Analysis

  • max time kernel
    1799s
  • max time network
    1685s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-06-2024 15:56

General

  • Target

    http://discord.com

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://discord.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3580
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5eb1ab58,0x7ffd5eb1ab68,0x7ffd5eb1ab78
      2⤵
        PID:3176
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1940,i,13503428688641993256,761093123188130508,131072 /prefetch:2
        2⤵
          PID:2652
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1940,i,13503428688641993256,761093123188130508,131072 /prefetch:8
          2⤵
            PID:4308
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=1940,i,13503428688641993256,761093123188130508,131072 /prefetch:8
            2⤵
              PID:2016
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1940,i,13503428688641993256,761093123188130508,131072 /prefetch:1
              2⤵
                PID:3208
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1940,i,13503428688641993256,761093123188130508,131072 /prefetch:1
                2⤵
                  PID:864
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4152 --field-trial-handle=1940,i,13503428688641993256,761093123188130508,131072 /prefetch:1
                  2⤵
                    PID:3356
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4032 --field-trial-handle=1940,i,13503428688641993256,761093123188130508,131072 /prefetch:8
                    2⤵
                      PID:3620
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1940,i,13503428688641993256,761093123188130508,131072 /prefetch:8
                      2⤵
                        PID:4488
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1940,i,13503428688641993256,761093123188130508,131072 /prefetch:8
                        2⤵
                          PID:2224
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 --field-trial-handle=1940,i,13503428688641993256,761093123188130508,131072 /prefetch:8
                          2⤵
                            PID:3796
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1940,i,13503428688641993256,761093123188130508,131072 /prefetch:8
                            2⤵
                              PID:768
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1940,i,13503428688641993256,761093123188130508,131072 /prefetch:8
                              2⤵
                                PID:2020
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1940,i,13503428688641993256,761093123188130508,131072 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4928
                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                              1⤵
                                PID:3700
                              • C:\Windows\system32\AUDIODG.EXE
                                C:\Windows\system32\AUDIODG.EXE 0x2ec 0x498
                                1⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2648

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                432B

                                MD5

                                0b9f18359932ac476dfd034a3e833804

                                SHA1

                                2e0bacb17a34d493ebaa81266654e381d00584cf

                                SHA256

                                a725dcd522335d826d8338a3623c2e6dab6563a72e5df3da44661273f72735ae

                                SHA512

                                147e8245c5b73043acc8e762986d7e82a68af616789ddca31d7da4eeffc7fe8e46a56e0a52d6ed8933579def0aa175dead060702673360363e095be0282f3162

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                3KB

                                MD5

                                d473987c9f3e5ae7b89b1de21875c4ee

                                SHA1

                                5b144ae9e897f093654a30286f0b510b88e7a753

                                SHA256

                                db9d1cd3139482d056f4f042c6e1d4191c50f506c66e594530885ad318689980

                                SHA512

                                17d9fc1f003fecb3f71d642fda67b7b697c0e0988c4101b45b3c968059e6ba1cec595ddfb0a730cd4fe9938d2fa7a217b8b8772673cd959853df1a5e4d59b3fe

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                Filesize

                                2B

                                MD5

                                d751713988987e9331980363e24189ce

                                SHA1

                                97d170e1550eee4afc0af065b78cda302a97674c

                                SHA256

                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                SHA512

                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                f70010da8767be40c572e6064949101c

                                SHA1

                                d9528dce20722bc3db96f14b5d5e3464ddb5538d

                                SHA256

                                bc877ec06f1326a072375d09659702fe054eeef5da1da979a7efa7b8a8aec709

                                SHA512

                                71f90aaaa7a0e718c8f69ae43ddd10337b0e21a9e1bbc6e2b8e9760228f30595075c1b435dc9dac5b63f9746de6cf96d8223eca19cb05c65c0df394c64ff4f02

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                7KB

                                MD5

                                5f0849ce21deb866a4af6ee73e119d50

                                SHA1

                                9a5ec2c8b5520c28d5cece263a8f0b2d15b0d2eb

                                SHA256

                                5ae5103c0328e49d603b3e9e7d905ee7e8ef7b07f617dd5ac8244e0071ffef4f

                                SHA512

                                484fe40e43c58fc377dba1a32e36d0bf8aec9e8b9aef4e5eb9598478bb97240071352bf3130ed0a3b5f47b9a9c607ee2a3c4a3f7f0ab899817ab07e04ef966cb

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                257KB

                                MD5

                                4396649dc084423ec7e9561c179c3edc

                                SHA1

                                baa28f6ff46a41884c57655eecaadf2e0f4246a4

                                SHA256

                                0e804a73b95ebfc76088035d282cd6819c12fa2ce62ace3cc4c05d27b8b672cf

                                SHA512

                                7398a59bb14ca58c9b3d1799b85ca38032a10c698f4a5913fe0f35048895818c12c84a71eba1319e778354f075cfa9448a5a27f392da6cc15df8acc3d4ad93c9

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                277KB

                                MD5

                                22802828b8890b4669a2ef6d888262cc

                                SHA1

                                6ff2588b0525c04b8e2c2fd8d0aaed49bdb1555f

                                SHA256

                                861b723d3671ff4d32770c8984a543cd806e86d9e7aeff2e46e383c5d24ede78

                                SHA512

                                161d8a1e8104419394afd0986be0335fa6153c38cd7b2d1695aa7c07d5fe2646fe280b9e4e3b3ced12dfac4399bb95df7c45664b8046b850e16aff00904bf853

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                257KB

                                MD5

                                8c18692f1baa385ecc7ef1470e4eb71d

                                SHA1

                                ddf0d07ef9c82d2f130fcab77e919d4d854dadcd

                                SHA256

                                d72046fda1122bec22a5f1722435ddb818a2e4bd856150e6e6fec10b460e89b9

                                SHA512

                                2516a05899e7e2b72e99d1bd27fd89172065b44a9a2fd3ccf8c79b82cb3b347d66cba4174188e761b0d0ab23da875cfe859433a7d8a49291b96e6da90f2459da

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                257KB

                                MD5

                                e20b36a6c1302a54770f4d3ec0d30d0b

                                SHA1

                                579594e05e160c4c14ba30b427999343ae674eed

                                SHA256

                                34154afa2549b85b784bdf58dec6618767be9e0e4439fa62447a35dceedc99b8

                                SHA512

                                b3bc3c9ac3526e650c67d16ae5dc341c0488c023e8fe8c4cbab0d9c05756513f9b96f6603c34c9c878ccacfafdc64f4dc8b2068a49af2ba74c336d4335d39e0a

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                Filesize

                                94KB

                                MD5

                                d45925c43260fedac7bbf6865d021260

                                SHA1

                                b718caa7bab35e11841af9ea1a535cce869d7c12

                                SHA256

                                c9183701b2d4a74c38c6225631cc0e9d860e8d3a5da58b8f400a8e6bf34d5340

                                SHA512

                                ad559eb943729ee5aa234622d64e6b73e84d722816783acc450b217bfbb45df1b4678ff030f25f05fa6560bbc58aaba2b3e34c33d6ac7a2d568303a9b5f8c5fd

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57dec7.TMP

                                Filesize

                                91KB

                                MD5

                                d296ed60e0a5a4d311a54558f49df32c

                                SHA1

                                c0b8d24f3279be3f5cc43161821da9fe9e239e55

                                SHA256

                                fba027e8c0a9491b78f07d8ecd199472cd94306a7371ded0cfc2e9c4cebacd45

                                SHA512

                                6d8228bf034d567b08bd7069722542517416606040674586cc326299a7fbaa144d478c346c299c0a262357797c56fe8a51b83576672ba6810b7539a0d26f1ae9

                              • \??\pipe\crashpad_3580_VMLTOMFWRIPKUXHA

                                MD5

                                d41d8cd98f00b204e9800998ecf8427e

                                SHA1

                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                SHA256

                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                SHA512

                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e