Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-05-2024 13:07

General

  • Target

    https://yasirusmani.com/?yas=YWZhYnJpemlvQGluZnJhbWF0aW9uZ3JvdXAuY29t

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://yasirusmani.com/?yas=YWZhYnJpemlvQGluZnJhbWF0aW9uZ3JvdXAuY29t
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4944
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa322dab58,0x7ffa322dab68,0x7ffa322dab78
      2⤵
        PID:3452
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:2
        2⤵
          PID:2060
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:8
          2⤵
            PID:4908
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:8
            2⤵
              PID:4884
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:1
              2⤵
                PID:4160
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1724 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:1
                2⤵
                  PID:4732
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3552 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:1
                  2⤵
                    PID:1080
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4100 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:8
                    2⤵
                      PID:4064
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:8
                      2⤵
                      • Modifies registry class
                      PID:3228
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:8
                      2⤵
                        PID:408
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:8
                        2⤵
                          PID:4612
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:8
                          2⤵
                            PID:3800
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:8
                            2⤵
                              PID:3684
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:8
                              2⤵
                                PID:1376
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2488 --field-trial-handle=1948,i,15820592761283227295,13071781777853726452,131072 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2308
                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                              1⤵
                                PID:2724
                              • C:\Windows\system32\AUDIODG.EXE
                                C:\Windows\system32\AUDIODG.EXE 0x498 0x304
                                1⤵
                                  PID:4144

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  408B

                                  MD5

                                  df8d266a34b596ca667ba1b92e985a93

                                  SHA1

                                  dc1f13a03b15c4f47b949e7f749e536d1bd85f7b

                                  SHA256

                                  6f91116b33a03eea2f30b20fdaabd28b94af4ce5d01556796f8a515cfd8c599e

                                  SHA512

                                  3ad89253283fd04be9422627847c05aedffd05303a12e716560fe9cd2d18c372fa911babc88918c0e1abe425edbccee97036ca260cd961bca39bc115f2c57e5f

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  3KB

                                  MD5

                                  edbef7acd7211133fccb535cce9016d0

                                  SHA1

                                  06f3823a82b9cc52a63c3b8418497decfdbf2715

                                  SHA256

                                  9dfe773b0654fa10c63d23cbbb9d3f3f501915c9e646d74bab4695359f21f5a4

                                  SHA512

                                  2dd0da41716b66201a451d9e1d25fbaf5b7ac372db606e25563401b1568dcaf5f179bcf2f06abc3d180a723438254d73ac7d5f8a8b007152cbfcef7206538f1f

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  3KB

                                  MD5

                                  9e4f89ba7907b32becca376e0cf9b042

                                  SHA1

                                  70dcca0459257412e2bf8f31291aea3acbb3d592

                                  SHA256

                                  35f5357c2b6837b51638c07a39f16182882e6a077a5bc3e6868df2eb943ea3ae

                                  SHA512

                                  88445826ea983658537001fbf4077fe79444ee2d6c5811beac6b904dd682c22a40cab07bfafa9f2cdd20b77da1513e82e229e1e8642874edd553e9d380b74163

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                  Filesize

                                  2B

                                  MD5

                                  d751713988987e9331980363e24189ce

                                  SHA1

                                  97d170e1550eee4afc0af065b78cda302a97674c

                                  SHA256

                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                  SHA512

                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  859B

                                  MD5

                                  04df516cd9e1ab56925e3da65f526525

                                  SHA1

                                  1b9412f3756ad9723c5e6284c3a416d9280a1004

                                  SHA256

                                  1845ee797d4f6d23e677be6b1c9ec483715b0d67bd55bed5256ea38093ac01bc

                                  SHA512

                                  ce049e43842468d6027efc91adcc28b3ee01370b0ec71ca42881e699eeec78149a31a87e29416df87da4a7bdeb26a0e891d06dcffee34244a79554bbfd4cd81c

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  730894962dfa7573ca036562ba890215

                                  SHA1

                                  f01ad63eb518fe38e3d50b0a5dc0d0450131fb6a

                                  SHA256

                                  3ed1a7e6b946031b9ab0744c23b6462c472862bfb1e5bc31cebbb632b01cefb0

                                  SHA512

                                  847b6c9bf870890d18929cb04964f299edb684e6826055fb6c776754217df58210615aa611019fccaefc7fb481859a1aa0b0a7f4840792a050b370f8fff09acb

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  d9a3425f32afb0991197378cd1ce5209

                                  SHA1

                                  9b65e2200a6d33138c524c47b3d8b2ff3ef2d5c9

                                  SHA256

                                  5a42e30d0ee27c79089d93ca48421e36d3ebf3fc9bad64c7fcc8a4b469725281

                                  SHA512

                                  fd67748010581e62fa19e843437da2e314c1025409804218b90a89f2d95d27374c7136b15b296e5dddff58e9b8b9e455d453b21b5021d73ff765e87eee189882

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  03c8d1e2ec63f6ad74c84db90c8bd809

                                  SHA1

                                  4993754634ed9952c9cbb1a4d9d334b7034db14d

                                  SHA256

                                  e27b89fad5254279ae150c6138c299c828a3ce70fe72f5915d8d1dd89c1ffbf3

                                  SHA512

                                  066e8e44e96dcd42e04c3e58461b0834b666f1c970dca7f2db363f7d9250eff180f635d97120df6c86d24ad982e1222f9a1002b6ebe6c924d5fef79df4c5d224

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                  Filesize

                                  56B

                                  MD5

                                  94275bde03760c160b707ba8806ef545

                                  SHA1

                                  aad8d87b0796de7baca00ab000b2b12a26427859

                                  SHA256

                                  c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

                                  SHA512

                                  2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5746fc.TMP

                                  Filesize

                                  120B

                                  MD5

                                  87fbe1fc8d2ff80b0025f80b9a896253

                                  SHA1

                                  b6a18e35aafab3112c11fdf4e831830ec03764ee

                                  SHA256

                                  10e11d55100cb472e0f0750069e405d3c31e6e47df8291652e3db4b2c34cf4a9

                                  SHA512

                                  0c88a5af302a2e557e0f8250967147a8014d8614d70c32afe1f363a74d038899f4612946cd4386487ef25eab4ce599321394b7785bc8563bc4c94c82b0604c72

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  132KB

                                  MD5

                                  37f1bf695c8ca93b4a64b159310649a0

                                  SHA1

                                  d9a675d8991d23db5022e6d5de16342c4e73f7c7

                                  SHA256

                                  788d3c4b6a5753774edec6735ba0c49ae61b8b66b0c6104de229e5ff513bcac2

                                  SHA512

                                  ba202a5c0668810384461d228a078aff53e681e79d38f0dd9b2cbae260907fec5d53fc3ca73f1dc329826c859ec5c459214959770943a67f2f1e9e436ab4354e

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  174KB

                                  MD5

                                  c03a6c081a660fae865ebca150097ef2

                                  SHA1

                                  e0fd0c5e59f6633032685439b75b6f6c52923d53

                                  SHA256

                                  f30075ced28bc79e6bda4cb9b53ededf0fb821d60bda8eb236d75b449e300eda

                                  SHA512

                                  1807e531d6c1ef1b25787429e8072acbc2a17b90aa68d749c80dd327ad7fd040996bc5920028e9235fb0790ddf1bc0935eb0d9301998a67bb38b98e9ef0784db

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  131KB

                                  MD5

                                  cdbdd90b763b5f31732d86489a0ccb0f

                                  SHA1

                                  2f2d8104c052b4016c1f2adb6e58780bf69b3bb1

                                  SHA256

                                  9e72fdb4b8b14c596d41934b8388f968112f97a1b024c05d5a417f60ee87bdb1

                                  SHA512

                                  9ebe8d0641423e26c53873584c468c60bf5dc64d8cef0e7b7161dbad27cc8ea74d86359e2e29e4d670af019186fc690173f947399d97aa5b2e22cadd9a5da075

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  131KB

                                  MD5

                                  528470d1ebf04fdea59e116d33755158

                                  SHA1

                                  7598b9e582c918d64b0dcbb78a31cae142bf4922

                                  SHA256

                                  7e3ed973f2442796c08c43249bb3a5e8996193dfbd402df17359f5f36bc95992

                                  SHA512

                                  3f266859ae69889c570a13a9de4a81b62a6f9288090466f2e4d12a152f56cbb966284a23f5eea25bf3e96300a58f3eed5cad73942e4a23c330514cac1274fbae

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                  Filesize

                                  91KB

                                  MD5

                                  a16b99f38fd1590064bd9780d865a32b

                                  SHA1

                                  cf4122cd86560be73d9eba6b18e3b250f6ab00b1

                                  SHA256

                                  0d56952e1f7bf434ba7cfbc90cffb11249099f71b02a9cf3fc0d9536959549ec

                                  SHA512

                                  23f7216305250bcc1196ff7a8928517ef769aa2c6c381f88c4a90053ee4363a9ac2da2fd873e3cf5949f821df0430d8dfcd5bae499c29341208f8d960545f18b

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d6a9.TMP

                                  Filesize

                                  88KB

                                  MD5

                                  57d152afb3adf7e54d3d1d90c020e51d

                                  SHA1

                                  0d96e2c80fe4ab94f2f69c26bdc192b023b673ab

                                  SHA256

                                  b79ca061dd1bdb963ed7a094a7c89ec3fc61d783aabba86724b31ccff5e21a8e

                                  SHA512

                                  2d6a973f17e7dbbbdc3544ae680c530e18e74f0e8a0c3a6702824a686fbb0618a7180c78174234e05afbb424afe376d27d34b3dd4128565f48b6bd30d7b468a9