Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-06-2024 12:42

General

  • Target

    http://anpr.me

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://anpr.me
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1484
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1688ab58,0x7ffd1688ab68,0x7ffd1688ab78
      2⤵
        PID:512
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1952,i,12168700764791461599,7647432958830224654,131072 /prefetch:2
        2⤵
          PID:1652
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1952,i,12168700764791461599,7647432958830224654,131072 /prefetch:8
          2⤵
            PID:5008
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1872 --field-trial-handle=1952,i,12168700764791461599,7647432958830224654,131072 /prefetch:8
            2⤵
              PID:4744
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1952,i,12168700764791461599,7647432958830224654,131072 /prefetch:1
              2⤵
                PID:2148
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1952,i,12168700764791461599,7647432958830224654,131072 /prefetch:1
                2⤵
                  PID:4464
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1952,i,12168700764791461599,7647432958830224654,131072 /prefetch:1
                  2⤵
                    PID:3932
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1952,i,12168700764791461599,7647432958830224654,131072 /prefetch:8
                    2⤵
                      PID:4628
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1952,i,12168700764791461599,7647432958830224654,131072 /prefetch:8
                      2⤵
                        PID:4388
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1952,i,12168700764791461599,7647432958830224654,131072 /prefetch:8
                        2⤵
                          PID:2436
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1952,i,12168700764791461599,7647432958830224654,131072 /prefetch:8
                          2⤵
                            PID:2056
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1952,i,12168700764791461599,7647432958830224654,131072 /prefetch:8
                            2⤵
                              PID:4496
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 --field-trial-handle=1952,i,12168700764791461599,7647432958830224654,131072 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1568
                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                            1⤵
                              PID:4364

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

                              Filesize

                              912B

                              MD5

                              091dccdd3d20e4709471c18ca3ca9623

                              SHA1

                              b39bce6ce8a5138cc9b3f0d98ef406b46717b9b5

                              SHA256

                              2f6c9d1a47b40004e45fd6de175aa7aca9335beceb84fde1442c56f5e6f8fe3f

                              SHA512

                              ea4f0b7399d5838e6633c18fe2eaa1cde1e9ad7eb8360b6b8357ccfe320f2e4047f80ce02045dd3f978c58a3ca4bb7481eb3978155c7eefc903712453eb843fc

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              3KB

                              MD5

                              bad8fb8b49c58ac6a4f935fcebfb696b

                              SHA1

                              4a7b6ba461f6326476265cd4843943e77e67b4b9

                              SHA256

                              cc2fac9c5b701ff0c13bc2457c87539bf4e8d0e058968b2663ad9968bb78b018

                              SHA512

                              4186ba97f21d542ae08732137b1960ce3c9786629273754ed40dbc43f6d16362fcc821533eee1d136e603e227770d711b3da79871f9e38216fbc8974c1900a34

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              1KB

                              MD5

                              92588840a9a837e771aebeebfbbd25c8

                              SHA1

                              16b8d81dec8ac392247ac0d281b02c61781e6152

                              SHA256

                              bb40ea04ff36fb9240d9d0f8f0a6bbf29a8320759fa0d1405412d447b51dc890

                              SHA512

                              53ec3611bb39c4735d41d3e180f20713aa19f01380858329c847f45334a24a87eca0e092a7edbb8bf65acec557a4b886c2bc24db15c36d3bb2b361adee01eb72

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              7KB

                              MD5

                              034619cf571ad3fe32e144e83d745122

                              SHA1

                              b9219566946147e662a002826a041ce73eb9f03d

                              SHA256

                              deb0216ca2a3b30537e8a843a9cf495ee8dbfc06cd341a661fea69c552db38a3

                              SHA512

                              feac848da18017fcf792f2e68a5a5282d7b24d2bac4760944e3d67ba846172388db5796b036e78342ae86e434dc563d09308b02cb21434e121bffa2d78fc01be

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              7KB

                              MD5

                              bfc972a1c76f28dfec0137fbf8455f6a

                              SHA1

                              97ce61bc2c457064e1a8d92173fb5f955c1ec3c0

                              SHA256

                              c0a39547d74643750d451638cfd5633a3a08915272961db2944f471caf085d9a

                              SHA512

                              5a92ad437d4e185858436b97512957c52c05e9011821cf996ba2ea4e1bfb2e358eb2d39ffa541610f5bb73420f38e00332087d793faf025f4b5922195ad51be0

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              257KB

                              MD5

                              6614c2818d5764ba96fbcbbfc1b0ead3

                              SHA1

                              a1509957b80f049facd4bb09b451f14737c08bbd

                              SHA256

                              ddb746d3f08f1921135cb85fc60465015ba4921980fcef1f76f638bb8f7c7bb2

                              SHA512

                              76343bca9ca16a1e868907fb4ec80564b6c36e2c186c39c2f1df2a607da3b7fb7a0d10cdef0c82d7853ea145e3d5667bf54c20c8683993f8d248cd22c1352c4e

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              257KB

                              MD5

                              fb1e7f41ae33a4dce18c1bb69b0b305b

                              SHA1

                              f01a1838a0c453024aaa9be6e28d66ae5040536c

                              SHA256

                              5dd15f5e2a40d36cdbee38eb2db72dcba9e8bca6042f5f3541a9ca3719257f42

                              SHA512

                              a33914d6307b362709de6034baf96aba71bec773659cbfb11449c95a51daa8a364056733d5e890fafafd223965ad7551fed1cc1c62ddf562f7b6c1ea4601cba0

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              277KB

                              MD5

                              da48a973d60867895a24e47df3e6e897

                              SHA1

                              606c004bf5c7295f20944093b05b43d193960138

                              SHA256

                              8e85cb4e793a63274dade24b17f0d6fc125977481b65195d371f98257d22e44b

                              SHA512

                              26862837ac2675a339f857e1494f96edfbe68af9cb6e12ca5b4b9c9196aa82dfe994553054b9036f0087c4864db8ae5e89e53a5f98376aba4d4e708541754131

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              257KB

                              MD5

                              d3c4137abe1b025c869add870a1d775f

                              SHA1

                              3f4937bc47d729d4267a78bb42b7bac5e7c9b624

                              SHA256

                              24753c8c11596ba0d5eda86bde482203ede39c92385f264a4fabbdfb8d4a3593

                              SHA512

                              2b39170d849d8792ef52a69ba255c830f9b94abfdca940267b260a9d1971847325358bb12b5da40a1cba8fc7e5043dd00b58537bca1cc2a1c2aa5f22dc3a5a5d

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                              Filesize

                              91KB

                              MD5

                              958a7bcdc277204de7b8b1bd0bd3ffc2

                              SHA1

                              e30e883b0293f5093bb2383760f2f35d80db5b2b

                              SHA256

                              0e2175cbdad845d8269f3a39ee7411af7259f8844ae0dab78bf72d2ab93095b8

                              SHA512

                              8c3e70883914a75f265f5cc64f17f97e7606bedbe129b26fe17b2b8745b53fee009fb5878a88ddf7f9b056a87611e2ac108c6138971f0b4d919378a276db175a

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fd8a.TMP

                              Filesize

                              88KB

                              MD5

                              3082adac0af6eff5d76552633049c1e8

                              SHA1

                              fb3518bf2d0e91c8bb838ca4c9ad0b4246bfb840

                              SHA256

                              b7e881171403021c2d6c36dfbfa9b9021f058d5025fabf2fab101b3c57b8f1f7

                              SHA512

                              5e420cb7ce40de78c6d33e0b7eb73151ce5cde7bb63801fed6b6cd80dcc5dd9221a99be2c4a09b493afac595642644e1f80cc7e4f2b23f7b030ca1fe7e004d1b