Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-06-2024 12:56

General

  • Target

    191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe

  • Size

    1.1MB

  • MD5

    870234ec4903e34c59e2d59631fbb0b7

  • SHA1

    cf28f0b52458014e54ae41d1cf6f1f75933218d7

  • SHA256

    191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2

  • SHA512

    2e0f52541bf78da4e4da2ae81324d81e276a0cebd1a0c9179cfde84bb9fe9dbbaa213f4122d9d838812013f59d56a678fb1442100cf5134a0e66e8eb32142140

  • SSDEEP

    24576:+qDEvCTbMWu7rQYlBQcBiT6rprG8auV2+b+HdiJUu:+TvC/MTQYxsWR7auV2+b+HoJU

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 52 IoCs
  • Suspicious use of SendNotifyMessage 49 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe
    "C:\Users\Admin\AppData\Local\Temp\191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1796
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:216
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa056dab58,0x7ffa056dab68,0x7ffa056dab78
        3⤵
          PID:2780
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:2
          3⤵
            PID:2116
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
            3⤵
              PID:4292
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
              3⤵
                PID:400
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:1
                3⤵
                  PID:1268
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:1
                  3⤵
                    PID:1780
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3924 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:1
                    3⤵
                      PID:3044
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4468 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:1
                      3⤵
                        PID:1184
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4160 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
                        3⤵
                          PID:3444
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
                          3⤵
                          • Modifies registry class
                          PID:4688
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
                          3⤵
                            PID:1404
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
                            3⤵
                              PID:1564
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
                              3⤵
                                PID:4884
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
                                3⤵
                                  PID:4532
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
                                  3⤵
                                    PID:2532
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:8
                                    3⤵
                                      PID:4336
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 --field-trial-handle=1968,i,5207201756645565944,17757125317192406405,131072 /prefetch:2
                                      3⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:1664
                                • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                  1⤵
                                    PID:3428

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    336B

                                    MD5

                                    d3862608044379f8b60a18f37910d137

                                    SHA1

                                    195a44924b3369d62e3c503ae25412c7a3144cd6

                                    SHA256

                                    e5fb29112b54e43adab7b109bfdef29cf22e2fddd7bcd1183a7e1becd77ee64e

                                    SHA512

                                    342d8380e6355742b34d60dd9eb5b422a189ca9af1ed4d063ac61f561ef83281cad5959d8a2dad748fdbf47a9b8e37a7a098150a1697243b27077121ed695d4f

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\526c5129-5ac8-463d-ad90-086020d58a3f.tmp

                                    Filesize

                                    2KB

                                    MD5

                                    b21283ad7a0bd21ddbbace9f52b3a806

                                    SHA1

                                    0e0a9c816bf51827f93dc460cd1b8071389c5f58

                                    SHA256

                                    1b4e4a36ba41b66156839672e2f17d33015828c08ae16ebeddbd8ed20204b25d

                                    SHA512

                                    d439a700fac34bad5c687d189b9bfbc435447bb4e5ebb2881543ef20847bbc9d3a6437ad6cbee8f4bf5b11cc5796009bc52d090c2bb9451ca8b15dafeff5300c

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    0256aefe410f78f35b061a13a95482d3

                                    SHA1

                                    72c54b7d02a3cfe34ab0265f8fba530f8ce4b99b

                                    SHA256

                                    f6440bd603aaa8e32a1618580bfd2215a854dfe3c8b1361878564a7a9de7aafe

                                    SHA512

                                    f9ffce6a17f603989848706215e74f312b87ffe982329585dceee595d55a03e9ace75d01750586cefe808ff3958579b9768c9f7d28890d4195b2577d90476f29

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    522B

                                    MD5

                                    2983ec7fb872f25fa6394e1d6d5c938e

                                    SHA1

                                    6aeaba20e6f908d3b7f93aa0142fdf6b10676ddc

                                    SHA256

                                    005f434c0c88c9d696c67461f4185605baf44773e5836a55101cb7af9e4e9752

                                    SHA512

                                    034b25c2b5e0a1ce70c8c4b4c2691314503e169f6c6ff6e9f5e0d8e3532fdaf6395933ac8dc011ffd7bae1b03eb0b018330bafd9bc034cb50b32b131b629cb92

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    522B

                                    MD5

                                    44990e8f651f21025f790cc76606dc9d

                                    SHA1

                                    7f0233a0e21d60b72fce1885d88593cb2b4fa98b

                                    SHA256

                                    ff473ee54e2c42885761ac946d2837b9f506388b09ecdbfe9e8cb90066cfeb2a

                                    SHA512

                                    a82adc9e195d3c82b459e980a3ff5d80018588156bd2641c1b2730452882108add23fdd9da92485e135f75ef77653b3d2769c11a5c11264579fdab4dd17a85e2

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    520B

                                    MD5

                                    45c1a3bed68883ff43a654f91f47d397

                                    SHA1

                                    6a45b597c52b4644fcfca33248e7e07fd9fda4c5

                                    SHA256

                                    170a83625955e4449c6228d0b1551fffbce433384443131ed8a643098d45a047

                                    SHA512

                                    0f5979eb0e0b5547611514e4d64f401a5cb7fd1e80c62a9bea8f4d1cf35751721c5e1c3c7ba6ec8d50208f7081bd4d85cc3879a90d60c2e296caa067583577ed

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    7KB

                                    MD5

                                    e5c2a0058f32373111cdbdd059b0cd00

                                    SHA1

                                    7240d836e6f060a4dd65a55e1c4c9eaefe364e96

                                    SHA256

                                    d1c7b8767d1991fa58d205e47d0d52c6781e3adcd600f87b235ee36292d25e65

                                    SHA512

                                    893df980585b84d30d1d102d54f121020e1baa7109cdd27cb24943ab4fbbced0bb86b60cc1df811da5ec94bc792189b8688ddbe14a6e35aedc0dc43ec282f286

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                    Filesize

                                    16KB

                                    MD5

                                    8d00e7d4dc7d397510f5cdede6ea4b0c

                                    SHA1

                                    0a22f269f61b3b25d1dc2a46ee67967ef4b33b3a

                                    SHA256

                                    4999a81ccc8c0342e2f8b685712f9440c69c45f7826068051474265d9da324bf

                                    SHA512

                                    68c46e5c06f993f6784c937e91ab947c47e894ca33479884ee2ca445bd5941861c62642fe9042eef9ccce26946c3f9a034dc3a7b8ba347217b1de2cf43aadad0

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    261KB

                                    MD5

                                    a1cf59ab0fc0bd30bd89ad0e2a1b2f39

                                    SHA1

                                    dd1e92899b6573c05b73cfa18198b4df5ddd5b1d

                                    SHA256

                                    59d5b76e3736ca60db074bac692fea81aa0120fe29b36b9b5c06231035ed316b

                                    SHA512

                                    1adf6e774dc7709ed869e739a52c19a8823cd471e3300d5a01715af72f7cc192d38024108e4c666c5ce017d056dd3b07ced33dd5259fd742d053e5a4e78c76a6

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    257KB

                                    MD5

                                    48a35165b939ca1c51a6955d7be2b740

                                    SHA1

                                    8f380b920760a62e5f895621532522b1e39354b1

                                    SHA256

                                    85a283cf2b5b019eb197bc69bf373be115a5314bf69c6cd2bde7539a21fe0a4e

                                    SHA512

                                    9551cf714f579eed36804a71b03f43a6f479239f64514cf93e621f27d23b23c906a48a395017d4d3bce59d116004985c8eb82a99e723377ad2457e6660c7e096

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    261KB

                                    MD5

                                    ffc4d52e259b9978e168053593211ce0

                                    SHA1

                                    fdeae9cfa1e043d01c599b6713c54e3d412e812d

                                    SHA256

                                    ff58fc3b26c4d34756f0dbf8ec5f0348978dfef870615e3de823e6c1df18d173

                                    SHA512

                                    478195cf45f4e6c7b445845b465c50a47bd23ec1e9d7e30c6b65b48733b142a76b38de281b79bae473df68ae8c031ee5ee8e1d72b7c707bb3e3d61a259751ea1

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    281KB

                                    MD5

                                    b4be63fe25e993d7e1966fe7194d5f06

                                    SHA1

                                    9ee82a7c801c9734fab91df49f13df0050f9917d

                                    SHA256

                                    e1f4dcf838b052bfaf0af6d0961502bd46cd3e29e2411446156cd1fe0a5c345a

                                    SHA512

                                    946580071a380c4936b5949f570ed7a1f741b74f98a5b260f3fcee459adabc62a956760a8ff87d8af729a743cd700d40300989aa155fbeeafaba3d93925097e6

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                    Filesize

                                    98KB

                                    MD5

                                    77bd51d85a16df5a2435d874b4cbe0ca

                                    SHA1

                                    331e11939d7af2a6ebfd04498f98abaebe0ae918

                                    SHA256

                                    d5d6e1c879bc4a69540f85aa508c58b15b849f7782c3bd8a745fa573aff650e7

                                    SHA512

                                    39e00fdf0d0291e6a0c21c66d694b3439607af6af121d8834e61a2b0ff769a76947084d559e9564b8c976e3c95b10c1c7652f4be67eb81bf10b426b28e043b59

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f750.TMP

                                    Filesize

                                    94KB

                                    MD5

                                    de26d2568262654af3799ef283d8002b

                                    SHA1

                                    d2a37eeaace3b3f85bd182cbbec499288074ce39

                                    SHA256

                                    4159ae7fdf80e405d2331b35449a5d32b407fd821941a391b280dbd1480bb85e

                                    SHA512

                                    13bda046250a321cecf3b87dc0c4fa5c24c362eb4ff12076214066f3407c9b1f810e7c63c3101eb1f9ecd733765bbb91ff1f48a9e2e6a7ec6a65b8f2e4d24d5b