d32f3a860b863d38f117c2e7efcaa6909583d418f8578b526a7ed0153529644b

Resubmissions

22/05/2024, 03:10

240522-dn2s8sae4z 3

22/05/2024, 03:06

240522-dlsgsaac63 3

Analysis

max time kernel
52s
max time network
141s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Virus Maker.rar
Size

82KB
MD5

d1f61793e7898df4b27e3345764ceca8
SHA1

f03b91146aeaf753b565620a022a238830ed56d4
SHA256

d32f3a860b863d38f117c2e7efcaa6909583d418f8578b526a7ed0153529644b
SHA512

6491767f6db68886d000b173306377f3b0bf2d6db765ce4c14139c9ad09fa44e6cb75489f3858e45c4000333d2ad517721f81cc48e94de25c75c17cac36bb617
SSDEEP

1536:S0s/fG5w2aRBBNACjLkvSrfqAbv0Zarjg5AfDLCNE3Ztg/776X95:5s/+uRBmvMfzrhfbD2NStk76N5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1536	chrome.exe
1536	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 2800	1644	cmd.exe	29
PID 1644 wrote to memory of 2800	1644	cmd.exe	29
PID 1644 wrote to memory of 2800	1644	cmd.exe	29
PID 1536 wrote to memory of 1364	1536	chrome.exe	33
PID 1536 wrote to memory of 1364	1536	chrome.exe	33
PID 1536 wrote to memory of 1364	1536	chrome.exe	33
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 1864	1536	chrome.exe	35
PID 1536 wrote to memory of 2756	1536	chrome.exe	36
PID 1536 wrote to memory of 2756	1536	chrome.exe	36
PID 1536 wrote to memory of 2756	1536	chrome.exe	36
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37
PID 1536 wrote to memory of 2772	1536	chrome.exe	37

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Virus Maker.rar"
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Virus Maker.rar
  2⤵
  - Modifies registry class
  PID:2800

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5739758,0x7fef5739768,0x7fef5739778
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=988,i,12936975688658284415,891877455676877000,131072 /prefetch:2
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=988,i,12936975688658284415,891877455676877000,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=988,i,12936975688658284415,891877455676877000,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2224 --field-trial-handle=988,i,12936975688658284415,891877455676877000,131072 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2232 --field-trial-handle=988,i,12936975688658284415,891877455676877000,131072 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3184 --field-trial-handle=988,i,12936975688658284415,891877455676877000,131072 /prefetch:2
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1336 --field-trial-handle=988,i,12936975688658284415,891877455676877000,131072 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3388 --field-trial-handle=988,i,12936975688658284415,891877455676877000,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3380 --field-trial-handle=988,i,12936975688658284415,891877455676877000,131072 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=988,i,12936975688658284415,891877455676877000,131072 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3988 --field-trial-handle=988,i,12936975688658284415,891877455676877000,131072 /prefetch:1
  2⤵
  PID:2700

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
263fff77c2f0f69fdefd4f2a3d8b3410

SHA1
491bd2a2514f202fb20573688155553926ef1334

SHA256
b9212cdbf4abea78085354a47502b9916bf94e246cbe34a1fd2cd653677788ef

SHA512
00955387b13b4514b36d75a2fc38d338e46699acfca7d4d90cea54a88d57d929b4e925300eaef55453dee590b5fa17f2484eda937769e9e436b164d6c4447d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3fc0457308b61852746fa3a9600fd5d0

SHA1
deaa5b2286c9b26ff61de50df7eaa7a71ebd92de

SHA256
9b51fe4e62b379307a71d634b5b12e61c2d9ffdba96c8567501405d0dfd06fb5

SHA512
cc73ce19964482f9d527ed6a95e258e7f13a12a78c95b9bb61cbbe4bd2d737633fac5079dcf0a2cf00e56fb24d7fc950300f25525225d31cfba41693009a263e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a987d997bd792c5801a04de85b8e08c1

SHA1
9f5d2cb3194965e643b6bd15ed02dba9c4722a27

SHA256
34221a19ca6bb2d0caf6cee5b171434037129531c4e809eb56d121ce7280c1e0

SHA512
8734a1aa678e4301426cd184ae9f704994f8a359465d92b067ab1b34b5eaa1f0225885753b131a4a817108af58b85ca1953ed19f19f46e4aa2e66d2ed0538e4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit