Analysis Overview
Threat Level: Known bad
The file https://du.sf-converter.com/go?t=b1a9d864ec6da87d5bafc4713d665be0&p=DPnB~SVZwjgUjvJEVeQZvFZx-2EIQWDVpzmwJEGszr9rHH3xsgr9lT0aQcrCUN~vWRyH5EOhq-nkUMIiabjGjhmG6Fdt46ymD0rDVtX~ZJQ8jrtR8wbJiVFmxovGIeSTMKvbZtfdF5~PRqU~ZynWDuPlzkZxh6EiuV2MLilWlaLMf~A75Gnrc2g1zG59VpnZ*356f7bebbdbc71996f5c8070e5c12d96*2*1715355210 was found to be: Known bad.
Malicious Activity Summary
PrivateLoader
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 15:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 15:34
Reported
2024-05-10 15:35
Platform
win10v2004-20240508-en
Max time kernel
65s
Max time network
65s
Command Line
Signatures
PrivateLoader
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598288723851370" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://du.sf-converter.com/go?t=b1a9d864ec6da87d5bafc4713d665be0&p=DPnB~SVZwjgUjvJEVeQZvFZx-2EIQWDVpzmwJEGszr9rHH3xsgr9lT0aQcrCUN~vWRyH5EOhq-nkUMIiabjGjhmG6Fdt46ymD0rDVtX~ZJQ8jrtR8wbJiVFmxovGIeSTMKvbZtfdF5~PRqU~ZynWDuPlzkZxh6EiuV2MLilWlaLMf~A75Gnrc2g1zG59VpnZ*356f7bebbdbc71996f5c8070e5c12d96*2*1715355210
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6493ab58,0x7ffb6493ab68,0x7ffb6493ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1908,i,13954051233348048486,10395688177428230233,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1668 --field-trial-handle=1908,i,13954051233348048486,10395688177428230233,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1908,i,13954051233348048486,10395688177428230233,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1908,i,13954051233348048486,10395688177428230233,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1908,i,13954051233348048486,10395688177428230233,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1908,i,13954051233348048486,10395688177428230233,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1908,i,13954051233348048486,10395688177428230233,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4564 --field-trial-handle=1908,i,13954051233348048486,10395688177428230233,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1908,i,13954051233348048486,10395688177428230233,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1908,i,13954051233348048486,10395688177428230233,131072 /prefetch:8
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\best song of the century.mp4"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x304
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1908,i,13954051233348048486,10395688177428230233,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1908,i,13954051233348048486,10395688177428230233,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 --field-trial-handle=1908,i,13954051233348048486,10395688177428230233,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | du.sf-converter.com | udp |
| DE | 141.95.65.20:443 | du.sf-converter.com | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.65.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.56.20.217.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-dl-api.com | udp |
| FR | 51.159.98.166:443 | cdn-dl-api.com | tcp |
| FR | 51.159.98.166:443 | cdn-dl-api.com | tcp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 166.98.159.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c38540ff65b43262ba5e2ef1834436c1 |
| SHA1 | 7c606e1a63025f2c49fb5dae973d1395b0b29948 |
| SHA256 | da81b9c42d754066cf3858581213a4dec0358443e84301ad3496de8eecd2c0f7 |
| SHA512 | 0531d40c8404c90e3a0e4fb33a74d9d8e11fffd1f07606eb709a9d5ddc0ee786c9a6bdeb3d3f19f7eef4ec7247d4dd01c6c13c7f2d079846c69c2550aeec99d0 |
\??\pipe\crashpad_3988_RFBJXDOKDSXJNMZN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | aa72c109edc90954fcca035eb2870cc2 |
| SHA1 | a93d5aa60a41462797ac373209a5e887f4d1b99e |
| SHA256 | 5046ff3f5c9600525b7401a75f0c29307c912f0b46c73a09ac45ec2035bb0cf6 |
| SHA512 | ebc2f2c07d70b60452ef628768cb6e37afd7e49733937bb3e6bafa00335fd092b15e2c0b718791a04716ebfc1f6bdab813b5842576db788ee96c60fdfd009728 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | afc626b8b7ffce4ce21d08be3be61aec |
| SHA1 | f3193dafc2155d2fe62562dd65a55cc9b43f90be |
| SHA256 | ee91d298867a808e50c6562619e709620548f991876b2e5bd6a9818e5fec3787 |
| SHA512 | f71f10f222aa84aa1ef7012ae502b30fb10aa805baa4f599a0f392223923a7429e1e96820bf4e5e69cb29a50217d1d6f2b2e78d3806855004eba3ac9304ee1db |
C:\Users\Admin\Downloads\best song of the century.mp4.crdownload
| MD5 | e3f4df628ecf9889701233a3245d9f2e |
| SHA1 | 556aa543516debcf83f01c5ebfdae4bca5d33d78 |
| SHA256 | 5fc0ce8e5a9d4143b6ec25153a50a0ff5a18dc3f6c95fda4bc97f0a36a86eb22 |
| SHA512 | a1d6cd607c8d2c9be05091981085cc1a3b6fdecd3056b27ac96c6eaddee9f8c801fe8a9ba8eda1652a9f56d151adc7027ddffbbf97341a3c992beafae7cc05a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 458feabcca80d68c874e85e098ba1b96 |
| SHA1 | c1799ae383bc15024f14ce85377091dbc0fba771 |
| SHA256 | ff261bfedab002bc7b9c8e1d9dfe14951af814b23b00232cc7388fef181338b3 |
| SHA512 | 04c5fe406a812659d927857c22239235dcd4aa2638a2aa810075e02d8e134b5a3b83ddb87ff0e8c21fd85515eb5afcc51e9bf17dccad9871b8d8a6927aa9c413 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c5e003ff6f19203ee1cf2e435e897970 |
| SHA1 | 5c704b7c465a44247a7f468539986e354ecbf324 |
| SHA256 | 633272783bd4c387432315073e97f3367e269e246591bc16e211971c495e8507 |
| SHA512 | 9c23c36a2ef3129c4a22a8dc5f5508326458745d1223aeab0c284d476ec1ce5111c6a511c671f8f38f9e0159c9491fce047c89c129d7d5b7aff091bbe062c5bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a13553e7ee4dd8cbfa7f40aefd40624f |
| SHA1 | 1712ebe0e8da6b17f5a372aebd57b6fc75e3012e |
| SHA256 | 44632d1fd8e7e83309186d0212425ce3cafb7e465d51b773606ae4c6c855e67f |
| SHA512 | f37d97699ec37874702ffd99ffd8c48c3156d05acf221608042c08fa01e779207825dc928a011ac1c50a1096f3b289766fa93759a1d21408879c740e37e6d340 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c44a.TMP
| MD5 | bc945a1ea927b4478b69a8907ed735c8 |
| SHA1 | f24373bcd79693e51fdcf6db51f9ca126029e823 |
| SHA256 | 053f976ab93ea9c3a65ef14057f39860246dc947c953f46d660f86fac8d002cc |
| SHA512 | 78e13dea64a0d8bf14db8774f6fbea378db2ed25475ca6305fec097d13ea81d631b3f287b436e2c96256cd06a455209c0ae931a05699bd2ecc0326ccce1f3ceb |
memory/2024-109-0x00007FF7A7DC0000-0x00007FF7A7EB8000-memory.dmp
memory/2024-110-0x00007FFB64B60000-0x00007FFB64B94000-memory.dmp
memory/2024-118-0x00007FFB646D0000-0x00007FFB646E1000-memory.dmp
memory/2024-111-0x00007FFB52B60000-0x00007FFB52E16000-memory.dmp
memory/2024-117-0x00007FFB646F0000-0x00007FFB6470D000-memory.dmp
memory/2024-119-0x00007FFB55B70000-0x00007FFB55D7B000-memory.dmp
memory/2024-120-0x00007FFB641B0000-0x00007FFB641F1000-memory.dmp
memory/2024-116-0x00007FFB64B00000-0x00007FFB64B11000-memory.dmp
memory/2024-115-0x00007FFB64B20000-0x00007FFB64B37000-memory.dmp
memory/2024-114-0x00007FFB64B40000-0x00007FFB64B51000-memory.dmp
memory/2024-113-0x00007FFB64CC0000-0x00007FFB64CD7000-memory.dmp
memory/2024-112-0x00007FFB684B0000-0x00007FFB684C8000-memory.dmp
memory/2024-126-0x00007FFB5B7E0000-0x00007FFB5B7F1000-memory.dmp
memory/2024-125-0x00007FFB5F190000-0x00007FFB5F1A1000-memory.dmp
memory/2024-124-0x00007FFB5F930000-0x00007FFB5F941000-memory.dmp
memory/2024-123-0x00007FFB60B80000-0x00007FFB60B98000-memory.dmp
memory/2024-122-0x00007FFB64180000-0x00007FFB641A1000-memory.dmp
memory/2024-121-0x00007FFB51AB0000-0x00007FFB52B60000-memory.dmp
memory/2024-127-0x0000013A50A80000-0x0000013A522EF000-memory.dmp
memory/2024-141-0x00007FFB64B60000-0x00007FFB64B94000-memory.dmp
memory/2024-142-0x00007FFB52B60000-0x00007FFB52E16000-memory.dmp
memory/2024-140-0x00007FF7A7DC0000-0x00007FF7A7EB8000-memory.dmp
memory/2024-143-0x00007FFB51AB0000-0x00007FFB52B60000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3f4f9ee8521b5ef91591efa71d48de1b |
| SHA1 | 299e6e8e91f32c39226c1179a51ae80c8fb0d6c1 |
| SHA256 | 028ccb3fe0af56e1a8629ed9f9f9fc14e1ce2693df692bf456064d36bf7b76e3 |
| SHA512 | 477e684447389e316d87264776fe040a19b360bed2fe7b8b2156664f92174ca4d1a58d25457d561112e17c1fec83740297ebe862f3cdaac0ccc21479a71e4cb1 |