b46ce5e37a3a0de709e057b3f3629182570068340cef8a1c1d2aeaa65dc35174

Resubmissions

08/06/2024, 16:30

240608-tz8nxsdc8v 8

08/06/2024, 16:18

240608-tscmxadb9t 5

08/06/2024, 02:27

240608-cxkqmsff7v 5

Analysis

max time kernel
2s
max time network
142s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08/06/2024, 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DisplyyMapper.exe
Size

13.6MB
MD5

69ecc872198af00462376f967c35dccd
SHA1

fb974099b3e01f541659895fe50221c760a5f381
SHA256

b46ce5e37a3a0de709e057b3f3629182570068340cef8a1c1d2aeaa65dc35174
SHA512

cd874c72f8a414d473a7f51953ad96cf9fff29c9ba46281eb12f1c261af712243695c0b3f2dca1c634984347368f7e0e6cd69ef4686c0432ef9b753547279ba0
SSDEEP

196608:bybt7UZOGLHah64d9cD498zVztRLKSaqmD39fZFS4z+D63tkV46SlmBGcmpr:b2QOoHaht9598zpttm5xA4WUw46SEmR

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe
2968	DisplyyMapper.exe

C:\Users\Admin\AppData\Local\Temp\DisplyyMapper.exe
"C:\Users\Admin\AppData\Local\Temp\DisplyyMapper.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5f39758,0x7fef5f39768,0x7fef5f39778
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1360,i,4869268452040536931,1810633287156496449,131072 /prefetch:2
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1360,i,4869268452040536931,1810633287156496449,131072 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1564 --field-trial-handle=1360,i,4869268452040536931,1810633287156496449,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1560 --field-trial-handle=1360,i,4869268452040536931,1810633287156496449,131072 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1360,i,4869268452040536931,1810633287156496449,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=968 --field-trial-handle=1360,i,4869268452040536931,1810633287156496449,131072 /prefetch:2
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1304 --field-trial-handle=1360,i,4869268452040536931,1810633287156496449,131072 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3496 --field-trial-handle=1360,i,4869268452040536931,1810633287156496449,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3616 --field-trial-handle=1360,i,4869268452040536931,1810633287156496449,131072 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1360,i,4869268452040536931,1810633287156496449,131072 /prefetch:8
  2⤵
  PID:660

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
9984d68892e87de5a1321b74cb163ac5

SHA1
a4d297f114a944199c94da7bf04bdf84bf9c10d6

SHA256
a7b7504779a21667551249042a01fe371adeb072a4bac972172886ba499538ec

SHA512
6fa65d7f2223c03e175612168c2dcec32a58e9e05bf20cae524c3a990b78bce183e33f49e884e6ffc3555430d5af739dd1f6c414aeb1b5390e11becf210b985d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ee4b8fb78a813fac21abd09fc9c45a90

SHA1
7771d27a559709d3b4b26c0b2ad991d0e49b9855

SHA256
1d163f384a96c0d07d5d10fb6c44b02a970e5484410c3fdfe7687b3ece4a73dd

SHA512
1a56df3fca18fcedcf2352121dbb6cdf1aca7ef48fb3371763545b5f0ab28caf9946b0b76cac024d9f063f5836e5cec33fe6d2e3f20a9ce0218a67c0e2ca11eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
23f3f9e8c2c24d140a0df606bf51cdd8

SHA1
056eb9222d481106d7bbef193c6d5900bb6f5c27

SHA256
7487b519c3d7ebcaec444ad40476e52b6792a726492fffeb968a32498b49ab09

SHA512
ab26bfa15e00adb9008f636df09ce948e9c6f1e2375e28ff21ff204ae513a524bd1b2fe22810447972f02d2bd0869d363b136e415aa622c9369c09db5a97f161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
567ed766b1061e1ce285d69ca7d9ffd2

SHA1
8fba843bb357bf2b838973762b80acc44760e1a6

SHA256
302e41b4f2b929fbacbbf407c3e4b0bda375b064ef5658255bb150b0303635dd

SHA512
c9ab71375000518783050103594f54e9eecbd51d5a010ba3ecf801668e97e51a972d69e364d725c287fad411964e95411a3687eb685c084054bfb910463935f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
memory/2968-5-0x00000000771E0000-0x00000000771E2000-memory.dmp

Filesize
8KB

Download
memory/2968-14-0x0000000140000000-0x00000001415D0000-memory.dmp

Filesize
21.8MB

Download
memory/2968-11-0x0000000140000000-0x00000001415D0000-memory.dmp

Filesize
21.8MB

Download
memory/2968-1-0x00000000771E0000-0x00000000771E2000-memory.dmp

Filesize
8KB

Download
memory/2968-3-0x00000000771E0000-0x00000000771E2000-memory.dmp

Filesize
8KB

Download
memory/2968-99-0x000000014000B000-0x000000014082C000-memory.dmp

Filesize
8.1MB

Download
memory/2968-0-0x000000014000B000-0x000000014082C000-memory.dmp

Filesize
8.1MB

Download
memory/2968-6-0x0000000077200000-0x0000000077202000-memory.dmp

Filesize
8KB

Download
memory/2968-8-0x0000000077200000-0x0000000077202000-memory.dmp

Filesize
8KB

Download
memory/2968-10-0x0000000077200000-0x0000000077202000-memory.dmp

Filesize
8KB

Download