Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-06-2024 12:56

General

  • Target

    191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe

  • Size

    1.1MB

  • MD5

    870234ec4903e34c59e2d59631fbb0b7

  • SHA1

    cf28f0b52458014e54ae41d1cf6f1f75933218d7

  • SHA256

    191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2

  • SHA512

    2e0f52541bf78da4e4da2ae81324d81e276a0cebd1a0c9179cfde84bb9fe9dbbaa213f4122d9d838812013f59d56a678fb1442100cf5134a0e66e8eb32142140

  • SSDEEP

    24576:+qDEvCTbMWu7rQYlBQcBiT6rprG8auV2+b+HdiJUu:+TvC/MTQYxsWR7auV2+b+HoJU

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 52 IoCs
  • Suspicious use of SendNotifyMessage 37 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe
    "C:\Users\Admin\AppData\Local\Temp\191b8b774e7f1c856ab82143b07ed151f203500cc47cb019924bd50b11d1c0c2.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4540
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4636
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8af84ab58,0x7ff8af84ab68,0x7ff8af84ab78
        3⤵
          PID:2900
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:2
          3⤵
            PID:3600
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
            3⤵
              PID:4412
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2116 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
              3⤵
                PID:1204
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:1
                3⤵
                  PID:1244
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:1
                  3⤵
                    PID:3964
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4128 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:1
                    3⤵
                      PID:4104
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4332 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:1
                      3⤵
                        PID:1944
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4536 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
                        3⤵
                          PID:4688
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
                          3⤵
                          • Modifies registry class
                          PID:2396
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
                          3⤵
                            PID:3464
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3252 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
                            3⤵
                              PID:4496
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:8
                              3⤵
                                PID:4828
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1784,i,8483423069055147040,3319701884648015761,131072 /prefetch:2
                                3⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3040
                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                            1⤵
                              PID:4584

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              336B

                              MD5

                              7e551ac3fbf84f28bc4c2c3c0630864c

                              SHA1

                              2cbf7c22778b7240716f22a0e77bc117cb62e432

                              SHA256

                              a015e0fa98ef7e76ab9713e92a4756eb9a412d97709ee8cc3a4bdfb9b435f305

                              SHA512

                              e96f8de599b110c7e4f8a3ad9100d0d7d2da08d9cd8f08eee74f3462d73e94d6167f2b376e4116383e01df2efa4a3c055d68df4f3af00f194f20cbafaa079f6f

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              ebfe1b24ec5948001955b9deafff890a

                              SHA1

                              c326ccc430e5aa10d5395993d813fe0ce54d5ef8

                              SHA256

                              486958250b7e51fc249cc39d004eeb96620775765e2e1e58d0de94daae6ddb8d

                              SHA512

                              d354d13c68f0cf7b8bbdfcae13b2d95f9b476765c98d13e2e5b3dc568ea8ad5df264fc23558ad69cbcb0b584343e63804cc4b25fb4eb843a6d2919a4a937efdf

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              c21f71a015c842c2b5501067d0ea5652

                              SHA1

                              0c19c9b3894a0d57595b06811e8994222eb6ed81

                              SHA256

                              5947d41ab53d7e1e4044ff5a420fa1dd36c415b0aa661bf1972bdef1929c20fb

                              SHA512

                              d7dc7a9b79f6fd9c9ee8964897333c3879d817bbf3ddb8adc269f75b0bf27392b0edb83abef547ae585c7abcf48b149ec9bf6fa88f395e1024f8ecaa0a27beef

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              524B

                              MD5

                              f5f9213267f89dbce19aba4973a55a0a

                              SHA1

                              c43b6c7ffa3b40e5281e7788fca8317dcae46ede

                              SHA256

                              5cab1d434fab7cca521faa6e3251a9ba1bc28faf62573638fb6717959a16f54a

                              SHA512

                              372b388f02926abf70987e0557e2a3114aab4b0d6d1dbd732c3d7bb7cd719fd69849d625ea4f7530019c59d1e6c859282b479380b6d05a5d6e2d53c2f86bd00d

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              524B

                              MD5

                              bf0ab82b34fe6fb11c82b93e9cd2d72e

                              SHA1

                              9237e80c9de2d499ed2a276f7ecb9d6f7d80c176

                              SHA256

                              de8ee4f1a7a23d2a43f09f3e46a72ee316cef5ee91c111037e646af30f4320a1

                              SHA512

                              27c9859ac0196e8594f2282625205e755a00063982735061c724fd273aaa28a7d98bc7c82f5d1decafb2186c166f62b059260540013f1bc9ed7ee624cba879af

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              7KB

                              MD5

                              63865e636655f21170b164f35a4db2af

                              SHA1

                              eb8f3eb3db2de6dc421657336fb7120beb22f34b

                              SHA256

                              ec4e0396b91a7f5c0e3e6021975f717d4680d1c12b0a71f659f8b4e6058b5aa3

                              SHA512

                              1e72f54dd2fac3f2c21e26d2f971a5577ac2011f5647e7da74753236de8bc7c8afe7429daec8c5b6c9e861e701156d5ea57b9983ec4c1c65d37b02362cc7d82c

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                              Filesize

                              16KB

                              MD5

                              b0622ba6632922aed73ef90a64a30612

                              SHA1

                              3f300c2c4b5fd7f94ab81c7d6bb58523eec52d23

                              SHA256

                              ce074ab5e4a82b4ea035c6e39ed70e72a22d56a39a4fec643ddab766b716c2d4

                              SHA512

                              567396d9ad8018ad40f444d3e13c58579f20a583aa81a0783c971c40b58f41af7e7fd8a09eaa8969a36729ede380a0ca42ea7484f5600ad5f117ab02a91556f8

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              259KB

                              MD5

                              a2ed55223a2b844fee7fea910d352cfa

                              SHA1

                              404a461ad33ba36bb0f5d1e84de45de31b80c2e9

                              SHA256

                              c02529c105bd510b9407b5b71d6bea5880f3d027103d8c3a9660770d8b7043bb

                              SHA512

                              ca05f0387c2dc26b0ce1320e04fca65efd00f7ae9487d72ab1c73a785dacd452f475fa30b866703b9bd23fb1382e58c76a98fbd436875e15bf7987a4d0df4363