Analysis

  • max time kernel
    660s
  • max time network
    657s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 13:36

General

  • Target

    https://github.com/Endermanch/MalwareDatabase

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 61 IoCs
  • Suspicious use of SendNotifyMessage 58 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbbd9ab58,0x7fffbbd9ab68,0x7fffbbd9ab78
      2⤵
        PID:3108
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1884,i,6948312185520043028,4463086214341483057,131072 /prefetch:2
        2⤵
          PID:452
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1884,i,6948312185520043028,4463086214341483057,131072 /prefetch:8
          2⤵
            PID:5012
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1884,i,6948312185520043028,4463086214341483057,131072 /prefetch:8
            2⤵
              PID:316
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1884,i,6948312185520043028,4463086214341483057,131072 /prefetch:1
              2⤵
                PID:2520
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1884,i,6948312185520043028,4463086214341483057,131072 /prefetch:1
                2⤵
                  PID:4236
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2868 --field-trial-handle=1884,i,6948312185520043028,4463086214341483057,131072 /prefetch:8
                  2⤵
                    PID:920
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1884,i,6948312185520043028,4463086214341483057,131072 /prefetch:8
                    2⤵
                      PID:4320
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1884,i,6948312185520043028,4463086214341483057,131072 /prefetch:8
                      2⤵
                        PID:5516
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1616 --field-trial-handle=1884,i,6948312185520043028,4463086214341483057,131072 /prefetch:8
                        2⤵
                          PID:5928
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2868 --field-trial-handle=1884,i,6948312185520043028,4463086214341483057,131072 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:6056
                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                        1⤵
                          PID:1184
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4240,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=3904 /prefetch:8
                          1⤵
                            PID:4772
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3484,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:8
                            1⤵
                              PID:3932

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

                              Filesize

                              2KB

                              MD5

                              cbc6b91f60a2fbb23679c9a562bd837e

                              SHA1

                              f95b345c430ef0c3dd5ed0384ef64799d0219504

                              SHA256

                              274b515d898ce19860ae5fcd1d458c8da2c890ea779687caf2f39e29a5d28652

                              SHA512

                              644ba451fd51653809c3b5baf074d49392596af3df35d852b56cc1f41ef55c9ce185e7858e7d26b912e9b50b08fab7c5011137a0760390f02c0b1fbbdb730109

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              1KB

                              MD5

                              69d29e5204ff65dcb72b63fac94b3bd0

                              SHA1

                              76a6c212c3abf1fd844f1f598b635743ec7ff59f

                              SHA256

                              c85e8534600f72356c465086ed909211a8f63540a8950c5dce1ac0b0728f9310

                              SHA512

                              f5ffd27af909cc44614fb4eb48301dbabb495dc084fde2c981d6196d4e65fac051e842431d364a4bb76263ae457bf58f920cff990facd1c85457abd07a5de55f

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              2KB

                              MD5

                              c3df28ed7793a28e90b0494527959877

                              SHA1

                              2c6decb9100e36dfb0b7e69445fa0ab1c801e01e

                              SHA256

                              55169b85bf0d58b101a51edb9fe992ad5307a83704dbb7b284ebf0daba482253

                              SHA512

                              403b54522fec6be65fe4f1ed5624bfb9416492d1500d9e25dfd98cf258a133423bd28dd83c9e6cac1bcfc170f194ea29e1d3649985dce5ca4d149d8a0ad8a916

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              8bc7c11ac1ca3c116591896cd579d34b

                              SHA1

                              42779c58ce87d3ad54c32b3725bb947e05d36ec7

                              SHA256

                              f122f9a13bc2f319250ce70ad023c7a131dc403f5572674d1df3a1e7533833d8

                              SHA512

                              f8d30cfb9586d94fee70f56ae62a209a809533da8c4032b03f43b190016d51d36ca4280a63ebfe7bf7ca991babcc4fec98dc292dcfd5fabc7200ef9d8fa2bbe5

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              800e632dc9bc362319795895a83f61ee

                              SHA1

                              f619fe9d3c1678b63477d42f7767c378d001b43d

                              SHA256

                              67a90951ac8b45126d26b2089b3a99ecf775a1326053250435d3ccc055ada1c0

                              SHA512

                              d02681cc5745220cd610443ca0edd0a0758b1c24903a3b3deda7e343d7ba5feaf0e78daef33fd79752c14b543fe36bc513cae950b2d7cbeffa52f493e5219934

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              1KB

                              MD5

                              20f80d47b3d5b04081ba3c9fd24dabf4

                              SHA1

                              1298cd427acf5f93e07b81d95a1917c1afc66930

                              SHA256

                              2eb741db263920e89a806ae9a7143c85b8a28fc0bb045b712dfebeff0a72261d

                              SHA512

                              d1ccc42b973c4040e0cf8916e2d60050885b79f269c469c2a55fefa99e892088be62b2045662af8a5a2fa35de59662a40066a709ef422317314a0dd685fbb34a

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              1KB

                              MD5

                              10f8ef24756208d11bfc38f1d0dcfb21

                              SHA1

                              a49432eb9b0ce0862ca4a4b65e40e1f29a41aa0a

                              SHA256

                              66888a8210a81983f7a3187fc7bddf73f76f653838aa7e4f503fc69238812141

                              SHA512

                              0c05828c71faa3c7a640fed1959062bbf4c15866d7542474ed0a6e895d23ba11691908b751dcc29df82c2aae763578f0dd5725364c09e50369553634d6d4e0bd

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              1KB

                              MD5

                              99488df3cd72c27e7dbb5d91c901f068

                              SHA1

                              1fa80cc67d8cd6b370d09a4df07323eaa39515ec

                              SHA256

                              60378cfba9fdb549ec6dbd2279f6e42a7fb1892ae04f10ec75c3c0fd414af250

                              SHA512

                              4a578a32f6d6d77ae2d3729fb04f52ddbd7a03f4e947c7634cf982a1ecaac9bfe605093ed41a6dd19a5ab5aa7cc5415a2781684f926dae5d0198e63e68f83cc5

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              1KB

                              MD5

                              f509c10991511716e03fcd34f56f1042

                              SHA1

                              880435cac94848834d216183c4f5e1ac2ca6fa01

                              SHA256

                              a7b35b3156dcc5b4ca4ca0e547d685299c8899d14acf45ee08948fac55fbb2dd

                              SHA512

                              358e45cf1a320d9f7dbd37ffe33bbb193049ecb36f37a5160c4b0cacfefbfd27893934bb201d0b04c34818c06c96eccd32113183d35d0803cf0e02a3cb24ab05

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              1KB

                              MD5

                              fdb42282882d69ba1c2a06782518b843

                              SHA1

                              6465e419d5fbd4a998cfd334d010da127b8fc7a1

                              SHA256

                              c7c7775f460f27af308e5e34e7ae9a2d64731fde362a4c715890be35c9a31732

                              SHA512

                              241435c3393d6ced85e208e11f6ea3c7357dc74c5339754d9c13d71ec1c352e1841b0864c54fa6ee12bace959e39a779fd822f493faff6b49dda74e54dcb917c

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              7KB

                              MD5

                              9137daf1401ad8972d95649a770b6627

                              SHA1

                              8aa4ba85cdba21d0f8c0cb4c3f7de858792c85f2

                              SHA256

                              d2d3d903f39a573fd055d3b18c30b9e800741598149bdd2341e58f8a4c8ad4e8

                              SHA512

                              7465b5bcd774c56ec37ab5b398295d83c54699c4776f8e9cc09ba2a3c3766ad5c910382e49e09e4075094098247cbd3764e6e8b384119c560ef179de55b7a84e

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              7KB

                              MD5

                              8be723d4119c7c1a4334be3355eef642

                              SHA1

                              2f639621016bb5f86ed0467056624819321fbcf7

                              SHA256

                              2f92fdd58d1bd5f3965f19ddb18a2d90813339bf0a96badc04d47eab95be8a7f

                              SHA512

                              1d84d173862bb1dafa71155bbf136e6eff7352e90ce72811d844c7443ff9542cc42b7414a40f7e8100fe037fcf970c2a5a75e703509c7439a00e5d8b5034f1c6

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              7KB

                              MD5

                              9dfdb4c5951f2e55fda4ed63c631ee33

                              SHA1

                              e478bd82d82d3f8cbb8ac3692ec5686ab2ce1247

                              SHA256

                              26470fd298f5e7dba3595a68faf1c5db82218f61184f92a986e24f1ec0ba145a

                              SHA512

                              461ca5f2a25980678fb26675ef791d5b45105d11767b112f1f185ea898c317d9f081ce62a740e4f78f381082bcd4f7391380a921c77a8b3dc0d6511d0fb3ac72

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              255KB

                              MD5

                              fcdf9238480b72e8ce7c24b2e125d83b

                              SHA1

                              e9a0e5641c9c027984b258d7be821340ec43b6bc

                              SHA256

                              9b81868b59ea2ac4a314773ee26a74058c092661073c13546a1efd78d491689b

                              SHA512

                              877cf0a2322c6f311abab204fd85cab115cb0b25bec09212274460017fccf0194a66efc10adfac34d1386d45e0438f66ebf363c2d370d5d721362304bbc404ef

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                              Filesize

                              90KB

                              MD5

                              818d0f006a7eca2c2a949fc7ab16d729

                              SHA1

                              19f6d3cedf2ead597147a1db745ce991f6410d84

                              SHA256

                              854126ea317d56884a46121a02a6250f563b17794190213f19f18f0d2dbd1e75

                              SHA512

                              c9ad9f079d45cd85db055c3a66dd7a83ecb4615161c7b913dad8c6f318c427459bc3bc6e43e5fca4f1c95cd16b97ce0b1c6ea5a638d347b8cfb9624cd6f06fa5

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                              Filesize

                              88KB

                              MD5

                              8086b6130b3571ebc6a124ad5b71632a

                              SHA1

                              5e69a042e0e5b452e6292d5143b0f9cdd080dd25

                              SHA256

                              9aada7e738b57a81bc2acb6fafbd03974e08b48ca7f8019c85511a3d27289baa

                              SHA512

                              dbdc758a77e74b7b031a14acb0448956b6ff63debd86e670eee8cc423c59d4cf1e61cf02871bcacf8eee0fab1f148cff89dc06584e41b1ca5b683d7d7f8a36dc

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58500f.TMP

                              Filesize

                              88KB

                              MD5

                              a43da0d94c2be005acfeb26419fb1163

                              SHA1

                              d5153426aecf4a476283c944e11cb6dfb61a716b

                              SHA256

                              40cf246d2d37ee52228e61903901eb4e9e305e03c39da73780e83f639ae71f14

                              SHA512

                              a2a6e1c85789628d205e8a3dcb59ed1e7783fba7be94e03b61d0f2b9b406288b8f50ce532ed36a6d0943db2fb72ee45cd64565c25c875b788b4b2b02789e0446