Analysis

  • max time kernel
    1799s
  • max time network
    1727s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24-05-2024 11:38

General

  • Target

    Screenshot 2024-05-20 11.05.08 AM.png

  • Size

    517KB

  • MD5

    d62be3530273b7679f61d10db4306110

  • SHA1

    4d19cadc719b105a9861668ab0a9f41b553474a2

  • SHA256

    c735814996365d94afdf77e3adb83e0bbf422f2072051f16e45d219216e4ef17

  • SHA512

    7fbfebcfa8838079e5fe91d05ce498dca972da0369d0af4111bc7dc5ec28e86d35f6f9a9b344b1e2cb60ac02400190f4b8df8e75272a48f1d792318dfdb7153c

  • SSDEEP

    12288:qrWK46hnilM26ReJFOOpzGAXHakAbLtWSCwquxE9Yq:i546BilMZRqFOOpzb6kAbLQSC4W93

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 52 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-05-20 11.05.08 AM.png"
    1⤵
      PID:2432
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3268
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1104
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe8,0x114,0x7ff91b3eab58,0x7ff91b3eab68,0x7ff91b3eab78
        2⤵
          PID:2732
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:2
          2⤵
            PID:1284
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:8
            2⤵
              PID:5044
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:8
              2⤵
                PID:1800
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:1
                2⤵
                  PID:3392
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:1
                  2⤵
                    PID:1792
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3844 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:1
                    2⤵
                      PID:1664
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4408 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:8
                      2⤵
                        PID:3684
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:8
                        2⤵
                          PID:2084
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:8
                          2⤵
                            PID:424
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:8
                            2⤵
                              PID:4424
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4044 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:8
                              2⤵
                                PID:464
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4452 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:1
                                2⤵
                                  PID:3932
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1840,i,1638275125875237324,17687455108731302909,131072 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:484
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                1⤵
                                • Enumerates system info in registry
                                • Suspicious use of WriteProcessMemory
                                PID:4828
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff91b3eab58,0x7ff91b3eab68,0x7ff91b3eab78
                                  2⤵
                                    PID:736
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1772,i,5553284659825672090,13560173947681764888,131072 /prefetch:2
                                    2⤵
                                      PID:4672
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1772,i,5553284659825672090,13560173947681764888,131072 /prefetch:8
                                      2⤵
                                        PID:1528
                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                      1⤵
                                        PID:2928

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                        Filesize

                                        40B

                                        MD5

                                        bbdce7283f8c8e7d66ccf5cba06bcfdd

                                        SHA1

                                        c2e2d0145906f8992455ad7819275db251f1a482

                                        SHA256

                                        ac592c3e751c5521f73447f2f32b6d4fda91635f349431f89f975c1e3208537e

                                        SHA512

                                        b8fa50f8201bdbf43b9065e9a9f0ce5cc1a182ab5da6ce275afe823b3ea4cca84c7c43e7e09ec47523fda2013c8af5081656378326cc148c89eded6dd62e0a37

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        72B

                                        MD5

                                        5ba203eb65bcbffd32603a23df574cd5

                                        SHA1

                                        6adaafa0afccc8314d98316466797b381da5b1e8

                                        SHA256

                                        65e6af10d3c3ac3a5d432a3cba77f36b0e2bf7309635f73ad7607f4653c879a9

                                        SHA512

                                        e90f0d2e57863c3e2ab465da282545d2e003b7adc3dfc5ac420adb161c6ea743a73cdf0ce3b6bf57b541a9e51db9971e7838d3c69acab93d488dc4617f8cd357

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        2KB

                                        MD5

                                        9eeb67848a34847aca88a55e53852649

                                        SHA1

                                        bf4dddfd012c810b23ca02ccd5f3ba9e3a3ccb3b

                                        SHA256

                                        30485cf5889f4b4e9cb9468a6582c3bb1d7eac52166022284a850b6596d44d62

                                        SHA512

                                        38485b932a64f386f66f7a2cb8db2e4dab56cb878c522f3ca8ccfe8921a1c4db5bd7aeeff5d93c06038aa3d15328de506e778645eb83d42eb2c75f8a18b6a380

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        2KB

                                        MD5

                                        d8c0a5540fd59500e349e1b6930223f4

                                        SHA1

                                        1884a3cb563a1490f09d7c787dc178b4264eb7c1

                                        SHA256

                                        872372fd39e3edb9ee7e65b300eab9c620f913c41ae435e2ffaacba36c5ae651

                                        SHA512

                                        5e92d92685959b9a6d8fb5cecb7ba1300ed1d8dabbee6dbf1116dcc5eb7ce1fc0db429001037e0c52c700c0a760e16a6fe3cd5d766d5c34af346697723c3d384

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        2KB

                                        MD5

                                        0f16f84aa0839b51604fb112b108aada

                                        SHA1

                                        2572a54b5b953af0c36ccf4b9244b22ae22c6a63

                                        SHA256

                                        c2f9a386cec77ec6f21f85f70b5a84ac83a3d9b0b065a76236cf5e01b2fdc39e

                                        SHA512

                                        6b3a344e491753fd7f1ec09ab3c908af5ddb0964e22dcf9a09baa2798d0c336875ec6a036838fdb8bbfaa0b08455ea916c5e49290da4f8a8c7a49942b29f7cce

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        356B

                                        MD5

                                        4eb8cc30cece20f77c775c4ef376152f

                                        SHA1

                                        c60fb9e60a893d46b520965d7a1fa42e8f1489ee

                                        SHA256

                                        f094d61adfcd34e3cde59174899dfebf2592da6dad1d3a08331916335333faf3

                                        SHA512

                                        58380ac9d953c50b5ee56b62f764b7fc3ddfc48f55a63463ca3cf035684cef526af94762be8fd398bb83e13d14865f2da06722e607f039079048d2d3a1f8dd39

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        356B

                                        MD5

                                        44ad3e31593d451f773460c416cde40d

                                        SHA1

                                        89e4030e9b5cf8bcffba20a65069de839d549d7a

                                        SHA256

                                        3a7a76dedb22ab7774e7cb6fe2c6ad27fe5b1f47a9ce27812511e3b2f7d8cd9d

                                        SHA512

                                        b70866c8e4aee3794a4c6ee0b6644d34fe4a56547bce8f97d8b75cba525c1641c51c8bc3eda72fe2e64540c064406ac53ab14b04138e892146653f1db6a9bc33

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        7KB

                                        MD5

                                        ffaff37cc28d2a1f955452f4ed2bccec

                                        SHA1

                                        d24f46d72c49d197068fe7dc39c80b9e8188554b

                                        SHA256

                                        1b7ece5b47340db926602de5e441cb8ada962fa8d091bc352ffb4008536eeea3

                                        SHA512

                                        81a62a9add42b95722037e85770d7ce8ddfdf907aab45f10f65ee7ad57e8e1becae422d4295be09d980d1ec15ca9de69130c6cb30fe0351d170b8b77b4adedca

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        95db8c3b233c2690e0c03eac73529d84

                                        SHA1

                                        5665056e1a70bd50e6ae2f9163a7943fb6497e87

                                        SHA256

                                        81e17d3fdeb3b58676cbb59db17f455fe402cbdb3ef898734cec245bc4f717d1

                                        SHA512

                                        916734a4cad5484a0f4276c7b1df97fceea4affa4366feb724450ab2952e47997e78aaa5f5238aa07e89ec23209da934715ba64f0450a3bf8e52def94072e10d

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                        Filesize

                                        16KB

                                        MD5

                                        fa2cdab9feec32ecff7097b29a7fb84d

                                        SHA1

                                        5809f570e89d64b5b1f3ee543df35e890a78ba3e

                                        SHA256

                                        9fb56a9295b694b3fd9c74588a68e20c424c6f3a948068784c14bf00afae78e3

                                        SHA512

                                        1f190ccd954b62bee6f3a53ac6ae253c42cd984ced2769aa18b1141e98786b167345e66836a8fd887a6faa385985d732776cca06ebb0176ec3e80a1443ada50b

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        129KB

                                        MD5

                                        1a14896048c0777397f19f49dfdeed63

                                        SHA1

                                        3bab260949af64db0b903bfef1f99a25b0dc9443

                                        SHA256

                                        528112028431cc75e46a747c395c3e7042bce029cc4913e4f6747a7f3c8f5269

                                        SHA512

                                        7d47df62d25a7962340660720f7526d5be16a5f078bbcff09bc8bb152138e764851ad2a0f8a6e38dbd7df8ae86e8a9e287e505856d5712e84f666525c0af4ac9

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        260KB

                                        MD5

                                        f0ef100a5253eaebfdd4f4b35f34e7e2

                                        SHA1

                                        031f233c7701f326789fd96ddf44e7f986adde76

                                        SHA256

                                        3691ad51ed122de11b6e9bf0467254831b0bce2511417fc9c85a2e374b2457e3

                                        SHA512

                                        5fac18b36e460a85dc4563365a060699beba03cf48b62d740ba6d89acfbdecab324f168a5adf6542fe1686149cfaf45be40ccf793903ffa23d03338dd088398f

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                        Filesize

                                        86B

                                        MD5

                                        f732dbed9289177d15e236d0f8f2ddd3

                                        SHA1

                                        53f822af51b014bc3d4b575865d9c3ef0e4debde

                                        SHA256

                                        2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

                                        SHA512

                                        b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

                                      • \??\pipe\crashpad_1104_EMOFNWWEERSIWNVH

                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e