Analysis
-
max time kernel
1025s -
max time network
1163s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-05-2024 04:03
Static task
static1
Behavioral task
behavioral1
Sample
2b9fa60df2621c7cd698d7d11007f8a04cb6586f495b58f4fd8cc5de5b04f826.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
2b9fa60df2621c7cd698d7d11007f8a04cb6586f495b58f4fd8cc5de5b04f826.exe
Resource
win10v2004-20240508-en
General
-
Target
2b9fa60df2621c7cd698d7d11007f8a04cb6586f495b58f4fd8cc5de5b04f826.zip
-
Size
360KB
-
MD5
5987a553177c829072297f01f1da0159
-
SHA1
5d4903d416bba621596b357bc65347ccdddbe271
-
SHA256
9c547d620055a9eb5c983e61789b1c3f794c1ef7ddfcce934c32ac754a1d7988
-
SHA512
a07a36517223c40c744164399c8a01278df85b167508282a8cd3f45f68eb24a732a0baac979065657a0e85ab81996a1f16ba9fa3367abc8286f92769c32188dc
-
SSDEEP
6144:QIs2fqnzFv8QME77P7M24OHYlveaGRYL9hSe9OhIWAKUDXAXw1QEfDWuxVtEsglJ:Vst98QpPjEL9hFGPAKJSDWwgllyHrm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598739762096332" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 1508 chrome.exe 1508 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe -
Suspicious use of AdjustPrivilegeToken 32 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe Token: SeShutdownPrivilege 1508 chrome.exe Token: SeCreatePagefilePrivilege 1508 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
Processes:
chrome.exepid process 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe 1508 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 1508 wrote to memory of 1216 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 1216 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 588 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 3132 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 3132 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe PID 1508 wrote to memory of 4476 1508 chrome.exe chrome.exe
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\2b9fa60df2621c7cd698d7d11007f8a04cb6586f495b58f4fd8cc5de5b04f826.zip1⤵PID:1916
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:772
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffa808cab58,0x7ffa808cab68,0x7ffa808cab782⤵PID:1216
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1876,i,10378468903098131034,10483933877034046073,131072 /prefetch:22⤵PID:588
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1876,i,10378468903098131034,10483933877034046073,131072 /prefetch:82⤵PID:3132
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1876,i,10378468903098131034,10483933877034046073,131072 /prefetch:82⤵PID:4476
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1876,i,10378468903098131034,10483933877034046073,131072 /prefetch:12⤵PID:2212
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1876,i,10378468903098131034,10483933877034046073,131072 /prefetch:12⤵PID:3968
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1876,i,10378468903098131034,10483933877034046073,131072 /prefetch:12⤵PID:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1876,i,10378468903098131034,10483933877034046073,131072 /prefetch:82⤵PID:3088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4360 --field-trial-handle=1876,i,10378468903098131034,10483933877034046073,131072 /prefetch:82⤵PID:3060
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1876,i,10378468903098131034,10483933877034046073,131072 /prefetch:82⤵PID:2116
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1876,i,10378468903098131034,10483933877034046073,131072 /prefetch:82⤵PID:4396
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1876,i,10378468903098131034,10483933877034046073,131072 /prefetch:82⤵PID:1656
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5060 --field-trial-handle=1876,i,10378468903098131034,10483933877034046073,131072 /prefetch:12⤵PID:1992
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:216
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
199KB
MD5585ac11a4e8628c13c32de68f89f98d6
SHA1bcea01f9deb8d6711088cb5c344ebd57997839db
SHA256d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6
SHA51276d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19
-
Filesize
168B
MD5b1ba64472e135f2eb6ce2a78c03e0b1a
SHA187a82d00430d0f1838145b9d209cef698a253fb1
SHA256e954edc1d99647cf96b3be346eff67d0c1037370e7ffe36401a3b2c368a58d21
SHA5126472653bb1c7171661c0357d6a3cfa9097fed3cffcdd56e978b521d2b3d864498eff28c25709514ea546eb6165bcfe96aff28b714819ea51af557d2172215ba3
-
Filesize
2KB
MD59292f6e9c331ced8a58cb18d03e08f61
SHA1affb755baab282b8b482e43bd1693fe6cd9ce293
SHA256b353750a2d462baba0ca1ead63531aa3093df47adfe43c967f29e382797e3e9a
SHA5124b8e75e3bda486188285839072df8c905613826c04917d06953ac781cc14c52d5bc1ed3479a20ca4891e8f1f447b1563d010a25dae4c61066b07dd3b1bb71c8d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD57e56d12e761fe8ab20331c2d26ae1778
SHA1027340435ea0b569a09d3a7b1f4684929e2ca9fb
SHA256b1ffa4bac5ad7678a5914c6de2e1f37860cafcc9b29a6d0cfd6ded90a0a998e7
SHA512120a6fa119de0d3919bdfe75b9df49f8c4b254d3671568a7b2486a9a99ae0289be344fd5e34d68086d252766afc866d3ae528d05b7792a1db924599346437406
-
Filesize
6KB
MD5ac2f51c5151796d4743fd96e229922d7
SHA148cbf2c40cb40823fbd2f5b6e5c2be9f4bf3c3c1
SHA256ab97d3f5755173bd73d0ff94e45a6fd1881e1df70742ef8eba4d20402bcdb934
SHA512adc325da2cab9298ff8bd3ca542db2cca9817e295970a0436498d401c51267e8b4e784ddf34ecf6df0b386eb506c1d1d4cab2b479a9ee091ba7840092ccd1732
-
Filesize
7KB
MD51cef4bda2cc4a6e5dcf1294c98688a00
SHA10f05337f47a811fa12c15ec6ee6d72768a55ad6b
SHA2569cc86b5d42f2533f120028e533d28764cd8059d38f09ebcdda94d74896eaed66
SHA5127f339dfbfd86fa43e90fc149f6952caba28124b5f2651b89f996ca1a52524ef28806c46df146989be691b1c6df6a69f5a39224ce7d1c447433b75a8290d85016
-
Filesize
16KB
MD593bd3b41e8f6e02d6a37e230e3e768a2
SHA1a87d7534837fcdc118f0d9b45ade4d225fdc9444
SHA256fd2b7c656114fc9961fd670dc147419e7565f547480425482fed525de6cee0db
SHA51278407f107613ce3fc9800625371a9c96110f1d1cde4b2228b4163f9a2ae6e818b6ce4ef305bec4d62a4a9f3b98b48c3a145ba123cc54f6ab7b0e3c93e0c8e3c8
-
Filesize
256KB
MD5658e16f6631997065a3be8ba90362ca6
SHA1a5bf5caad08201ffbd454c7605ea8c429a32a76b
SHA256bef6322ff94ca36a28450e4fbb670d32d9b126f4d78c73a99ca609913616adb8
SHA5123dcc3a098c1f59d0592333412881e3c32969d1bb6eb810ce160447138717fda5205987f14870d2296a7e72167e6b4c6d46091418e32719f6102b5793fb967bb7
-
Filesize
256KB
MD50088041495d6d51b261f78bb27f74ca6
SHA1b4f2fa812a55852a8303430590d08c5283e42cc8
SHA256827b8d3a8f13a84e6986f3802e6b78435726ea8907b3acc7e14eb2d236464643
SHA5124f22710afd766f655ba99c4de65a13ac36eea312f8645afc0b1403481ff3c272d5d51d328b549e11c1621b217b56585ad143453c064d3fa8587e6234dd56d2b8
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e