Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-05-2024 09:02

General

  • Target

    http://rcoa.streamgo.live

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://rcoa.streamgo.live
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1148
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb610fab58,0x7ffb610fab68,0x7ffb610fab78
      2⤵
        PID:1724
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:2
        2⤵
          PID:3832
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:8
          2⤵
            PID:1456
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:8
            2⤵
              PID:1268
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:1
              2⤵
                PID:4856
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:1
                2⤵
                  PID:2488
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1668 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:1
                  2⤵
                    PID:2520
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:8
                    2⤵
                      PID:4088
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:8
                      2⤵
                        PID:1632
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4704 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:1
                        2⤵
                          PID:312
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4720 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:1
                          2⤵
                            PID:1916
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3036
                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                          1⤵
                            PID:4952

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            72B

                            MD5

                            41cb0a9d2d3a9872a671d6ce0747783c

                            SHA1

                            bb5a647bba6fe5a82f64121687abb5fda1d9de76

                            SHA256

                            a1e3ec8c6bfb3ef5c1ab51d04a6c3f13f9f99874123d780988727f142c6f3d5d

                            SHA512

                            3dcd4b49c25a3ded31b273ef34e0ce33887f9802b73730872e7038f6e871b507aa0c580853bd988c8e7b461a4ac1bdfc564843751918d0a50c54a568dc7546a5

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            2KB

                            MD5

                            d89006a7857db5fc3db383767cc21f7b

                            SHA1

                            a402fe3b2e7e347c34960ed15baab518a1d3876d

                            SHA256

                            202437dc137c73bd345b4ebd19656a2d465673ae603f5718e048a61d86404f4d

                            SHA512

                            bb780b619aa510fc7ccba48a78ad9eab9b0c9758c397730092f99b63d48e120e4bdaeac47af0c716825c1fd9c610a6a723a90cfd8ca656141761a14d5c3e051a

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                            Filesize

                            2B

                            MD5

                            d751713988987e9331980363e24189ce

                            SHA1

                            97d170e1550eee4afc0af065b78cda302a97674c

                            SHA256

                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                            SHA512

                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                            Filesize

                            518B

                            MD5

                            781caa583a25e73c186192c71a8b3ec3

                            SHA1

                            9e8488310f00b1d23c558dfac1be7ac847f46681

                            SHA256

                            984a676de52f4aa1a924030850d98600de432aaf17cf45f5132dc27a81787867

                            SHA512

                            977bdb29cb1b74814833cba2c4b7a0a59e586edc2536289bc92fa477f620d1ae0b8fb4a5cf8dc0cab09da9ba93d3bfa44496ebb69e745b40e5a64a20662451f4

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            c7bda64902e4305c7378cc3bf367fea3

                            SHA1

                            cbdf53ab45c37a9e64e21166840b5aa4961481e8

                            SHA256

                            99601908a1106e4ed478fdbf0460c4ec1e491a80657f2797a7b182ae3bf7b0d2

                            SHA512

                            e899815cd9e4ddcd7d0c4a474c2b196be8e223fa763b3a92446e8ea0eef95174d91d8665971452fdd29b72b62769fd19b5e2e32ecd36b3d608b310820a92f2cd

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            10KB

                            MD5

                            dc15b5751613584469eb152805402afd

                            SHA1

                            c94fd05e3cd311d1bd0de1a82690ae0ade788e39

                            SHA256

                            5f5436009f21ad7c2b479eb28bc93c834f2c9ce0b3d0daa5805135d5e5ec98e5

                            SHA512

                            f4316b22d4f0a316c9cae122dc955ecb60adb49bf47522c3dc641b7b7b3fbec811a97c9bdd84ce24c8d03cf052f8cd3b5f457900130a818ce2a8eb134a575c7b

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            7KB

                            MD5

                            ab3f9ebf55e5388d2be6abd2b4a5690c

                            SHA1

                            80a525b4977faeab113861eb214bb86c331fecf3

                            SHA256

                            09c60af3884ee524bbcbd76a29eefc20698bab170d9bceeeb39f467a5f926698

                            SHA512

                            2fb51bb903e4d87e7e0405af4557a118b7a6f73981a80eecff1eeb5aec2310cab8a275f09238a435659dbbbe9f42785eb118da705ea780a498431a2995ca1391

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            255KB

                            MD5

                            2bba3d9db8f9e19f72481aeb486dca05

                            SHA1

                            2687784c56d420e732537b0555332ec571716095

                            SHA256

                            a3d4567fcc7f1be17b067b97bc5d5a4c2b6e74a7352a1dd75e25172cf3db87e0

                            SHA512

                            5232ea8432f107b91f581b46c905424d91ada27f8dcc196a659eb5f2fbbc3e573f237587ea5239061ff73626c642320ade19d06ffdf2564756464d10683dd58d

                          • \??\pipe\crashpad_1148_BVAUPLHXKNHCQFCF

                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e