Analysis

  • max time kernel
    599s
  • max time network
    486s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    22-05-2024 21:29

General

  • Target

    http://cl.gy/tnYLG

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://cl.gy/tnYLG
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4348
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff781ab58,0x7ffff781ab68,0x7ffff781ab78
      2⤵
        PID:1444
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:2
        2⤵
          PID:1708
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:8
          2⤵
            PID:2144
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:8
            2⤵
              PID:4964
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:1
              2⤵
                PID:3400
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:1
                2⤵
                  PID:4652
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:8
                  2⤵
                    PID:2028
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:8
                    2⤵
                      PID:3836
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4636 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:1
                      2⤵
                        PID:3032
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:8
                        2⤵
                          PID:2460
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:8
                          2⤵
                            PID:364
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:8
                            2⤵
                              PID:3168
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1924,i,11800829569358540371,15662445302290857227,131072 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2464
                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                            1⤵
                              PID:4052

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              dcd16a5c0211af9e2c549363cbd81ee7

                              SHA1

                              e64ff9dd089d133cbe5bc3c4cb99dae3caae7169

                              SHA256

                              0b5fc9c8ee64dcca171bb33a0e171b15ce2b3e9364d9622cd335f774ac9d43aa

                              SHA512

                              9495726f4e70ab1f34f14be90caa3693bd8c887cef847904fc746bcdd6a8e49de62312d50cf1f941938865ff210a720b66ee5ebebdf4871dc6012242d54268dc

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              1b98d4226aa3a19315b4ff107dbe4695

                              SHA1

                              70110dfc1e1919e8d6ef17ec656a5ffe9d7917c6

                              SHA256

                              7dfe85f12c3bcc3069f679899e163f736dbce57f3627fabbbfe6a15e775962d9

                              SHA512

                              ac713eb7faba5b4e38521e41e3c1ec0338c00f8256492d85d6af961473950eeaf24f5917a8262dd94d19b4a57e1fcfaa475330d77eff5fde0fe2b6282a85fcf1

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              7KB

                              MD5

                              2acf0fab06df745fc1a47a07d66e9c23

                              SHA1

                              83125246ca717e0d66069c081c9daef56fb98e12

                              SHA256

                              a3e3a42f143dec25b51c3e39760a4cf5bd23900ba5585fa54a70fa93f1ef1759

                              SHA512

                              5d3c0f29d8a5e9e17d1c405032bf6f572a72be35ed485f40ccd6052d7d3fa32c139e4262775ebb035271cb8b5dfbe70af01ca5f6d9ea792ec854b68f62d3a262

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              277KB

                              MD5

                              bbb225902c17acc1ec9a01ffcd239d4f

                              SHA1

                              2b5bb1a38c3d9cf0fc839f3a3794cc66f7592c57

                              SHA256

                              c85e810f5be93a1b6174689b6ca069778a5042a2baf4daa6b08e9e59a1bea49d

                              SHA512

                              f08cd2bd786a0d9ad757cbec7228cd4e0346d1b7f75b60ee26b39e96bee2dc5abee4861adca75c46e5f9bfd08562eff94346978851c7ea1f8b08f1a0721b9629

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              257KB

                              MD5

                              2607bb3aa4cae7b442a6966bec78c033

                              SHA1

                              e10f893705e96be5a1c174c63df4ec9b928f321b

                              SHA256

                              15d489d48aae706dcf4b2ccb93c5428fe75d6509a035be49d26b0a7b8ee14b14

                              SHA512

                              0fe7a946030633f979b7e988f3909bd61ae68ee2d1ed8b09fe471593254a8ee65877498bab2c9d57d2bf05d222aae2b93d0561af109d7225c0150d2b6a2557a3

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              257KB

                              MD5

                              02ec6f52de6106f153683acdaf629bd8

                              SHA1

                              93a6423973ed9ed1ef0811b1c4843bfb5d0bab15

                              SHA256

                              cc1bc2aa52bbbcdbfad05183c2cc297a536cc719a7894183b96905994b6f20fd

                              SHA512

                              b10a2b630a2300ba814bc4dc5a3d2711d241cff55e94174ae490cf80c340e2fe82859ca08b34a9d601ab13a9675dff89aa93ff7835627f09517cea37e792d40f

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              257KB

                              MD5

                              e77fd2707f5d982b83a4f44ff8c3057a

                              SHA1

                              b6cc7c188267c06800b2554d83a9ff0f1238447d

                              SHA256

                              55d0e058ef9784e25704d8c4ace098a706fe626ebaaa4465cd0f505394ae42e8

                              SHA512

                              64ab0d01588c9855e17039469372d1e75181e153c35a31ffdefd157fcc10d1799f5a49cd9b6e6854b08024b6490046799711607d94e7816f1578926028419a55

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                              Filesize

                              93KB

                              MD5

                              594283e11cf461ee50beb3f7bc1181ed

                              SHA1

                              9dc7bf487fe0d159292358a50889d7f92c4bd4d9

                              SHA256

                              6c100c3f20d9ddb5d5e554ac1730d86bc3e2bde070195b62a83606ce151fefdb

                              SHA512

                              648bb80f6392f7a2f9558fa0a8535ecc3b13fd852632c582f9b4c3b27a10d7d973236973acf2daccf7651324b270719de5269843461c974bf8868068842c4c32

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f23f.TMP

                              Filesize

                              89KB

                              MD5

                              bb504d74813538b053b26dd601008103

                              SHA1

                              30bd0f3b7d2a1b1182644d8475fee15dc686c9ba

                              SHA256

                              7298ca7228e15c3577009107dbdd2c65c2ee9b8085a8abe4dcc17e539668ad7e

                              SHA512

                              97bd307df966aac8dc678c85c3fe482ef95b3be83c20ac0a8b07c2123089192e683c9e5fd51dea065f2047a5198f3783dba86727eb5e6591ae7d96cbf30632e1