Analysis

  • max time kernel
    303s
  • max time network
    305s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 15:47

General

  • Target

    Dominios SPAM.txt

  • Size

    404B

  • MD5

    535403107d55d62430b489e3940b5554

  • SHA1

    da276f4d80d76bfb003b2707e576e51da93e9dbe

  • SHA256

    3203d4e4c83c28e405e23523d7075cf0c89be92579dc4cc3bbd6846136bd6b2e

  • SHA512

    261a43908516ae40a31b5ba135c2195c46281d94ab0b19f8358290fada74b180c7b966f17b2153906e035484bdc74205959ae0556dd0b7427e47be11b3c67d95

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Dominios SPAM.txt"
    1⤵
      PID:1612
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:3544
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3104
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff82d7d9758,0x7ff82d7d9768,0x7ff82d7d9778
          2⤵
            PID:736
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=2004,i,13843051845436303829,16195083071152774299,131072 /prefetch:2
            2⤵
              PID:5008
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2004,i,13843051845436303829,16195083071152774299,131072 /prefetch:8
              2⤵
                PID:2280
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2292 --field-trial-handle=2004,i,13843051845436303829,16195083071152774299,131072 /prefetch:8
                2⤵
                  PID:1336
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3252 --field-trial-handle=2004,i,13843051845436303829,16195083071152774299,131072 /prefetch:1
                  2⤵
                    PID:1452
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3272 --field-trial-handle=2004,i,13843051845436303829,16195083071152774299,131072 /prefetch:1
                    2⤵
                      PID:4196
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4704 --field-trial-handle=2004,i,13843051845436303829,16195083071152774299,131072 /prefetch:1
                      2⤵
                        PID:1788
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=2004,i,13843051845436303829,16195083071152774299,131072 /prefetch:8
                        2⤵
                          PID:3484
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=2004,i,13843051845436303829,16195083071152774299,131072 /prefetch:8
                          2⤵
                            PID:4932
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=2004,i,13843051845436303829,16195083071152774299,131072 /prefetch:8
                            2⤵
                              PID:4444
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=2004,i,13843051845436303829,16195083071152774299,131072 /prefetch:8
                              2⤵
                                PID:3484
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5608 --field-trial-handle=2004,i,13843051845436303829,16195083071152774299,131072 /prefetch:1
                                2⤵
                                  PID:4644
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4896 --field-trial-handle=2004,i,13843051845436303829,16195083071152774299,131072 /prefetch:1
                                  2⤵
                                    PID:5304
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2660 --field-trial-handle=2004,i,13843051845436303829,16195083071152774299,131072 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:6060
                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                  1⤵
                                    PID:4384

                                  Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          168B

                                          MD5

                                          d09cc872023e557dca3d052ac7bcf190

                                          SHA1

                                          d68f4204234eb9bab80857c89ac48e9fbc64f3c7

                                          SHA256

                                          794dfddba25bbb9766e3ceaab4a08d733d31591e741f6128f20bcd80fda96c3d

                                          SHA512

                                          8a6e3fffdbe645e70e6c81a979e2efb799b01967c382963838caa771a0a9ec00c76ed2fa7e2c63753a64d440654edde661d3bfeb5b91f162a0aab86d90172973

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1eff44bd-af9b-4ecb-9e1f-62aad4629c75.tmp

                                          Filesize

                                          2KB

                                          MD5

                                          bf613cf13245af1df2565b7a3dc56833

                                          SHA1

                                          6f0d70aec309ff93e2bb2009387abf797bdbfe15

                                          SHA256

                                          38583492390f126ad2e4893d6f751a17f30e875d59cdfe3ca65ab17dd789c850

                                          SHA512

                                          b30e7c9a0aac2871baf400c96c743ade0d51c0586cf048bd5de738e9c209ed8af6a4a516e112dcd3a2325a1421e1132e22a1559cc6e1e8c90650a12d939cb06c

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          1KB

                                          MD5

                                          d904a25b9c63f257b8ddb24f78304aeb

                                          SHA1

                                          bacbe182ca9499227e4ee2a0a0708d22f32c701a

                                          SHA256

                                          cc346816447ea74a140a8e6ee2c1b88126d15f817780c3a67b57a2c9b252cf33

                                          SHA512

                                          618d1d94b4abe6a1066c5aea129ae0e003f8028797260575afcc098a3d0a792db5808d91e8f7e846d034f60011e12e7d47e2af15cf31b0c197a0e139b57ed9ce

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          369B

                                          MD5

                                          a9f4bc92a69fdf2bf05127aedee396aa

                                          SHA1

                                          e48a6c9e5391685e8fe37564e7ca42c4ddb11e52

                                          SHA256

                                          05d51cd63d31751e939dad53da7a5620090b4f0bfc4063e23cf6f63c0d41886e

                                          SHA512

                                          404a733829914eb0dcafa0248e611bb77877209ee242c146f3ee3d0d9e4b1ae214f8872966ed4d4f1e31d660882b18189b7d866d84cd6308a19db17e70284822

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          5KB

                                          MD5

                                          0690854c0c5cce5033b52bc352455efa

                                          SHA1

                                          e11cbac061e437e40f2ac00032ad4b7bd462f2a7

                                          SHA256

                                          f46088852ea8a55f739f0687ae87e95e4a13bb8d453c94fbe0e62949401ba849

                                          SHA512

                                          f246eed0c979a994baf65eda28330b8e4c47baa59133fa9d25d1cce782c9619e9d0d858170d62c51bbe15ef8fa6373b99d14f69cf2ed790974d95a8febc6a9e5

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          6KB

                                          MD5

                                          17f7d23190f9833fdf9602d9c9324ba8

                                          SHA1

                                          18610490008551e7dbd073fbb083383a3d795dbc

                                          SHA256

                                          1321e6b85bb6de5a6b70b3df95692a9002282f7d5e2245e0ece7407e9ed27a00

                                          SHA512

                                          f2d1d84a87c523945e5fc563d2b41710b5753919f1322276b2a71eeacddd7665cc3cf669f2996f7eacbafe747815402361608b54f46560ac1e602976e794e9a1

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          6KB

                                          MD5

                                          bcad883874369e2cbd56c884de6762ee

                                          SHA1

                                          3c87c3da9603995157bd0c9221ecf66df70dd61c

                                          SHA256

                                          2d713174dc42cdfc1723129e833cb34726ce2d2a1a5e73ba6ea65ed925e13671

                                          SHA512

                                          819728100578d91752b6de1e9f271ba2d6e89d9d4bc29fef78e6a1a2fa89295a951661c86c6e1ff55af02cbb5f43955301f8a27ade3dd60013d42098685159fd

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          6KB

                                          MD5

                                          543b4092ae9e987c76a97d5bd24ad319

                                          SHA1

                                          8addbb560814df2068fb74c5d83ef2b0a6993139

                                          SHA256

                                          79c28418f760adfbbad7189169f64f1ca47d689c1b0aa158ac4b2aa331b3b467

                                          SHA512

                                          0142eb68cda9d8ebb93393071d0bea97d6ddf10dbcc7c7e7717dac2163b986650120ba1c8716b7a7cf86c0a5552fd2da44d7bddb8699b7a1dfe169e5e03d1594

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          270KB

                                          MD5

                                          17edd9eca04635efe804315b8c46d839

                                          SHA1

                                          236f7befc5f6fc2e9b977207399e5317f1db0c5b

                                          SHA256

                                          39cf694bf3b0adfc9715473af6392b477444754770e236f2ed9f4084807dd283

                                          SHA512

                                          0a0b7134288b237b9e245a81c4ca42b9a102906e9cf9bf32aa562da5c47c49c7348f9007e40e566dd1010585180d0b7794d609a8410401ce7119c5de5156cb43

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                          Filesize

                                          2B

                                          MD5

                                          99914b932bd37a50b983c5e7c90ae93b

                                          SHA1

                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                          SHA256

                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                          SHA512

                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd