Analysis

  • max time kernel
    600s
  • max time network
    589s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 17:51

General

  • Target

    https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbVpxZ0xXd21sVVozblNsUjg1bGtWcnBWU2k0UXxBQ3Jtc0tuWUk1QkpDdzVPY00wYlBRamlkeVV1VFJqUmRzOWRMM2h6UWxSQjhlZzltMFlTZmZWUGJsQnp4RXlEQXU0R1hQV0xXUEc1OHZhemg5bGZuZ3h1Ym94TDB1WWNkUUh0X19YelVnU2lxX0l3QkVwSjFEQQ&q=https%3A%2F%2Fmodsfire.com%2Fhc5B2g56nf4qns4&v=pr3VcAY6zgU

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbVpxZ0xXd21sVVozblNsUjg1bGtWcnBWU2k0UXxBQ3Jtc0tuWUk1QkpDdzVPY00wYlBRamlkeVV1VFJqUmRzOWRMM2h6UWxSQjhlZzltMFlTZmZWUGJsQnp4RXlEQXU0R1hQV0xXUEc1OHZhemg5bGZuZ3h1Ym94TDB1WWNkUUh0X19YelVnU2lxX0l3QkVwSjFEQQ&q=https%3A%2F%2Fmodsfire.com%2Fhc5B2g56nf4qns4&v=pr3VcAY6zgU
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaef7eab58,0x7ffaef7eab68,0x7ffaef7eab78
      2⤵
        PID:1212
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 --field-trial-handle=1924,i,1192899674371752533,16193253364598327454,131072 /prefetch:2
        2⤵
          PID:2732
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1924,i,1192899674371752533,16193253364598327454,131072 /prefetch:8
          2⤵
            PID:5100
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1660 --field-trial-handle=1924,i,1192899674371752533,16193253364598327454,131072 /prefetch:8
            2⤵
              PID:4244
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1924,i,1192899674371752533,16193253364598327454,131072 /prefetch:1
              2⤵
                PID:2028
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1924,i,1192899674371752533,16193253364598327454,131072 /prefetch:1
                2⤵
                  PID:4204
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1924,i,1192899674371752533,16193253364598327454,131072 /prefetch:8
                  2⤵
                    PID:4684
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1924,i,1192899674371752533,16193253364598327454,131072 /prefetch:8
                    2⤵
                      PID:3312
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1924,i,1192899674371752533,16193253364598327454,131072 /prefetch:8
                      2⤵
                        PID:3736
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 --field-trial-handle=1924,i,1192899674371752533,16193253364598327454,131072 /prefetch:8
                        2⤵
                          PID:3928
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1924,i,1192899674371752533,16193253364598327454,131072 /prefetch:8
                          2⤵
                            PID:1392
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=988 --field-trial-handle=1924,i,1192899674371752533,16193253364598327454,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3948
                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                          1⤵
                            PID:2936

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  cf39977448f98c48f7c28441435b60da

                                  SHA1

                                  2edf4bc20c9c8f22321a0f890ca85c73a6e6d2c4

                                  SHA256

                                  ac78d1252d7c74987a7556924639816a5e18bf180336652fe8f99a1d2ddde0e2

                                  SHA512

                                  e058abcd578a279efc70fd30889279693402ea6480b40738789bee600325b8e16db5cc1e29cd672817d684843292831ba629a58a40f8482d0419b04d5848c77b

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  b93a35a6e2266ca0344db9c9d6b8f1a0

                                  SHA1

                                  eae30e3376c6cab912df2f3c74074712f35151cb

                                  SHA256

                                  cb19eb1a7b756389633956f8ce8358f57c1e34377815ce8e474024e3a8bc2097

                                  SHA512

                                  d496473a6c2519efa42b59f4b38b476fcc98bda1e6aa4ba9d80c85d65eae4db30141e601a64cfdee00f840078b02fc8a93628db15cde0cca208b07cffda99fe4

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  c27a4dd6c986a7869bf7fecab92c8817

                                  SHA1

                                  78bb31c9dcffec166390462f151ac5cbe632d3e9

                                  SHA256

                                  29c9172fad8723f9e18dcde6aeadacf69330802c534a95bcbb67ff9bc0a3f85b

                                  SHA512

                                  920e3c2c8c645b73d10cc08851775a187a9d835a323ede0ce09f73b34fb42b21957bacf9510331d8f036e06aa8b2159858e2740197465dbe5113ac7f0c41d998

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  ce0021c801b27a3cebc194562754fbe4

                                  SHA1

                                  11f486c174148aa9c1c18600b94b451ccb3e7e94

                                  SHA256

                                  61a71209b0ad78284948de7b4209fa8d7fb6d8cbabf02aca5eb1394c57a26f63

                                  SHA512

                                  c73489e8550a96381943c3ea716f2d7a14baee8a4810371ba7d8730274fa42feea8db38a964e0a114d88d067e3b7a0a840a85f8488ac48f55c96784f374d2f56

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  cb63e626e37b79799abb0a98589fefa2

                                  SHA1

                                  662d5432a90b77a8c611a3937aa7554ad0e0af06

                                  SHA256

                                  fe20d542520a0547c1b4882ae9a203f73e45e8c1eb3cacd74409e2f7c8fe9555

                                  SHA512

                                  399c21fc9dedd47ae804589f713aa6aa741c176fbe737b0b0eb56e9ed706db9c40767cf5385b183e807ad173274a1d0ca26efe75553c876b44bbef9cfbb0c43b

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  6271788b0450e9b6297f2535a980de6c

                                  SHA1

                                  1107bac1c59de030d4763d053649780372b74020

                                  SHA256

                                  6a4c66d4fd99c74e06dd16e313a0879442faa9530eeae9184b4f57c376993ddc

                                  SHA512

                                  2ae2ed5cba871d7fb81c6364df907a84b63401f7a79ae43c448d1ccb4bb00909bfe48636f5437d0fd2c79e3e1ac8a792fc3fa91736ba3dafc74b6b76e59e5788

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                  Filesize

                                  2B

                                  MD5

                                  d751713988987e9331980363e24189ce

                                  SHA1

                                  97d170e1550eee4afc0af065b78cda302a97674c

                                  SHA256

                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                  SHA512

                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  524B

                                  MD5

                                  7a1b02fa5dafcef5e359e3d70027fe49

                                  SHA1

                                  31c33cd72750d8aa14622667e4beae19147764cd

                                  SHA256

                                  cb278d9642ce58cf7631fea63d4725c22daa502d8a4014ed3f137b9b52241883

                                  SHA512

                                  262c0f5f618fd4358e6cd4f12ef5d350656d68782ca9ba7a0025de84a5e4c258c8cdcc4e50cd6ae4c4b4e8da1e2a904204bd2b75965fc509858a1bf700669eef

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  295f8ad8e8c08a31c01b682773b7c00e

                                  SHA1

                                  fb86492266c30f3603adbe1599237abae290a26f

                                  SHA256

                                  3ace3297a956d00dd8e025cb03e9a13a8b6cbcbd9e4ef1519bb397b73f738da0

                                  SHA512

                                  88020fd8b65366b3eda99df61758827c6dedca70c72c2acea26953b706068bfadc0d80a9869901b550354b7e89ec24f3cc29d3b85ee85fe5ff5131a370fbbf6d

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  131KB

                                  MD5

                                  3cd0ca0ba912fde4ac8a130697424bc1

                                  SHA1

                                  e2bb17251d5217ccf4fbb753540c6e4a72d1829a

                                  SHA256

                                  9a0ffad8f2322c7068ef9b3ac1b7fec9417999e1048a3a311a7f4c3e13051e4d

                                  SHA512

                                  b138b59c0302fe794256814f45b78fa92b1b8cd7050e7c2225363afc6773adfaec7db232e9fdfbe1a7059f7f121fc03d364cfc1465f752fcdf73e00093a12841

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  131KB

                                  MD5

                                  04624653861e140a7a142fb42095e705

                                  SHA1

                                  58138bcb6e0ead06521a138dded7039150f612ff

                                  SHA256

                                  b047305f202096107ce8b9ccfaf504c54d0f844a37b105d4140342a855969140

                                  SHA512

                                  87ca3c700b0544f3d3d5bdc74ec7027a534aa10feed686c0a8d407fab1fdfc17f7f4dfc728e51adbe9ae4fe034b6a83e1c5d4417e7775f6b2786fae82ef2dab1

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  152KB

                                  MD5

                                  41a89e86753e2a5b10623b761737ba8f

                                  SHA1

                                  d45d859aeb1e71319f1a6568c8f5479f19f4b343

                                  SHA256

                                  574098785ad2e302a0aabfa8b63d7ead0ddbb185ebfdd7285266589f4196e377

                                  SHA512

                                  e22924f881e5d76579b643a24370c8fe11f41c11202a733582fd22c2d9f6bd6b353c10956fbb98a8f54fc1b0b06ecedce9e2495056121f7d1ca1095f27a7f72d

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  132KB

                                  MD5

                                  93575cfe717d7cafb9d3e74415a5976e

                                  SHA1

                                  258f59ff17bc5ac9246fdad51e57590923b849a3

                                  SHA256

                                  68064418d15ba291f041f3ca951fa4f26c3cc1ebb74818b0938d95ac0ee70243

                                  SHA512

                                  b26ce0b18034635abe42c139a1d32569ad51ad3a4571220fa3ceb13cc1f3e563017949cddabecb681f8fcdf5a290b56595a511ba74eb9c322a657cfa7c84b041

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                  Filesize

                                  91KB

                                  MD5

                                  904c16677b5f81ac22f2e1774ce13b56

                                  SHA1

                                  de0f6ef0e4598fc87412a86949d67228fde01823

                                  SHA256

                                  95b4786e693058e3d5e687b65fa7b4b6fa1f30f844b803d4fe48d11abf61c2d8

                                  SHA512

                                  68d9447172de3123dd698e641a9ff1e0f65259c594467ea2674296ecbda56a8f0fa133b1256b5db5a0a017441916afda745ea51cc404583ac3fe210c401433cf

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5815d5.TMP

                                  Filesize

                                  88KB

                                  MD5

                                  957326fbb65bd8f128b19858475756f5

                                  SHA1

                                  b71fde9073451c45e643e8a5e27bc508a19f7bc7

                                  SHA256

                                  e13167068972806d4b0bfc8ac7e787f60c4c5eecf9e418068d699c0c36ba2901

                                  SHA512

                                  410fa723390fdaeaec707571f17e36c80417b0ddf7d86cfa7b23bfeb86246f69810d564ba4cce13e51582434a45fd08213843bdd4cf5bb795e9a8f80ae34ff43