Resubmissions

22-05-2024 00:10

240522-af3h1sed73 10

22-05-2024 00:06

240522-ad1xeaed36 3

Analysis

  • max time kernel
    299s
  • max time network
    288s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 00:06

General

  • Target

    file.html

  • Size

    176KB

  • MD5

    b953eba523e77f6e19ec7a66e5babbad

  • SHA1

    82dbe8304fa22decf94b5a96e5a19697fcbf57ec

  • SHA256

    40a7b25cbc35c77604ac44d96e3cded8b29f3b5dd25c093550ae0629c7019ab1

  • SHA512

    f4be970955f40caebb4c57612ba3ed3b1d6b921ad1561189483ae8072b375868b2e25bc9189e802e28f42be360b3979d322f79e6a80dcff87a3073fdb7897652

  • SSDEEP

    1536:UijCa50ZoTgAJuHnjde83Ml83Mn1CyKBKyf6C9XS6zmFMtMd5/an/xlCv1aszFek:UiLgAkHnjPIQ6KSEX/+HuI4MU4

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1364
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f40eab58,0x7ff8f40eab68,0x7ff8f40eab78
      2⤵
        PID:3032
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:2
        2⤵
          PID:4100
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:8
          2⤵
            PID:2416
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:8
            2⤵
              PID:552
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:1
              2⤵
                PID:4940
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:1
                2⤵
                  PID:1692
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1836 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:1
                  2⤵
                    PID:4460
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:8
                    2⤵
                      PID:916
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:8
                      2⤵
                        PID:1740
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2488 --field-trial-handle=1868,i,11104441268439535416,11590044363082095145,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3756
                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                      1⤵
                        PID:1636

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        3KB

                        MD5

                        545d395fa754e840dae8a43f6d3267fb

                        SHA1

                        cf54ce5c7b992a9ec5fcfd83c4063c4ffc2c8e97

                        SHA256

                        a1dc83f444cb3aa3d804bd36f512cbea2b5d17e58a21ffd87a63dd664507f81e

                        SHA512

                        b3bac1436c5d9ef2d448892257bed22d1be7226eb5782ce4bc028d8052ff01360daff14cf809bdd53bce8c57459d71811f6b16bdfd5c42e551414f4d44ea2d5a

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        3KB

                        MD5

                        3d9b2cfc192ea367d7fd073cc3d43aa5

                        SHA1

                        7bd68091675b40c935d77bb02c476d0dc5f3d3bc

                        SHA256

                        0dd99db99af8ed028645fc0dfc99a0735055f707a584ad0302f3a2c3c2ec8e53

                        SHA512

                        52b7a91bbd969fa305a58a73cb3be859199cce2077f9f45d9e6b644ea5954af1d137026adbc9e5bf1a7110261222ca4a44b2e55d0b4ac56696d25fce2e5d79cd

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                        Filesize

                        2B

                        MD5

                        d751713988987e9331980363e24189ce

                        SHA1

                        97d170e1550eee4afc0af065b78cda302a97674c

                        SHA256

                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                        SHA512

                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        858B

                        MD5

                        a54dec6d87208d1d36b2ed9a7eed6353

                        SHA1

                        3555ade23484141e11b219101587c494a253fd86

                        SHA256

                        973743038cb99798541a7767ce751146a109d376acbb700ef9891993d5fcccca

                        SHA512

                        a8fc6c3cf4a044abd2b9f6a84eb4da9526871c39c1bbd775b274ecc7c070cb3286cfac64434dc23cf0026b2b6762e38e052c92ca71b4c3ba3b0404a07a0679d6

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        b121d1d79145bc6aabe094df659b6e08

                        SHA1

                        60271861c4bb2f81685d8908830e9e351170e6a5

                        SHA256

                        c4a73706c1da9b834141fe72d363642796e37db7608e4d59860934c692fdbfbd

                        SHA512

                        e4877dab9592fe06b2a10c04ea6e485940feff6e374509e99bb779d10c0109306443d29edc4aca6c458c095573b52829d6a43c73956c9e449ba4f4bfd95ebca8

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        255KB

                        MD5

                        dce24ee6afffb3179dd690845c0f16ce

                        SHA1

                        0512b92fdcbc34350af0566f85bec62d54a39568

                        SHA256

                        ae6c23a3550e1d3f6582d25dbb63b32f76b83a084af98d98734b9ec35a906ce4

                        SHA512

                        8916f407e72870c345c5444164efd11b5e5c2c6d163f457ba37139f80cd9781da944252a0e39daf0a617543f047555f37c4f1b6ea4289bcde91bae37e679ef8f