Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07/05/2024, 04:45

General

  • Target

    https://kso.page.link/wps

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://kso.page.link/wps
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4188
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff41bd9758,0x7fff41bd9768,0x7fff41bd9778
      2⤵
        PID:4204
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=256 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:2
        2⤵
          PID:3192
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:8
          2⤵
            PID:4052
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:8
            2⤵
              PID:1864
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:1
              2⤵
                PID:4404
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:1
                2⤵
                  PID:1380
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2652 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:1
                  2⤵
                    PID:1808
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4752 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:1
                    2⤵
                      PID:424
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4804 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:1
                      2⤵
                        PID:4804
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:8
                        2⤵
                          PID:1528
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5404 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:8
                          2⤵
                            PID:3780
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5544 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:1
                            2⤵
                              PID:2332
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:8
                              2⤵
                                PID:404
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:8
                                2⤵
                                  PID:4000
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4636 --field-trial-handle=1776,i,1730844021833466684,14570546752171001457,131072 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1576
                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                1⤵
                                  PID:2392

                                Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        384B

                                        MD5

                                        a8fe43d078f7ccc256fa72b2dd2141bd

                                        SHA1

                                        053cf6b232a232994045aacce0a8786db5c4e280

                                        SHA256

                                        7b5f35463d33e5708026ed9ff664218fec3908cbc4b6a759745002c1f31adc75

                                        SHA512

                                        ab41748739d50e0e627bf5372e7b1143dab79713750af814cb2351cb242b1af8a5ee3ae62aa7f6c491e8fef9c0cfb39d22e373d6d23dc0bf19b89a76e99a29fc

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.wps.com_0.indexeddb.leveldb\CURRENT

                                        Filesize

                                        16B

                                        MD5

                                        46295cac801e5d4857d09837238a6394

                                        SHA1

                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                        SHA256

                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                        SHA512

                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        2KB

                                        MD5

                                        4f7664f5019d647bd3f9041a57db2aa2

                                        SHA1

                                        5d245f4149ec6e1e0bc09d71d3463ae9499cd5d7

                                        SHA256

                                        d1fd9507dda2082284fb69a01974cc981f991fb66ecc3f2eb8741c2684297dda

                                        SHA512

                                        49c0dacf8bf4049da123886676527b0a257fe680782c7e3f915c395a8a1f50b7801c81c66adb9500397e3a297eea7fcc46aa4ebe6d14aa7b3745f6bd7024a664

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        705B

                                        MD5

                                        27f03bc04bd518227ceed489ca7107a9

                                        SHA1

                                        72cb1e4acdfbd352593a3ed45be826f45700a8c3

                                        SHA256

                                        99cd3780cdf18db78bb836e4aa56ec9b73e29298629ecb7f6d53bcdb94be8bdc

                                        SHA512

                                        cc301d74952b9e77b5cc49f2d0f2add21e2c22111894fafcceb305c30bd68e05de75ebc0c29ad04f254d874779f40c2fb974c83e4a6a972526e78fbd0cad158e

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        3da0bc42a57107073abad759b3b69897

                                        SHA1

                                        0b26e710b89703d251662e1d7690f12739d2dff2

                                        SHA256

                                        98c57a1bfd316d24399192d4a0b80f42e7ae3fb30bba145d372c308ecd5f9cdf

                                        SHA512

                                        94ade042f9a422b60004ac5ca5e0ba0e6eedd3c04773960b7353225e96da4d6a89641b8d25ffe9e5fc8f7d325c4c108b93fcf9812494f1f4ce1634182548ac87

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        6bebf943daf62bb5d1ac04c477b8a955

                                        SHA1

                                        a1a414b935752b4d0cff61b3a125b75a86f205f9

                                        SHA256

                                        6529d00d271359e9108f0b8571f4e9af87970ba0669d9c726eab86a8a757a8ed

                                        SHA512

                                        e058c7ec24a8e063716f4a5c11607edcb165b063fd8b08ced9d37e52df876ee87dd78911a9f6990364e7f15fd31e2cdd77213f5eb32c3f86a6dc80da3a9d59bf

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        d209b4c99dcf022ef3641f32152f080a

                                        SHA1

                                        ed6955eca47442bb7af7c1eb72e5c484badfdeab

                                        SHA256

                                        5ccbb0fb35e67ba81b44fce95336f134e51ec6db0ec94105ffd148a260930bbf

                                        SHA512

                                        47a9628bf45522a848464f67e487c60b1e98566969825215b7a2b0771eeb8e7aec82f2bf734e3f52eb6561e33f019782d37ad4353140e5114a41e88d2a540490

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b98637bb7ae2171a737905d5907291f63b4218a2\4a5c31ff-c3bb-48b7-9c04-fca704d49b00\index-dir\the-real-index

                                        Filesize

                                        96B

                                        MD5

                                        592b071bd8b5144957a9671f9c70010f

                                        SHA1

                                        c4245a7a5db3f559f30b225077822c97eb5e6886

                                        SHA256

                                        fd818f023fae8de4a1d2b7f1eeae85e569a6330880bf51a74506437f3f871f88

                                        SHA512

                                        26c50ae72392f35f5b95f6b50d020a2e44228fc2322e049cc31bd4f28bde4919eef52cd4dbe15a8f57d9edb0f1a80bf5a9f397db2f769d963ddf1877d34d7013

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b98637bb7ae2171a737905d5907291f63b4218a2\4a5c31ff-c3bb-48b7-9c04-fca704d49b00\index-dir\the-real-index~RFe57bd45.TMP

                                        Filesize

                                        48B

                                        MD5

                                        2897bb9c06ecae682475a5c47b847899

                                        SHA1

                                        bdb460c25f95629d98a3dfcbe3efddf8cfdde5e6

                                        SHA256

                                        b713a6492887abc02f7e04dbad7e8c513b42f70d535bea09855a83d0c6a401a6

                                        SHA512

                                        8a1db2ead2e8747adeb949161cf2a062a9728172f6e4272551a2b1fef05958a0ab5154068490fc836b752ccdb3a15c38e51116e6dc9b47c9ba7b36ab250cec95

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b98637bb7ae2171a737905d5907291f63b4218a2\index.txt

                                        Filesize

                                        104B

                                        MD5

                                        067c7afd372ead7b4b8366fb6ad8a632

                                        SHA1

                                        f067995b7112a44a00008889dc6cb49d9683f144

                                        SHA256

                                        5eeab9094711286bcc0f21ed8a9ce290e4b7e43d7061e1eefc72c5492fddba52

                                        SHA512

                                        fd66425eb7e079929f1483cdba6976dba72f912ee4bda25bb14e7dc6db775d3f06f97e645cb9639dcacfcea8f006efdc760ecf72a217df469701c2f28dbc6dde

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b98637bb7ae2171a737905d5907291f63b4218a2\index.txt~RFe57bd74.TMP

                                        Filesize

                                        110B

                                        MD5

                                        15372660e78db9127873600c6ac75461

                                        SHA1

                                        42141a7c8e46ee14f62d7b9a8b185e38d91814f8

                                        SHA256

                                        6ad64efe7d1bb59d6cdb8ef47ea334369855a96efc5cdcb1c050c9f7c4d70c2d

                                        SHA512

                                        f2ecc4d0d7b39c3a36fdc1ce330e7555dc1fa1669a0db31c70d5d8c4713c7776df84d2c2299d70c30d8ef42f13a47e4894e5f281087867f3688b5dfe371c610c

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                        Filesize

                                        72B

                                        MD5

                                        6e177a94604232c09f1034df649aac6f

                                        SHA1

                                        de4e635fab8e0247f8a7df9006e03cf15042b5a5

                                        SHA256

                                        533c8d30c9ff5ca8c94f35fc33f36f04ca425f99cd8f2f19acac7f778abab20f

                                        SHA512

                                        14579021371a5521635a9043b42f6c0dfd24a0f17b5b350bfb2c18f9eb2b29c402cf29d2daea447cb11b6afa835ff62c937bd15eaffd64dfb3785e30d4662ac7

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bcb8.TMP

                                        Filesize

                                        48B

                                        MD5

                                        2e069c847498e6fa8d82ac398fae1169

                                        SHA1

                                        52c7e6e139cbf8d386afe72124e9418e1c86a9e5

                                        SHA256

                                        e08cb6a299a75178bb6e6450813a3c8ce5a34cbb640b58127a17b88947509e01

                                        SHA512

                                        6a0bbd41b3e00b8bc7d42090b95c8a1feb4496680511bd3297b91ca672ebff9deaa7a5be37c604a3e9680f0cf6986a33b0604ed70c61a3ff96c449c5c2dece04

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        136KB

                                        MD5

                                        8587ca73215cb8adaf880f31b022e98f

                                        SHA1

                                        2825d9753ffb29c074b9c2548282af21b3ccab49

                                        SHA256

                                        9abf6a9f825db5c9d0633c71297f059faab3529f9fcd2ac3f491307517956baf

                                        SHA512

                                        6779c8f9fa32aa8e4eaea8dc6d3e981519945f56fcfe16e52534e9744be577f4f30b831d513ac6297a3736d50a6c152c5bc95ad90a8133b9eac181b4bf2e5792

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                        Filesize

                                        2B

                                        MD5

                                        99914b932bd37a50b983c5e7c90ae93b

                                        SHA1

                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                        SHA256

                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                        SHA512

                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd