Analysis

  • max time kernel
    149s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-06-2024 10:19

General

  • Target

    http://glgflrm.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://glgflrm.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff952ab58,0x7ffff952ab68,0x7ffff952ab78
      2⤵
        PID:4864
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:2
        2⤵
          PID:2092
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:8
          2⤵
            PID:4540
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1864 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:8
            2⤵
              PID:2960
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:1
              2⤵
                PID:3648
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:1
                2⤵
                  PID:3288
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:1
                  2⤵
                    PID:4476
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3284 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:1
                    2⤵
                      PID:4288
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:8
                      2⤵
                        PID:2952
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:8
                        2⤵
                          PID:3144
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3900 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:1
                          2⤵
                            PID:5036
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:8
                            2⤵
                              PID:952
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:8
                              2⤵
                                PID:368
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3268 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:8
                                2⤵
                                  PID:612
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1564 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:1
                                  2⤵
                                    PID:2952
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3236 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:1
                                    2⤵
                                      PID:404
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3296 --field-trial-handle=1932,i,14951833251120076303,4496885367358834100,131072 /prefetch:2
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:952
                                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                    1⤵
                                      PID:2524

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      1KB

                                      MD5

                                      d68f99a967079be55c9fe57c942e9fb4

                                      SHA1

                                      56927fc77b0176ac84bb4366cac04591341952d5

                                      SHA256

                                      3b083758d33fd951b62d88fe937303176bd644da91a2bf4bf799e2f281da9275

                                      SHA512

                                      77bf9b191a444a1d97814e558b34a11f1932266be71453aa9cf21083f50f6792a297d1a13d01e31e2247c6ccdb0253442eb7b496a875b55842870e306ce12d89

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      2fadf4ec58263b6e422c2415ba709bcf

                                      SHA1

                                      186ceaed1c32a4c0dbec924abb9a834bb872d717

                                      SHA256

                                      7b710d8c9732489fa7c4fe4ed5b8f4a5a955d5ace716ab9489dbf7a7f5004e5d

                                      SHA512

                                      93abb75ef1f3fbbba7f66db128b49e81756df8283a1e2593c6b4894ecfe40c8d93c1115fea1d9458aebb236ae0fe1a0436113f15429934e1f0c1e583294e416e

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      257KB

                                      MD5

                                      7a2bd108d7778de3a83d965ec5f220a0

                                      SHA1

                                      a86973391d32894e81d6c31adb06f7667c7ae2b9

                                      SHA256

                                      c4b9306697958d6e8f5c86783f8d7f9ef82934f99aa840f43715a0c60ba5a731

                                      SHA512

                                      2f6b4ebd99fc5aa573fa969d350412e4bd4e4b14493d0030a080587ec1a6bbd9976e1017d238b12acb53ce5be02f10cf78fa0a45ac6ecf19523444b0f97a4d6a

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      279KB

                                      MD5

                                      6b5be6316094e93267841b39892b93f7

                                      SHA1

                                      ba7868bda4e491770c0b62b95c246c6b0168a363

                                      SHA256

                                      a49e6ad31e60e34c7caa45c4dd9916715638604541a38961b638f84d27414d15

                                      SHA512

                                      89ccf1c3dcf8e13d517fe96841f68d7ece77349bba6a237dd6c9bc9635f458a3a1d5af66c7a04a75cf099fe76a222763d5472f0ac71cf8ccb88965ce43bedb38

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      257KB

                                      MD5

                                      65d57e09bfaf6b5b8bff691f638065a1

                                      SHA1

                                      3551abac74988c1927d3a63b841d611d5f1d9837

                                      SHA256

                                      f0c525091f5a76f54fae9e432ef844844b4a62565ef5c5c0f2e34f9c13607892

                                      SHA512

                                      fc338d736361eec8f12502db2e033589ac98989997b98e42ca7b933d4e73aebda653d6d2c682b6115a2813c72bce42dd9b5393cdcffbd609733b087c9a674974

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                      Filesize

                                      91KB

                                      MD5

                                      1dfefa823204e3c57d111345c5ca099b

                                      SHA1

                                      4524abea2cb04bb6f45ee6a6b547e515f4c47b7a

                                      SHA256

                                      ba3b6d7b4206a32bd823576cf4b3d6fab65919830019e052a91078d6fafda2a1

                                      SHA512

                                      330b6cfbed773b2d659671fd2d250177b1adfcc27c13a93517536deb5fbf944af524a4b932ee66482c07018b9abe8f77311cf03b3df9157b1d1cd28104d4a50b

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e687.TMP

                                      Filesize

                                      88KB

                                      MD5

                                      c59c92da189709f1af1e23c471909c7f

                                      SHA1

                                      039f519ac11e19ee30c50c588e157b91a2bd040b

                                      SHA256

                                      4a01a15575386db53d5d7f359d4871fe6770b3adb39beec03171d43e3b04c2a8

                                      SHA512

                                      a90a60ea8de5b4258db3aa583c3ab051d08dfd025ccf299a2dcf0fef4ad459ddc94892df281cb0df3cd3ca85cc338dd6bd1e73bd3d42a2c16a11d6e71f64bd80

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c8535f5c-901d-4a71-af4a-09d993e9837a.tmp

                                      Filesize

                                      257KB

                                      MD5

                                      e675d124424b75205ab12368480fc317

                                      SHA1

                                      451ef94ed9f9f0978bca995da7f72a2443a4ae05

                                      SHA256

                                      16b5c6615867d657748ea05f06d6fe8e53d1d06d829bdc59f2f2bff3de3a4b70

                                      SHA512

                                      d349f9637eb0d022d644657cd283e1eda2bf262cb6d0a36cc038ef912ea342b57dd1a8a1651ab8ef754f73d16c8f9d55442922403dcd9b28802506b7df293aaf

                                    • \??\pipe\crashpad_1088_NDIPGSLNLSTJKHVZ

                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e