Resubmissions

06-06-2024 12:59

240606-p8kw1afd78 8

06-06-2024 12:57

240606-p62fzaed6s 8

Analysis

  • max time kernel
    427s
  • max time network
    429s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-06-2024 12:59

General

  • Target

    NLHyrbid.rar

  • Size

    15.4MB

  • MD5

    174d3821d673d3fd0ba0f51b3ba750f5

  • SHA1

    efa93f9daf492722dab96db0e3b13f6e770b762d

  • SHA256

    562a06ab82cdd49a5edb68730c6bf90f76301dbb8f895e6aca99b60a7f6971c0

  • SHA512

    2659113feb6f2959178610b2dfe1a8d3bd2a42819bcaf94b4c13785a37abedddbfd95a6b1a5af6ef9f433fb3f86cabb5367b6f762fe602969a7a89813ef6a7fd

  • SSDEEP

    393216:L+DYLweLOo3ln55Q5bZdO5xQB1se2Er8LevVXkcZ8/lz:KDYLVR725bZc5xQ8e2EggVXmz

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 58 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\NLHyrbid.rar
    1⤵
    • Modifies registry class
    PID:3796
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3716
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1156
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2720
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2464
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb8cdbab58,0x7ffb8cdbab68,0x7ffb8cdbab78
        2⤵
          PID:4200
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:2
          2⤵
            PID:380
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8
            2⤵
              PID:4780
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8
              2⤵
                PID:2596
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:1
                2⤵
                  PID:3788
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:1
                  2⤵
                    PID:3580
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:1
                    2⤵
                      PID:220
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4036 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8
                      2⤵
                        PID:164
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8
                        2⤵
                          PID:3480
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8
                          2⤵
                            PID:1324
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8
                            2⤵
                              PID:2740
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8
                              2⤵
                                PID:2012
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8
                                2⤵
                                  PID:4608
                                • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
                                  2⤵
                                    PID:1672
                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7fa3fae48,0x7ff7fa3fae58,0x7ff7fa3fae68
                                      3⤵
                                        PID:4040
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8
                                      2⤵
                                        PID:3212
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4852 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:1
                                        2⤵
                                          PID:3840
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4212 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:1
                                          2⤵
                                            PID:3488
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8
                                            2⤵
                                              PID:1872
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8
                                              2⤵
                                                PID:3392
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1996,i,8116935270724235585,15840519425925781156,131072 /prefetch:8
                                                2⤵
                                                  PID:3008
                                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                1⤵
                                                  PID:4988

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Program Files\Google\Chrome\Application\SetupMetrics\20240606130718.pma

                                                  Filesize

                                                  488B

                                                  MD5

                                                  6d971ce11af4a6a93a4311841da1a178

                                                  SHA1

                                                  cbfdbc9b184f340cbad764abc4d8a31b9c250176

                                                  SHA256

                                                  338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

                                                  SHA512

                                                  c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                  Filesize

                                                  384B

                                                  MD5

                                                  40b8343817da1f47e7ffc82a535e58fe

                                                  SHA1

                                                  4a19ab53fef4472f326e9e698045848aba1f0dfd

                                                  SHA256

                                                  4e682e938a5dcd32fb508952e964bce64a0f218d4abfc8e0dd46d3c25f19e5e7

                                                  SHA512

                                                  28efb4d384c11212911cd129068d84269ab96609e3c6bf9e34833f042a3d7bc8ca2e241548820d5c9cf3cd996b97f24ddfc4374b15969837050429c371475cc6

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                  Filesize

                                                  2B

                                                  MD5

                                                  d751713988987e9331980363e24189ce

                                                  SHA1

                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                  SHA256

                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                  SHA512

                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  523B

                                                  MD5

                                                  edc23a14384746be910ee24ceacb4b39

                                                  SHA1

                                                  8b4f68a60c50244195d303e953405bf8f6852dbb

                                                  SHA256

                                                  50568c819b67a20a6cf26101384e17a764e5c1bacdaf41a3f3acad211eab85b1

                                                  SHA512

                                                  a1a6b9994ae2584012b2d64d8ad4e3318fd10eb8fee971409214b950b33bad36baf612dc3502da72bcbb2b461ae0d894b376cc39dd21c73166f9651114a6abcf

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                  Filesize

                                                  690B

                                                  MD5

                                                  cac3cb58d03b09881b96395b3b44777d

                                                  SHA1

                                                  5651e225d82c1a8b46a2fd949b6df145cbc83bb9

                                                  SHA256

                                                  fea1e3be0e46775f5446ae270aae24a2a5766320835487d7d8b08897e67bd5dc

                                                  SHA512

                                                  556f4e2b8c4de4fbba14c2cf1de0e78bf1cfda8fa21f09cf10ba388f92bfab956abb3c8b89eb12a2ef47339b6296a6aabe81a9b0ff8bf78be4ed12cbe775143d

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  8KB

                                                  MD5

                                                  95aed40d71e26e85a44fe0165058f64d

                                                  SHA1

                                                  ef6c0cefecc95ca342f1e9329840562cefd3fbcb

                                                  SHA256

                                                  7a92a2dbc2ee8aad88af4eed00d4529ed8ae15611a8a46838e1a0775064baa79

                                                  SHA512

                                                  3b91e27ed38c18c1b13d88313f3078c2f86a9260957a0237a1b7256cf69da63d754c54a140a59d0397250bbb9641193d41ea81a48c0acc4ae09de03f937f3a61

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  7KB

                                                  MD5

                                                  9efce971e26d5465a6b7a31f5b0350c0

                                                  SHA1

                                                  0e0390339328fe009e512d4d53c6688495cf2436

                                                  SHA256

                                                  4ccab444692e3556c7cda3cb1862680f3705ad0af9781023c6dff0dd372f60aa

                                                  SHA512

                                                  cb6a5b31a5015ab216030b46f64463787f51a6fc348dda3a016b7aa88f2cda0b816aa0a401a717cc451dbed0cafae3c9a54a90bc033a9664d504a7ae1e60fbbb

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  7KB

                                                  MD5

                                                  51926fdfa40a9f9aac500e8743b41dd1

                                                  SHA1

                                                  1b57653d278b7c3e6f03fee8083e8ecad09963e1

                                                  SHA256

                                                  d8ab9138d4789bcc9b4ba79419f9c4e042f778ed7c72b90b72b16cef22c2b7f4

                                                  SHA512

                                                  50d8eebda7a89db723c57583d7ac0062177f3e65f809e6bc2ce1183741460bfd787bd24165d8cfec3c4af027a3249355aab5956534a0402c4041265e96c85931

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                  Filesize

                                                  16KB

                                                  MD5

                                                  9e18b67027592277e475269f1db03de2

                                                  SHA1

                                                  cd6d721a505f652a21b1e3bbf752e7800c68459f

                                                  SHA256

                                                  a9504af39f43a2cadb7201d365f5e8ac5ed4522959e4e110b536b8a97cc60872

                                                  SHA512

                                                  5e2bc287929223c597564d425fff4b4d68daa6e9a4779aec2ce60621d8ecb8614be1af885f7f1d468bd2de7c64e2d32d4c3de7669180a9567685eff4cf74b53b

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                  Filesize

                                                  257KB

                                                  MD5

                                                  89556df70ee47f82aba38d3ec2636406

                                                  SHA1

                                                  f5e9b12f3c9b887ea606b6185ed5ad8670db3518

                                                  SHA256

                                                  4a3311a5f08794017c3b06ea5cadba0c20c5de7e14cd417069b4ceeca06d223c

                                                  SHA512

                                                  4b14fd27df8b88d6dff3efb8386d280501397cc27c63d8808064ee111f6dec4b2f780e1cfa2e436d245eff5bdbdae1d16825cc70dd1b7eee24faed894d5139db

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                  Filesize

                                                  264KB

                                                  MD5

                                                  ebef730ed019e0377f2e8c8415be6e3a

                                                  SHA1

                                                  644be35dfaa1840ebd4fa3ec3f305ad6cce28a39

                                                  SHA256

                                                  492b869ebfb0a5836256320c0d9fd0a9fdcb0cf5cc910901ebd8c3703c200a73

                                                  SHA512

                                                  a39d17faa8b7f0863815b695f77ff09b06a45eca88d2c5527423773ed8a0bc2d7f38b2d823d2a818dd75e61d25e3ec8a2333b57e48edd8459bc78e58d8c57c6f

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                  Filesize

                                                  91KB

                                                  MD5

                                                  2b464769f532f50a7748378a8e6371ed

                                                  SHA1

                                                  09118343452bba2fccbbe88cf4ddaeaebc5de103

                                                  SHA256

                                                  7d73fa3bb7800636b99c35150e819d6c6ff3542e136b759ccb2c32b77b316313

                                                  SHA512

                                                  8e58eca2ed222e6ec2590cf4211d8e83e42f1547ab3992c6c095908d8bf2e98d5e4d5f4639ce920cc30fd6a780fc809b24b566ea1d94a4b8c4f2776512ea7a19

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d7283.TMP

                                                  Filesize

                                                  88KB

                                                  MD5

                                                  c06f13eba8de4d024f8b6f7b389c65a5

                                                  SHA1

                                                  dc772c9383ac82a9ce015ea64517aec2683e7ce4

                                                  SHA256

                                                  7f029246349e3dc251b795ef4961a5bf3cab5d73ea1539958dce68db01b632b1

                                                  SHA512

                                                  f4fe6265a9b7b49ebc46f59b84a370cc7da28675f903154a739b06cc7570cb404443044a6500884ce317492ff184269f5756b21ea5136c46e0d1033c60fa6ee4

                                                • \??\pipe\crashpad_2464_DCBOKIIEIFBGQEGS

                                                  MD5

                                                  d41d8cd98f00b204e9800998ecf8427e

                                                  SHA1

                                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                  SHA256

                                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                  SHA512

                                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e