hxxps://store10[.]gofile[.]io/download/web/c5c0e9e4-f335-4226-8f3a-cc1728b9c181/Comet[.]zip

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://store10.gofile.io/download/web/c5c0e9e4-f335-4226-8f3a-cc1728b9c181/Comet.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610542912868576"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4652	chrome.exe
4652	chrome.exe
3340	chrome.exe
3340	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 4980	4652	chrome.exe	83
PID 4652 wrote to memory of 4980	4652	chrome.exe	83
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1224	4652	chrome.exe	84
PID 4652 wrote to memory of 1236	4652	chrome.exe	85
PID 4652 wrote to memory of 1236	4652	chrome.exe	85
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86
PID 4652 wrote to memory of 1168	4652	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://store10.gofile.io/download/web/c5c0e9e4-f335-4226-8f3a-cc1728b9c181/Comet.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0f55ab58,0x7ffd0f55ab68,0x7ffd0f55ab78
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1900,i,9383880594996891740,14859483442394308992,131072 /prefetch:2
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1900,i,9383880594996891740,14859483442394308992,131072 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1900,i,9383880594996891740,14859483442394308992,131072 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1900,i,9383880594996891740,14859483442394308992,131072 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1900,i,9383880594996891740,14859483442394308992,131072 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1900,i,9383880594996891740,14859483442394308992,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1900,i,9383880594996891740,14859483442394308992,131072 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1900,i,9383880594996891740,14859483442394308992,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1900,i,9383880594996891740,14859483442394308992,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
72c6731ac8097ffd96286194629d3ab6

SHA1
6dcb08f2d516bd3976dbdd4657c36b386b5e290a

SHA256
3bb80558df1b7d054d5bdcf190598b088bc396d24a802ec2513224bb5b737a30

SHA512
0937d2ad09e35c7d4a59ef25c1e57c80d4c503ab3b2c0ebb481e7781e84a6b1c95e63906d050b56a91bd7ebbc01f3260b9c10f041a1174fc9540ecebcbab6054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
35f91e9f4ecad3f4b2a68cd59eea9a30

SHA1
03bea3a138dbfbd269ce4e84627c8dc8877fb056

SHA256
35bc6153f17f8d069ceed83b51cb65ad9e1e4f1cbe6116efaf105707f8f8e799

SHA512
bd4547efc6e801262024a2a9f5206fedfe706021444301786b3eff678894ebba697925b4d2549ba6263e2698547577420f1c2d4f2e4cc5db0d6eadf05ccd25c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
34be4446ba2cc70ebbf4cd8757b71e3e

SHA1
59947b85cb0110d2f0a062e941b1ca73198af732

SHA256
fdb6f7ca59fe17954b9c1ba76f026ae369a3e48f2c798858672afbb2216fbbd5

SHA512
50545e401a2241593ac524cd4b51a2994f5de9d6dbb8639518b599f0ec4faf4048b55c293db173d5ad88f014df27f042937158feb2ef6fcd98f5f5e155568648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
36be949b76145f83ee136d4f77056623

SHA1
a051c33b51ae8705537b6ae38ddd014e68c2ebfc

SHA256
c787c7b7ae3c1229ddb21a33b4de34bc982473074b2177f3bb43916137322725

SHA512
72c030835c04a3379b18c459fa3e8dc31155ead229a5d1d8a51af9db84fde61b4395f7af9d069ab7386676dea2ec0b19c10c12a492e0938d1fbef1f79952f132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
92206aba8f1fcb3c4b7ad8a610057434

SHA1
aec9eb2b2972b29776c34369640d3135f2f3b15c

SHA256
10f7dc09527de978b3196fd10d227113becb3909bd94121089dd657eeffc722b

SHA512
38483190500a0f564ffa03a71286f3867158dc51a20141da933960b2c6d7bf8edb68857bf79487fc5615a810ec05b4e840a4ef86d1f35607834ddc41ae913339

Download Submit