Analysis
-
max time kernel
1799s -
max time network
1688s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-es -
resource tags
arch:x64arch:x86image:win10v2004-20240508-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
01/06/2024, 19:42
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/folder/56a9nb4a4dt0h/LOL+Skin+Changer+-+R3nzSkinMod+Free!
Resource
win10v2004-20240508-es
General
-
Target
https://www.mediafire.com/folder/56a9nb4a4dt0h/LOL+Skin+Changer+-+R3nzSkinMod+Free!
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617446384345065" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 336 chrome.exe 336 chrome.exe 3804 chrome.exe 3804 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe Token: SeShutdownPrivilege 336 chrome.exe Token: SeCreatePagefilePrivilege 336 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe 336 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 336 wrote to memory of 3376 336 chrome.exe 84 PID 336 wrote to memory of 3376 336 chrome.exe 84 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 1136 336 chrome.exe 85 PID 336 wrote to memory of 2584 336 chrome.exe 86 PID 336 wrote to memory of 2584 336 chrome.exe 86 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87 PID 336 wrote to memory of 4848 336 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/56a9nb4a4dt0h/LOL+Skin+Changer+-+R3nzSkinMod+Free!1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:336 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff847d6ab58,0x7ff847d6ab68,0x7ff847d6ab782⤵PID:3376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1900,i,6123938649157094260,12070888243579686133,131072 /prefetch:22⤵PID:1136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1900,i,6123938649157094260,12070888243579686133,131072 /prefetch:82⤵PID:2584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1900,i,6123938649157094260,12070888243579686133,131072 /prefetch:82⤵PID:4848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1900,i,6123938649157094260,12070888243579686133,131072 /prefetch:12⤵PID:2600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1900,i,6123938649157094260,12070888243579686133,131072 /prefetch:12⤵PID:2808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4100 --field-trial-handle=1900,i,6123938649157094260,12070888243579686133,131072 /prefetch:12⤵PID:4400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4340 --field-trial-handle=1900,i,6123938649157094260,12070888243579686133,131072 /prefetch:82⤵PID:756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1900,i,6123938649157094260,12070888243579686133,131072 /prefetch:82⤵PID:1336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3256 --field-trial-handle=1900,i,6123938649157094260,12070888243579686133,131072 /prefetch:12⤵PID:5048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1544 --field-trial-handle=1900,i,6123938649157094260,12070888243579686133,131072 /prefetch:12⤵PID:4460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4664 --field-trial-handle=1900,i,6123938649157094260,12070888243579686133,131072 /prefetch:12⤵PID:3164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1900,i,6123938649157094260,12070888243579686133,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3804
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:5092
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵PID:4184
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD590826ed9aa787ef7dade22dba4bde88b
SHA1b181977ebe4fa1945d121cf5539013781214a9e3
SHA256f8e1874f6c4f4dddfc8b75bfc03223fa71a279175f9defd07976d4fed53ea590
SHA5129a0088ce586a6b82509b0842a5cfea77eb58b256d43d47be7946bfc0d8a8680bed5d9cd092b79c0bb54ba6b50f3286f1e4e226cac3f508a7963176c79eac0b34
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD566d805791c08fc38d9859ca222d7a26f
SHA19d8dd5d7b71f47c185677ccde22f1dc9f8dec3ef
SHA256b55f244d3ddd47913048ee0027f59d1128188c42666e77f8b374454cbfb9a470
SHA51292fe8567980a7a691dfc8e5fccff969a95b57a1a26ea49bb9b7ebf86c9cd86a488f43a10ef0af353997e779aaf40ee68fa8570324b72835a1e0f7f889805551c
-
Filesize
7KB
MD57dd819cdfa3d1326a505e6dd116bb8a1
SHA1089ae53206765252c66c601a5b36775e827fc9f4
SHA2568150a55b799df3d70baf57feecb3722b22c3e0d9393fbb337d0589a0df5956a9
SHA512fa1a8de8bd82ad4eb50e50a43b29cfc67686382328f6cb9485c84c66fe72fa3de5b4473cca429db319111e670f5eb6d8cf1c18e6e0a9c53f9ad4c5753bc31c21
-
Filesize
7KB
MD5eda4e9221c74d138ae7de7c07eebee19
SHA1d1453830854b91be695c84ca8b92f4aa36241c37
SHA256f4d28c11f3923faa4d537a4ea0ba93f4bf876437bfeee7635941f4e51dc5207a
SHA512c4cdccb1a4546d67cbd9274af35e48c003641010e64f517288e60b08e88c5877ca863e94a9906b3f7e8e14c8eff6434c0771d9fa5a655976410796dc40fb0f81
-
Filesize
7KB
MD541da75ee2d7afb03f7f56b34c441f54c
SHA1f4a4f0973b3f507bfcf410ab84085a8be8acd007
SHA256861db05c2199496e45f7da26723c91b85252a126234d37e5efa3ef0afda27f77
SHA512d404be7fae0ce8661b564892664a82dd15159faccbd617ab822196a3630226eb2da58fe65da2336fad4e30aad841d6196dd247599997d3e51163d8100d055a11
-
Filesize
7KB
MD566c7f12c48c30ede10e474d43e55f936
SHA1db588b5660a9d783e78ec0b7f9ac5a8e13c71e51
SHA256ff420015be0fd81a05d5df86147e26b7f080a4e1a5c50404e470d961144397f2
SHA512af5b0b61597a3502fb78a64b1a152d931edb0cc82681d50bfa512522e1aefd62afd226e2e0bc6f49760e78851f0cbf497c99ff0a56014a2913e90a032e4f9df4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d60098a5-2ad3-45c3-96c9-4774fdbe0141.tmp
Filesize7KB
MD52cd6d1a27aa44ca4e208f350c32c28f8
SHA184e945df3b4307f30ac2a908bd63577b08e00a61
SHA256256b75724d0b1d31f57774e16737e88023e43324c09eb064e40c9a2bc564dd8c
SHA512004c75f7ea22512aa1184d2d1a3f27d2c468acccab12761de952bfa9764cf7970dabe3cf4944ef2e50c2b6e4f70c8be7e09e3731d04c7cd579552426a0563e00
-
Filesize
255KB
MD5c109da982dbc7525789e49b18447297a
SHA1831d2d26990b45594c4f50a5f0fdcfbbcf48c91b
SHA25667cb6689e74e36a125c8306058443008595bfdf13858fd3650bb600aea20c7f9
SHA5128553fa5360bedb91175f46a4687c0cbe2c5781751b73300fcdbd260808b61e8f46b05521b28d59902e1498dda4be8b1123e7e0b22a7f98821bee28147d96f149