Analysis

  • max time kernel
    127s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 01:10

General

  • Target

    A_Bored_Guys_Adventure.exe

  • Size

    638KB

  • MD5

    e8d64c4f4a60e01478ee4743ed274000

  • SHA1

    a8cb531195cfd7cc5e505474762830276afa5486

  • SHA256

    285f49233b3fe38b081bae7796417c87144e79443dde0701a157f75135c07bea

  • SHA512

    a5f713414ff8e519673879e078056e19ac8190851d2ee478396ef581654d1de892f40a017ccc650ff58618ddc776972c5f9f13445c8336adce500afb5a3c5722

  • SSDEEP

    6144:yEbaWnBUC5bze1ov2Ms0mtVwsnIH5LkKQgF3:yoCCFe1c2XB6wIHx9J3

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\A_Bored_Guys_Adventure.exe
    "C:\Users\Admin\AppData\Local\Temp\A_Bored_Guys_Adventure.exe"
    1⤵
      PID:2276
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3600
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4312
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4312 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1956
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1832
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf9d6ab58,0x7ffcf9d6ab68,0x7ffcf9d6ab78
          2⤵
            PID:1928
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:2
            2⤵
              PID:2124
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
              2⤵
                PID:5060
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
                2⤵
                  PID:2392
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:1
                  2⤵
                    PID:2308
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:1
                    2⤵
                      PID:3600
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:1
                      2⤵
                        PID:1552
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
                        2⤵
                          PID:4364
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
                          2⤵
                            PID:4592
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
                            2⤵
                              PID:2388
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4316 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
                              2⤵
                                PID:2612
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
                                2⤵
                                  PID:2992
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5008 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:1
                                  2⤵
                                    PID:2040
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
                                    2⤵
                                      PID:1472
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3956 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
                                      2⤵
                                        PID:1484
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
                                        2⤵
                                        • Modifies registry class
                                        PID:2020
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2944 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:1
                                        2⤵
                                          PID:4312
                                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                        1⤵
                                          PID:1752
                                        • C:\Windows\system32\AUDIODG.EXE
                                          C:\Windows\system32\AUDIODG.EXE 0x484 0x300
                                          1⤵
                                            PID:4592

                                          Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  a75e18dab92df16602b0cef3fbf040cd

                                                  SHA1

                                                  beccd921f4532e1be3b38e262cba44687ef09506

                                                  SHA256

                                                  e15818b2538668a6b27ecfcb4b9abbde89c295cc4b11c42374a6e3ab97b3eb02

                                                  SHA512

                                                  4881c34712ba33efc406a66daabf978ffcc3c4f1a31196f24f7f484a157f4ea1b8edbec3347b5636bdbb91dc32f33458d3af73abaf358466e8acf3c2d6cc85f2

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                  Filesize

                                                  2KB

                                                  MD5

                                                  ab2614b82e2efc2f37ffab152e7f2539

                                                  SHA1

                                                  90b837c0735321b6a304a55a69a9751c98a1430b

                                                  SHA256

                                                  55be82be9a1ac355049c88b6a75ad213e7a7b818a92c84b4fb2e4173174af299

                                                  SHA512

                                                  2a4bda2d70d9136d40bef17f74dd3a44b98659f7b89f2b6c197e9d8d377ac5e316edaa5a861a9b7dbfa22b0eca3aaf4fbab6f66f4d944ef690627c7a1eaf03cd

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                  Filesize

                                                  4KB

                                                  MD5

                                                  eb5480f28414d96142749b179cc2fb79

                                                  SHA1

                                                  894840312b94ae2bb2c4264a29472ab13e0a8578

                                                  SHA256

                                                  7856230815886dd3287d1f46fa41213c7fac0b53c2f22e65a10bfd07e130b1f5

                                                  SHA512

                                                  ef3860f116ec0711c02bb990b353d643ddc396d1b14d71e003fda15c9fa66c428fac06046f0bb3ae0b9c0c59277388e6aa08f59665cdd25458d2094a136a5382

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                  Filesize

                                                  2B

                                                  MD5

                                                  d751713988987e9331980363e24189ce

                                                  SHA1

                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                  SHA256

                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                  SHA512

                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  2KB

                                                  MD5

                                                  72093c4d0373b0f60989800ce06ef544

                                                  SHA1

                                                  0480d35320f5fe48ce17fd4518f4ded2a608c588

                                                  SHA256

                                                  278f1dde4b1f96ab611dfc440c5c15451cc2d91da3448d3abd18804c4329393d

                                                  SHA512

                                                  236e5058e0a5d937b097fd4f8c519c84665b3570ace85ef3803e66605e18164f9d486e227e89c125396c67d86c478319479e686a6ca1bd15f1b1070e60dc989d

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  81d915319085d34e11e17c8e2c065a7d

                                                  SHA1

                                                  ead7638aaccc75f625bc4de568a54382c4b2ad33

                                                  SHA256

                                                  c73ea4811dfcb6e1d08fc695442c4319080ab1311cf27eebc094670d5b9f26a8

                                                  SHA512

                                                  bd7df44487b197fea1b4e9bc3163c5b5ec2ca1f9bed314d8846f36e90fac53e521ffa359e535f902b28743771509feb09c6dd4e4219b50ee03d309090d9bd992

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  a8ecef6d2b90287d8b7cc5036342e8f9

                                                  SHA1

                                                  27fd3f2dc6674a8ac087f8c5e276659e15f93486

                                                  SHA256

                                                  75b652aea049488c6fc3b66e1d652d74d9377bb2f4c255dde2e80551afcee254

                                                  SHA512

                                                  c15ba657442a7768134945042aade7739df48ff153dae9c570f0f7a64c32904948221c9757d67526d17013b300bd88408a8cb6a113c55639355e2de8980c9441

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  164be9506fe608a99d132b4a9dd33bc1

                                                  SHA1

                                                  074ac4c767be45363cea779e39dd3724fb75ac83

                                                  SHA256

                                                  5550e700bab3cd2313b381829d96b8d581fe9066a673a5ddb4e43de4f7074616

                                                  SHA512

                                                  6e6257a84e9f8bff107d085fc91bcf07c6e1ef4bf495e7c19e4eb6ae0b7eebc2d527bec02ec090000d617c9747150cb55cd369d9f5f8576589145f85dd4b0bdd

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  2KB

                                                  MD5

                                                  a0079a74343b3f9bcf8d8f9ea80d78af

                                                  SHA1

                                                  3153b70d21b54bc9f4c48ef48160dd06bd934713

                                                  SHA256

                                                  063cf05d1fcc1a704577f0e36a008386c8fd4e1b1a07eee7eb8ebdebdec8551a

                                                  SHA512

                                                  6adde41e1661aa272d360433bdfe181c81174217613772d5fdddc49f883240020d11d01fdcdff657642882718d5e5cfd70f4ce5e807ffb5046e55f3a04121a8f

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  2KB

                                                  MD5

                                                  2397920f033aad59a961df57cd20f430

                                                  SHA1

                                                  269734e81e8dfc0b8a07a198115b19f62f0ac090

                                                  SHA256

                                                  a859db109b25721115d02555319708372fc71693552eed18c9bfafacf0f91c52

                                                  SHA512

                                                  cd8408b80296e3d8435ab95bd0ec73296730b2f033245f77cb2558425a0d35b1a98457e46d581e93e2f3c48838a168a2dd4cf6321e2bc23d342254a9100f35e2

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  356B

                                                  MD5

                                                  b5dd276dd7afeea110dd12d6b40eeb46

                                                  SHA1

                                                  f90aee2d680d4d2294699fb16f572150f0fce34f

                                                  SHA256

                                                  ddebf07baeb6648f4d2cfe6cfda3b79e030e1a05fe5bcec846fe4f0e52f93bf1

                                                  SHA512

                                                  d27169bd7ce9e4b0f89fc86780f7153a1bc57434fa829ce54283ab3c2ae2741d1f94b7c91938914d6fc3502d611275f450fc1aa041765fc2bbbe8ee31025503a

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  9bb57120d92e117d9ebc23b6f34a3a3e

                                                  SHA1

                                                  3aec12360355a3b1ed755dd8d49a8b7b1c47d678

                                                  SHA256

                                                  d817edf7411662fb49922d4b11b01cd924e71f650ee0f843f395f116a23bfa15

                                                  SHA512

                                                  f1d1661b8790bb8ab555219297b50bbc7f85c30b7f0066ee3d8ddd1e07f1a0e09bb4b6c7e0157138866d3b231b82c7bfd95d3559d5a18689651f72a1b82f6d83

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  7KB

                                                  MD5

                                                  00c70858b68a63cc02e252a8a5fc585a

                                                  SHA1

                                                  985e00233471c2a12924396ffb74e201179b3693

                                                  SHA256

                                                  c1fcebbdb1f1d4413fdbb8bac2eba4dc3f6fb2a0476cbc06ed9ecff3185003e4

                                                  SHA512

                                                  09d8f60aa6ca5f2cc1384bb451d08c45c2d6af692c818a545b665b6bd06dc4ff45453d0600957218d0564ae1880caf709c82a316ccf27eb4462a1c31a658c8a0

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  7KB

                                                  MD5

                                                  749504cc570e6e9d8c137fc27a2650ae

                                                  SHA1

                                                  c52f9f7e4a94b873115d021b5aeaa202f469e81c

                                                  SHA256

                                                  39e9fbbd2c9c5bd8b3fea91c7318177606d48233b1ab9edb3f0d621fad1503c4

                                                  SHA512

                                                  fc146aac821d6083160acf122cd0c26bd09b13c785104dd8485fdd83dd7c8367d4d30d5507f643f5c534aad55fa5c6b99a012ec89a914bf89eeaac73b99e8e72

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                  Filesize

                                                  16KB

                                                  MD5

                                                  dc83aff873a02f86824f3c53032b4ca4

                                                  SHA1

                                                  553681e7fbf54af8e7f2f0babab5adb32415a9f7

                                                  SHA256

                                                  d78b899b6060b677ec5a5f553e51b2d9d006f96e12ad462f6300e13e1f5502cf

                                                  SHA512

                                                  0f3abe63221fe5763d69030417ff9a2393cb0d1911fac103f2fce4c1047fd361c813b5b9622b3f83f8f56a7defe205652594b03907ffd6b085e612535ea18661

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                  Filesize

                                                  260KB

                                                  MD5

                                                  88099c368b9980cc7d1301b1d771c080

                                                  SHA1

                                                  6397a0ed57b2df9b55c84ed54da9468747ea7717

                                                  SHA256

                                                  f803346be062baf86bfb3ae9b246dfddd1dd9852bb94fca80ebcd2bfc7f77a43

                                                  SHA512

                                                  e16e0bc8f90f985a262b51bf69fd8f6c34ddd5c14361b0b1a2508b850a08b5a9c210454be2794a7bace165f7a7c9e021c54387c7d20a0ac7983174c7381d169f