca140851f66987729d2dcf44f685e29482a0a2f13080d0fd28bb6c6ed52835

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  10KB

                                  MD5

                                  b98082e29cefc1c74a6c982408d94d95

                                  SHA1

                                  18de2c164a0fa9e7d862d11ead8f0e8592a45383

                                  SHA256

                                  c3a227ec252584da1cef1b80470d958f5527f20780ddd4ef9f19fda98fd54402

                                  SHA512

                                  65886e0ed09cbd86e5362b9ee37b383d991f65d64aeb3d2d54234db932e519c59c3d00be530941e644231b69c08f4c98a6405dd4c50bb554c1336a7d09dd2478

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  10KB

                                  MD5

                                  d7e37b15416ccd27c1f2eacc5143bf0c

                                  SHA1

                                  f11e40c5d5fd97bf423b576b253719d820536891

                                  SHA256

                                  4d37154c07033d75f6ec34c8189d651d118a1bd5847ac85c67a3b584e23eec1e

                                  SHA512

                                  5814a9963e4019412ecab260668fcd10b165083f3ee2fe9a5db0093feebe9ab7d7b2a82fa377827302916e98079e8d37c607caea296157e80d9c361e9aa78f04

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  77KB

                                  MD5

                                  373f3932fa6464580791024ca1fb7f5f

                                  SHA1

                                  094cc949713f46c0328111d26d1c33c4d4eeeeaa

                                  SHA256

                                  72cc2b4ca412377a05892a27e88b2510c84bb3c1cc08b81e9be551be6238bf3c

                                  SHA512

                                  f92a86326a925c4ed72f88203f586978898c9b60a8ebd8b1c719ceda41cac34f4f6a86586819b609d6df4b07d72defbbd3ce389467285e9c1f032488073cdf58

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  77KB

                                  MD5

                                  3a3a26fea4b2258d6ac8faab5a0e3f9e

                                  SHA1

                                  bc9ad76053ad459f6f3cda0cc4cf38e3aac7ad48

                                  SHA256

                                  55fbda37330bf97f3da68463428c561dac898482badd0e87aa42ce1be36cd332

                                  SHA512

                                  cca64d4be757f9d57c133f8bd381a0c3469939423d058f36e5c1243dbeea7f1a2dcee8878ba5a3197869df8977e39167fc7541eb4d62df5296bf272c0e824f23

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  77KB

                                  MD5

                                  226c8f4e4f2346d087309f884e84aa11

                                  SHA1

                                  5d3533f4b89645e8ed870bb118b6b62fb2919c89

                                  SHA256

                                  d48b4e96a6608565c2d78e5f0b889497633bfb2c269be0139406c33700149bae

                                  SHA512

                                  1cc52094273fec5ff36a462e0dfdf57e7c44e6cb8278db43d73a7896f4c04a8f8a499b3b83f95906c73a2650c4de18e853c9660ac35e23777e4d85d065909067