Analysis

  • max time kernel
    1799s
  • max time network
    1699s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02/06/2024, 04:21

General

  • Target

    kirryt.jpg

  • Size

    55KB

  • MD5

    76dd21f3730ef67850f8fea9649e73c4

  • SHA1

    b55724886b5b18d49a9145d14866d0216fd5da63

  • SHA256

    0f9e146f16fcc282425b9b43a42ffd0bf405af2b1fda6f02d7630bd7ab3b319e

  • SHA512

    1d6392449ae356938ff58e50cb8fc3f835b240df6098381a7dd419a421223725b676c34219f7f9811c660052b87b70ef4835011b3fb93821f22d205488e7ccf0

  • SSDEEP

    1536:xRpHKR0u3DI3wI6u9FbdLACrNMozajPiKXNbWjQ9aN9AR:xnqNTIgIrEENM1uKXNbSQ9as

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\kirryt.jpg
    1⤵
      PID:2132
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:5116
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc6dea9758,0x7ffc6dea9768,0x7ffc6dea9778
        2⤵
          PID:2124
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:2
          2⤵
            PID:892
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
            2⤵
              PID:5096
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
              2⤵
                PID:2324
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:1
                2⤵
                  PID:2056
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:1
                  2⤵
                    PID:2860
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:1
                    2⤵
                      PID:3636
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
                      2⤵
                        PID:2768
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4408 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
                        2⤵
                          PID:2060
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
                          2⤵
                            PID:224
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
                            2⤵
                              PID:236
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
                              2⤵
                                PID:4164
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:8
                                2⤵
                                  PID:2524
                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
                                  2⤵
                                    PID:3216
                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff629117688,0x7ff629117698,0x7ff6291176a8
                                      3⤵
                                        PID:2316
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5208 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:1
                                      2⤵
                                        PID:4780
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 --field-trial-handle=1796,i,16084079199198634964,5737191401747800466,131072 /prefetch:2
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:2008
                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                      1⤵
                                        PID:4320

                                      Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

                                              Filesize

                                              206KB

                                              MD5

                                              f998b8f6765b4c57936ada0bb2eb4a5a

                                              SHA1

                                              13fb29dc0968838653b8414a125c124023c001df

                                              SHA256

                                              374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

                                              SHA512

                                              d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

                                              Filesize

                                              24KB

                                              MD5

                                              1fc15b901524b92722f9ff863f892a2b

                                              SHA1

                                              cfd0a92d2c92614684524739630a35750c0103ec

                                              SHA256

                                              da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4

                                              SHA512

                                              5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\08ee0b0c114e0941_0

                                              Filesize

                                              19KB

                                              MD5

                                              a6bd72609cf5c30f713088b29b4817eb

                                              SHA1

                                              e665e669d38b09c928149bef42ef6673cbfd5ed2

                                              SHA256

                                              3b4508b092e7a271d371d620384c720e5cdc7d5326fa54c97458e7965e8c44cb

                                              SHA512

                                              8e7d4681d8ed0072f175d1075d5c832374f021c449ca5e1411dee464513119cc5eb7e391cba676720fc2288baae46f75cfb0df66f50230e886192fef44b02304

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb8d215b33972983_0

                                              Filesize

                                              280B

                                              MD5

                                              1079bc7e4f850898c28c1db40e7b2418

                                              SHA1

                                              85b847fbed4e15c721cdaffc9b34b1398dcea8b7

                                              SHA256

                                              259240cad5413c1feaafb938158e5cb56fbb3f5a6e647496f9297fd6e55cbfdf

                                              SHA512

                                              e222247c86559cb6ece64f5f29cf7b65fe936d9d8e7c22cd6d778d6bf1d90f53b86d4a7ecf23803d6e5dc29cdf8b63dae3ff150dff7d843e32c8254bd4723df2

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                              Filesize

                                              168B

                                              MD5

                                              4ffc9c27265c86d763612be51f900a05

                                              SHA1

                                              721505c94e74d136dfdf040887054d0240c52711

                                              SHA256

                                              1110d7780c83bfaaa7dd4b8cc2587ffb5daa29793fafaf447f0a3cb89b7e2b9a

                                              SHA512

                                              cb826f2d2d5adcaf4041c8754639f3892f289f869e381296fc9e1b151d04cc46c319a5914cd9e6b142721cbb91fd1c223ba10a04c0e9df90b2204dfa649ff18f

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                              Filesize

                                              168B

                                              MD5

                                              cba2ff762e44866289892a1739679c39

                                              SHA1

                                              d508e08c662fb35a084d60aadb88de181e6ef16b

                                              SHA256

                                              7e6a5918ab733d66f1a52a508e300d3fed9217349d4e314c000433f995675273

                                              SHA512

                                              4b6b9ff5fb7d9fcdb9db43479f3216a573f4857252c675d6d096b0a48c11428ae9f4723c51e2a22d37e7c87c2a84ad80354f703e05bffef3fa442129cda92476

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                              Filesize

                                              168B

                                              MD5

                                              cc245dbbae0c8e470753be6c7bc6f00d

                                              SHA1

                                              8aa9e9bc64d0cbf3e8bd2fbd5b9593c203ea1391

                                              SHA256

                                              ba192f68a51fe18b374954af91922dbe99b9cacc4899d4e0a65ab8b4a87b0c4e

                                              SHA512

                                              a298a71629ca286806486f0b49b341fbe0d3ee13d51b94b94cc0df2853115a52a7c00648d1c6509bb382d448c8feabde9caafe1e587b54e6694c92aa0159d54e

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                              Filesize

                                              168B

                                              MD5

                                              fc7fdf6f55d5ed6d9286d32700f01e00

                                              SHA1

                                              342afaa929e32717c3d009c3048945570bddaaed

                                              SHA256

                                              7b1a3c90462e7a3993543268247360c5754becdbd97d255c6e2165ad4f4663a2

                                              SHA512

                                              861bb3d29dcb11865de4664f7dde909281ab2ea320ed97b876e40d23726493eab191c5f5c8cbdd83e5522d21e4eaa791462e335a107aa08746ee105bcc10213f

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                              Filesize

                                              2KB

                                              MD5

                                              ced33c998af01eda1d428c332275e3b3

                                              SHA1

                                              25f50d77ec5eaf7fe8a50d0a7e50fccc75c8d7a7

                                              SHA256

                                              36e5cb9eab3e6526a222b86c25bd2255d9f55706464e1a66ee80d59235349718

                                              SHA512

                                              c592d133714ab8a1fa1308801ba7d1ae994a46b8f9b4bf926abfb755d3840af033aeb54a9ca4dfbae5335dfcce58cbcca86dad98ce35a1343cdee3effae6a0cb

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                              Filesize

                                              2KB

                                              MD5

                                              7000934688e0f44cb76f8c17abb7a2a6

                                              SHA1

                                              4205082c7533a4b272674d6410bbad751cda2634

                                              SHA256

                                              7806df17113de52925c533931c586bd5507d294e777aa7eeb960d90eb50c3250

                                              SHA512

                                              6ac078df5695141fbe85532a93c29287ce1c5960bdcef1bbe6dafe0679e33986c82f833902d168ca6317ede8f3980108fb6414874bceb4cb60c6780abbf75fd5

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                              Filesize

                                              2KB

                                              MD5

                                              2fcf9f665ba109f1bce4569dd0745aa1

                                              SHA1

                                              a41896003d07f563ccffa8fba82828b9e8a9a8ab

                                              SHA256

                                              263a26cadd7a49432b6ff08f2e3c4555d61500251745ea8be40a215da1913d38

                                              SHA512

                                              9d9a7edd65655962ffa1062729fd3d2addd1e94b0303da82eb8ada338fdc595783b341e5c75f334586be976f01c5421dee8971ed5ce503a2537b03a152c1ba55

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                              Filesize

                                              1KB

                                              MD5

                                              dee0e9fdb6123cd9b13dd6c871be686c

                                              SHA1

                                              5be038bd713f057476ede3855f93faf140301e70

                                              SHA256

                                              98ebe11407f09f438d962132d36a75442103213c475f5e714d59287fc95dea82

                                              SHA512

                                              8c999a7f76a5e4f851fb9e325b76123dc72d4ac572703bf7d97c850aa5b51cffa8a9f47198de489ac221fafd60398fb88e98c0b8feb915f5de422b2e48754815

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                              Filesize

                                              371B

                                              MD5

                                              99568e92ab191b314af4529022352816

                                              SHA1

                                              e76ef6a3703afe227c1d8a0fd772354220e1ece7

                                              SHA256

                                              bd363e2e2d76d0f512eaf0807951a7f52697132069cb68be9a9d2fd97bf07a68

                                              SHA512

                                              717eaa316730e846497347a51a8ccd7734e54cb9a6a2e27a5c38ad83ea5419ddb14570d2ed6d8d3085cd2c48aa96ccfe6f48deb31d64c3a16c6cd8726c7bd514

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              6KB

                                              MD5

                                              b1a1169ebfffb4e7bfcf4c3f829ecef3

                                              SHA1

                                              7fc20274f1816e5101b06ae02f21cdb7d51cfa53

                                              SHA256

                                              151aa0edb354a366296de29fe17e341357b91f0470d9160b47dea8e1e0e32031

                                              SHA512

                                              b66882fca195ca50d44e5c87a92edb93776e4389bb0657821e85d0d0c033921ff1e13d54f136ab7e2b6c1558c1876738f38ce8164457baf19d218f8fe64789c0

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              6KB

                                              MD5

                                              e1f7a8d467393693d2bd3fd6c9f16e4c

                                              SHA1

                                              50b7f14fba15cf9a9f238835f00cdaacec3ae009

                                              SHA256

                                              38f3c3413b482eed4b3222aedaea7571ab2d3b8ece1cbbcc7ae6182861029000

                                              SHA512

                                              05c1a25eefe92446ec8767fda0f0d17146bb0ebcd033e842c8bccbb40c870a34e2ab3e10517ba35d7adb5c4b5f20f112ab984e6e4ed55bd9e2cbaa3526c93bb3

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              6KB

                                              MD5

                                              69474ccb442c88bee2d91afc21d2cdec

                                              SHA1

                                              79bc907c5cc3d48715d7c011d042e46b86c7ce27

                                              SHA256

                                              8f09909a1d0fa1596181842ffe9bb9287053f2beb7265a6e4b7f4581217dd4d3

                                              SHA512

                                              8a05b316deb370874ab1d0dca7a2aebbf0239ba905c49bcc135e9fdd6e13c1f86edaaf15fd04da60f75ea6e4b94631d732a7ccf7582cedbfa5c302748da406e3

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                              Filesize

                                              278KB

                                              MD5

                                              457af188fc9da4709aee4f1af0f2dc86

                                              SHA1

                                              bf5fd1dff952cc657e93561871bdf91dd3e3dc7b

                                              SHA256

                                              26888c464e6f04d324bf30b833a84f909d253425e977f3bc925cab25a5d9c93c

                                              SHA512

                                              816fea97960b13fda9442d7461d1328817ba170f1df2536109a3de9ba8f6e05ed31bddee0f067ce6306beffa9df8edc799956abe49690b9202679600401b4c84

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                              Filesize

                                              2B

                                              MD5

                                              99914b932bd37a50b983c5e7c90ae93b

                                              SHA1

                                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                              SHA256

                                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                              SHA512

                                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd