Analysis

  • max time kernel
    123s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/06/2024, 16:59

General

  • Target

    $PLUGINSDIR/app/cmp.html

  • Size

    5KB

  • MD5

    d7b8b31b190e552677589cfd4cbb5d8e

  • SHA1

    09ffb3c63991d5c932c819393de489268bd3ab88

  • SHA256

    6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f

  • SHA512

    32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310

  • SSDEEP

    48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP8AscaV4LiMt7ByBZXGz+p:4VLjHa2NGiivmmpWsBVutFwAk5vSG

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1124
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcaaecab58,0x7ffcaaecab68,0x7ffcaaecab78
      2⤵
        PID:740
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:2
        2⤵
          PID:5048
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:8
          2⤵
            PID:3608
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:8
            2⤵
              PID:228
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:1
              2⤵
                PID:448
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:1
                2⤵
                  PID:2116
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:8
                  2⤵
                    PID:4616
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:8
                    2⤵
                      PID:2856
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:8
                      2⤵
                        PID:3100
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:8
                        2⤵
                          PID:3032
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:8
                          2⤵
                            PID:2772
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4712 --field-trial-handle=1928,i,15424900266118247799,3783619391359539932,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1828
                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                          1⤵
                            PID:4044

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  e6c897330a5391f4d2c62f8f3f4935b0

                                  SHA1

                                  654151f945a42bb9a51abfb3008d204e54c83ffa

                                  SHA256

                                  8935a2d0f4bc685c98b5aa536c4d9dd9a5994fd075fef060845d2b03b98d744d

                                  SHA512

                                  b03e0c0aca150eb32c29f82ce0792a4a5089be9fafb62dff02b97161ea393b5330fc42b5541609a4100b00966a14b8c5e2d780e7d3811844afd2aa41272576ab

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  1KB

                                  MD5

                                  3e00fd2799a44b0f751f478f9e4a1113

                                  SHA1

                                  cc97492f805410501468fec31079b51e1c1d2706

                                  SHA256

                                  375a6980e881963bc4d0a379cc576091eddbbf4641abea6005a72bd7140ea0dd

                                  SHA512

                                  704460a7b2da97932700bf5218e9e5d1a2ad495738ecf136a4b736bf8725d07a6841c2e80fc4517b6b07d2fa2c2c78d778fab101dc842082c06d94cba0cd67b6

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                  Filesize

                                  2B

                                  MD5

                                  d751713988987e9331980363e24189ce

                                  SHA1

                                  97d170e1550eee4afc0af065b78cda302a97674c

                                  SHA256

                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                  SHA512

                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  524B

                                  MD5

                                  43670f38bba430eba8761b2128376e89

                                  SHA1

                                  d153e8927cfc4dd4ca668a0a52a4a92d15277cd6

                                  SHA256

                                  156cfb44f473af08157cbbfbf4d1200ef9677c206de5cc977a9fea955766415d

                                  SHA512

                                  3dc577cf003d4ba45de83df5524eb18016de6b40d06081aa03e2ed59283012d8d6baadc4cce3895ab4ecff9237aed968dc9b487ff6cc94cbc2709421c025c103

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  ecd9dde6d1fe9f20f6c18e8e2c23c788

                                  SHA1

                                  e9ef0a3822aec30942ab07e2df049d18c6b6d281

                                  SHA256

                                  fa8942215685ee613d7ec242860635dd8193f39590abaf0fb410450e960363e6

                                  SHA512

                                  b7955845c92073710307949b93ab258b6624abb71b647e3222665a6899cc6adb614178979e2563c60338a7e810301ad8e6f6dec52df2fc91878b4be967b4a063

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  131KB

                                  MD5

                                  ab00e9e0d2af71b4b3c43009e39fd375

                                  SHA1

                                  644289ff9b7eefb15783655188ed9d30d488cb03

                                  SHA256

                                  5cfcd657bd35b4339ca0bf0098564c748e9f13343d1ba3dc366903319073d7fc

                                  SHA512

                                  480efdc5b30127a5479a027ce30447fea67b76e5883e3a8d2bd0dff0b547ac8ec29617dfaa4c0e2fafc7f4cfb8eb641f4bf2286ab7b599d69a90738ac0d69082

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  131KB

                                  MD5

                                  e69627921fc3bf07f0bffe93924674bc

                                  SHA1

                                  566f6b4dc72c2d641b5ce9a5bf59c63c30f05e94

                                  SHA256

                                  f061f033a1e3214e08b97604dc355941b5777964d164f4f6ae69bdb3f6fd8c48

                                  SHA512

                                  c20b60739da157848540fed6949c34838c0a30f3dba1becd786452536fac2c8747ed5c434fd2773acadd22072502195fa8326272413e8e155bed077dda2c2db2

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  132KB

                                  MD5

                                  6dc3aa706c2ea3bd616f105ddee40c11

                                  SHA1

                                  9d15c0c740ac85b469d956d066b4ad82be431e30

                                  SHA256

                                  c2db49f8dfb757ba8a368070d33272fcb5ccb0d5cf0fdc19e3e5581753d9a27e

                                  SHA512

                                  a7778ca9e087dcb68bfc926a007f0c9d8658667bf768e00c27b071ce1af0e1397888927b7db5b4115a87f33401160e6c47e678b2dfd682d33df52736715f10cf

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  156KB

                                  MD5

                                  66f99be60515f62f309fd6422f062461

                                  SHA1

                                  b898b6b0a9a388666062f0f1c3002bbbd1c1361d

                                  SHA256

                                  397aca146e9d8619322e74e12f867c338306e6870cac98d7bbad20410d31839f

                                  SHA512

                                  a9646ea65d19561004b33665afbed7f03bd3c01f9bd18b6e8e4d98e9d9c7adcf7db9e0dc4426f325ebdb516ba22c23422efa6fc17433f472e0782ff1c5eab0cf

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                  Filesize

                                  91KB

                                  MD5

                                  6703ecb12afb75851ff5bf7867b149ab

                                  SHA1

                                  8b6f9a9912554b14369b0e601cefb129c258e12f

                                  SHA256

                                  c708ec75be995e28e4e67107a5a4929cb61189392c6b0f5dc24fba6d73851eff

                                  SHA512

                                  85ac37eb6962b705940881f1a6743d3f32d47fc402c461037a7346f74fb1409364dfe6c27dc4e62648c9884da43dc3756b098c62ccd42f35df3dff4a2ed70f20

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d060.TMP

                                  Filesize

                                  88KB

                                  MD5

                                  37cd7692209b36353bf280ca2cb2b592

                                  SHA1

                                  b6bf56a52349990aba497b61f72c2813025edfd2

                                  SHA256

                                  d9e69fc69b934a8e9e9fe16b7dc1acf6869ae06c1bd829421c7e87256e429ecb

                                  SHA512

                                  8cd67899995174852f6346e9d89017c86f08aca5918e6501c838f15b55428546a8e3f94329038316aa79ff998a644ef2b095d4547e3f272105733a3ca465d7ad