Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02/06/2024, 04:50

General

  • Target

    50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe

  • Size

    1.1MB

  • MD5

    a8ddc065bd44a3c0a3470c1d03f4567b

  • SHA1

    2f7e61f6b432dbacacf3f00d536a21ff7111d907

  • SHA256

    50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15

  • SHA512

    7bc197eba02fb7656cfb79f872f1583044b4931545cc5d767095160de0a6361e94918092784bc0698eaa0fc3ff223892216a0f0fd0c2f4cb28e1a2a0aa901e6e

  • SSDEEP

    24576:3qDEvCTbMWu7rQYlBQcBiT6rprG8auw2+b+HdiJUX:3TvC/MTQYxsWR7auw2+b+HoJU

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 63 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe
    "C:\Users\Admin\AppData\Local\Temp\50f9ec85c55a28d4f8e74334b78f81624bf18d2040af5da452c75d08a96d3a15.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:8
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd3e02ab58,0x7ffd3e02ab68,0x7ffd3e02ab78
        3⤵
          PID:4240
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:2
          3⤵
            PID:1952
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:8
            3⤵
              PID:3924
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2112 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:8
              3⤵
                PID:2776
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:1
                3⤵
                  PID:3544
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:1
                  3⤵
                    PID:908
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4140 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:1
                    3⤵
                      PID:3300
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3328 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:1
                      3⤵
                        PID:1188
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4332 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:8
                        3⤵
                          PID:2800
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:8
                          3⤵
                          • Modifies registry class
                          PID:5000
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:8
                          3⤵
                            PID:3496
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:8
                            3⤵
                              PID:4700
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:8
                              3⤵
                                PID:3036
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1512,i,2375905733619360910,4014513653858957784,131072 /prefetch:2
                                3⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4200
                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                            1⤵
                              PID:644

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    336B

                                    MD5

                                    6957d36362081d1b8a5f7e99dd35a268

                                    SHA1

                                    ce6859d79f3d3048a2c7ceb169fd8e6d93cc0583

                                    SHA256

                                    70f02c5f9037cad873e2f4940875f54b6c1bdd37cb18d76869ce11668dc0d831

                                    SHA512

                                    bc68759f24ad4fbdb8c32df630b7a82d6b79df5c16856a118517b340217ae8ef06c7115c68d8289766ad77a2f232f132d4cca2fc51778b4b480a8ef208d5c37d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    0c190d1c1bd55579083bebfdba37d28b

                                    SHA1

                                    9b866f61afda620704c60870a9ad0d9b62a4a69d

                                    SHA256

                                    bf3ff1d426045830fef96e378104da771739c19c3c1856f5ee41b52f09165f45

                                    SHA512

                                    204151657c46c9e810a4e9ea8ad6337a53773c7eb3f583cb658c513745698b966cf5ad672a7ae1b7c30f949829cbc9a4c6f2b72ff78fbf12daf4ec9139bd958f

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    57ec8f0a7277b292053c70d8cf16a723

                                    SHA1

                                    e00e7bb2771f59b461c05d49e4650d7b7c8db720

                                    SHA256

                                    f404fa8ccc2d19a3b5f23122b942f3adc503144a8f8042fe1c747e9ff4953ca7

                                    SHA512

                                    6b411053c61ad317d8425a8f7a45b9112fdcf8dcc73c5b95b758bd05c45ca15c63bca0fe3cc28778959e970a820348b002cb1a25af364386ad7aa79d585674bf

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    524B

                                    MD5

                                    b96ccb0a2560cdd8b2bd6bf323083b33

                                    SHA1

                                    210872f84870de31c2cbad82b6d568728099aed9

                                    SHA256

                                    e81b4d0ea8d8fffb6cd8ea40e044448678b2e486468d0a45137a3fdaf99fac72

                                    SHA512

                                    01580d366607f41903c0867a5d669ee4d6ae4002db34617556bb6650c802f9ac89fe4286421b5592477fc5a061597f39bce9b14157c9b215b5a55fd9ac1f92bc

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    524B

                                    MD5

                                    1374d4e3ea4a58aa27f8c70a29e8ac16

                                    SHA1

                                    27726822a364728098a5f5069cdbd1557527e29e

                                    SHA256

                                    bf46290f0313ddaba90d3183537ef23c59e46d03614933c817a5570da3a6e6b7

                                    SHA512

                                    0221bdf2637a3e63f4a73b2538e903f3832d71b44f491cb1fa4c79f8c41f6cd98ea2a16f13a2ea124ab9822ef637bfba83132f859a1bc79d3af6b72b61c9dc3b

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    7KB

                                    MD5

                                    4be9032017ee72af25dcfdb2cc785af3

                                    SHA1

                                    e16312cc655e80477efd80b36cf81bd30060e9ff

                                    SHA256

                                    b0af6791dcd2d73e252a92a4e43f09afcfb722b922da67ad42cc049fd1ed661e

                                    SHA512

                                    13736d6012a778d7cd5f37089ef53a3a7f81d5186d306572c367da261d14b37288afdba0afb037100ca8cb10426c03b9d8886084b3b6b4d033cc8054f301d031

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                    Filesize

                                    16KB

                                    MD5

                                    624741bee20354c2433d595b06734b01

                                    SHA1

                                    4ff922eb19e2eee25f02f9ae5f53d1fa2dbc0cb4

                                    SHA256

                                    e6de4245644f75f891c4d839c956464c74bbff5b117d83a7cf6369f59635e7f7

                                    SHA512

                                    95671b3e1481a592e651f455c67e2d7b3416dc13a7166d31e86e602766d737e179c5eed7eed584fdf13f94eed724f7b4812a56fb83a963273d9b1d34a23b78d1

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    261KB

                                    MD5

                                    f34b5e3f02ec7805a056e245fd1963a4

                                    SHA1

                                    9b447c51ab510558d70e18d6ad3eb4d946d8ceef

                                    SHA256

                                    0c16dc03262ea3938d789b9fb70287287a84d7b90b721d70a5b9c8e070dfb9c0

                                    SHA512

                                    98e06dfaf1da4f056768f13930c279b51cbbf8f6b75f6c392bb35773030fa96e3c64a81f2082e70d76d8847220336ad93fa5e71bf3029d1eddf519b0ab17b23e