Overview

overview

10

Static

static

10

x360ce.exe

windows10-2004-x64

4

Resubmissions

14-08-2024 12:46

240814-pzt4baxerj 10

14-08-2024 12:46

240814-pzp5csxeqn 10

07-06-2024 13:20

240607-qld1lsgf8w 10

Analysis

  • max time kernel
    1049s
  • max time network
    1026s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-06-2024 13:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x360ce.exe

  • Size

    14.7MB

  • MD5

    be80f3348b240bcee1aa96d33fe0e768

  • SHA1

    40ea5de9a7a15f6e0d891cd1ba4bca8519bb85ed

  • SHA256

    74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829

  • SHA512

    dfb3b191152981f21180e93597c7b1891da6f10b811db2c8db9f45bbecc9feb54bc032bdd648c7ad1134e9b09e5e2b9705d5e21294e1ae328a4390350745536a

  • SSDEEP

    196608:n+/7/fO/vBSVnf+viDyJBwhsCArf+viDyJBQhsCAaIF/f+viDyJBaF9hsCA6EJ0k:nX/vu0Bwhs8vu0BQhsvFOvu0BaF9hsR

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 6 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 28 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 29 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\x360ce.exe
    "C:\Users\Admin\AppData\Local\Temp\x360ce.exe"
    1⤵
    • Drops file in Windows directory
    • Loads dropped DLL
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1816
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:968
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4172 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:1524
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2348
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbef0f9758,0x7ffbef0f9768,0x7ffbef0f9778
          2⤵
            PID:4456
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:2
            2⤵
              PID:2092
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:8
              2⤵
                PID:4192
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:8
                2⤵
                  PID:2804
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:1
                  2⤵
                    PID:4092
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:1
                    2⤵
                      PID:3548
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4644 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:1
                      2⤵
                        PID:5224
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:8
                        2⤵
                          PID:5316
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:8
                          2⤵
                            PID:5324
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:8
                            2⤵
                              PID:5560
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:8
                              2⤵
                                PID:5652
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 --field-trial-handle=1892,i,16485012597498471492,9596210554790679387,131072 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5360
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                              1⤵
                                PID:1592
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4152 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
                                1⤵
                                  PID:840

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\ProgramData\X360CE\Temp\ViGEmClient.dll.84A31178\ViGEmClient.dll
                                  Filesize

                                  29KB

                                  MD5

                                  a8781afcba77ccb180939fdbd5767168

                                  SHA1

                                  3cb4fe39072f12309910dbe91ce44d16163d64d5

                                  SHA256

                                  02b50cbe797600959f43148991924d93407f04776e879bce7b979f30dd536ba9

                                  SHA512

                                  8184e22bb4adfcb40d0e0108d2b97c834cba8ab1e60fee5fd23332348298a0b971bd1d15991d8d02a1bc1cc504b2d34729ed1b8fea2c6adb57e36c33ac9559e9

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\77045eed-a329-43de-a1fe-6e13a8739b5c.tmp
                                  Filesize

                                  365B

                                  MD5

                                  2c357a842e4dd450155b4d45c1617589

                                  SHA1

                                  a692e6d9c0e461e946c9bef386285578c36eb335

                                  SHA256

                                  cc6b87d6ea4f8216a3e8dca5dc115e48f9c53a76a0cb8a03d0b26d0388b0812b

                                  SHA512

                                  fbf60fc784f6505ffa01142a54f2dfd10a3b98a60b3dc14a0a4f16f90c35eff21fad95e60109fa5687182cfa06baec5fa04c4664c682acbd75296947b3572f9f

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                  Filesize

                                  1KB

                                  MD5

                                  09c398c963d23bc3afdd05b2a0d9972c

                                  SHA1

                                  c2de338951152d83779a645656e5ad5a825bba69

                                  SHA256

                                  0dd8eeee49b72b5e4a0657562e6f1c4889bc0ee5ae6929f35815f2d363e87dc7

                                  SHA512

                                  cd12e058faf6c7c5cc764a9b8f178a9221281950ac44ea229c435f078ea55eefbb62b5108279d6562f0f703313ac4337cc71914c624672aafb5b6908a2cb3dac

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  b3daa70cf0f7dbcf30cbdfb8c3300a21

                                  SHA1

                                  deed90c86c6d362d4e7fb865c3d3c9589348ea95

                                  SHA256

                                  77e0eeef078f340ffc671f4e3ea6c79081007169d21ce4d1b0f2ce8c981b3ffd

                                  SHA512

                                  308c19ca10de21d3adc0d4f10362a93bc099f73f7f2f648c2bc1da7a824c109d4255c7289f8f1cfc010295c8303b32b26edce530e7aa0bb936fe2036cf1552da

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  673407015b671bd7834cf5fd22a354c7

                                  SHA1

                                  bfe5bfe2bfc546606f61071384db9d4439b54080

                                  SHA256

                                  8e276302306cdd2369974d3e4d4ebb4a47d9a50f0cc30afc66fc298e32c0fe68

                                  SHA512

                                  7596c63a2817114c2e15f61be3aa4c603c080152758ebff16385b0a34e3d1f33a7e102baf2d6e8892b37f50a5acdc991720d7976bdbe0bb85f3c0af490e56422

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  37d52df86834d9f70da0ce4cdcdf6277

                                  SHA1

                                  d9249edab62852b5de242c67b0b5a545e7071e52

                                  SHA256

                                  7a9170cdfef41153c2c7c27d1e8346da1ce7b11f1842b3fc929268788a6bdc40

                                  SHA512

                                  86c66e51d9713f5fa8f7b5555c29068c493d0fa914a887c63170bfb8aecf87e85982fd72c1c5de475058ff3112f1dc7a499930facbb3266e7ab1598edfc3a62f

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                  Filesize

                                  273KB

                                  MD5

                                  f9ba208037e44aa873b60d572127b6a7

                                  SHA1

                                  8f07502468b491ab7ec22c25b83f6c1339099746

                                  SHA256

                                  da7930e6c5ad865eeeadb08fd53814448aa558bb31c0d53491f9f4f53429cbcb

                                  SHA512

                                  ef6fd6e6c52f0d9d86e71d9525aaf3a09105fb3a5e7423697d3760cbc3d6681eb7a02a2b55026aeee8634bf4924e645ebcfb30bebc5234dedb348276b29f50cb

                                  Download Submit
                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                  Filesize

                                  2B

                                  MD5

                                  99914b932bd37a50b983c5e7c90ae93b

                                  SHA1

                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                  SHA256

                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                  SHA512

                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                  Download Submit
                                • \??\pipe\crashpad_2348_PBJIRCXFDONPUCIX
                                  MD5

                                  d41d8cd98f00b204e9800998ecf8427e

                                  SHA1

                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                  SHA256

                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                  SHA512

                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                  Download Submit
                                • memory/1816-27-0x000002184E8C0000-0x000002184E8C8000-memory.dmp
                                  Filesize

                                  32KB

                                  Download
                                • memory/1816-58-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp
                                  Filesize

                                  10.8MB

                                  Download
                                • memory/1816-24-0x000002184E7D0000-0x000002184E81A000-memory.dmp
                                  Filesize

                                  296KB

                                  Download
                                • memory/1816-25-0x000002184E850000-0x000002184E872000-memory.dmp
                                  Filesize

                                  136KB

                                  Download
                                • memory/1816-26-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp
                                  Filesize

                                  10.8MB

                                  Download
                                • memory/1816-0-0x00007FFBEE9A3000-0x00007FFBEE9A5000-memory.dmp
                                  Filesize

                                  8KB

                                  Download
                                • memory/1816-28-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp
                                  Filesize

                                  10.8MB

                                  Download
                                • memory/1816-22-0x0000021850490000-0x00000218504AC000-memory.dmp
                                  Filesize

                                  112KB

                                  Download
                                • memory/1816-42-0x00007FFBEE9A3000-0x00007FFBEE9A5000-memory.dmp
                                  Filesize

                                  8KB

                                  Download
                                • memory/1816-43-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp
                                  Filesize

                                  10.8MB

                                  Download
                                • memory/1816-44-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp
                                  Filesize

                                  10.8MB

                                  Download
                                • memory/1816-23-0x0000021850450000-0x000002185047C000-memory.dmp
                                  Filesize

                                  176KB

                                  Download
                                • memory/1816-59-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp
                                  Filesize

                                  10.8MB

                                  Download
                                • memory/1816-12-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp
                                  Filesize

                                  10.8MB

                                  Download
                                • memory/1816-9-0x0000021850650000-0x0000021850670000-memory.dmp
                                  Filesize

                                  128KB

                                  Download
                                • memory/1816-8-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp
                                  Filesize

                                  10.8MB

                                  Download
                                • memory/1816-6-0x000002184EC40000-0x000002184EC8A000-memory.dmp
                                  Filesize

                                  296KB

                                  Download
                                • memory/1816-4-0x000002184DDF0000-0x000002184E1CA000-memory.dmp
                                  Filesize

                                  3.9MB

                                  Download
                                • memory/1816-3-0x00007FFBEE9A0000-0x00007FFBEF461000-memory.dmp
                                  Filesize

                                  10.8MB

                                  Download
                                • memory/1816-2-0x000002184D740000-0x000002184D8D2000-memory.dmp
                                  Filesize

                                  1.6MB

                                  Download
                                • memory/1816-1-0x00000218322C0000-0x0000021833182000-memory.dmp
                                  Filesize

                                  14.8MB

                                  Download