Overview
overview
3Static
static
1URLScan
urlscan
http://https:youarea...
windows10-2004-x64
1http://https:youarea...
android-9-x86
1http://https:youarea...
android-10-x64
1http://https:youarea...
android-11-x64
1http://https:youarea...
macos-10.15-amd64
http://https:youarea...
ubuntu-18.04-amd64
3http://https:youarea...
debian-9-armhf
http://https:youarea...
debian-9-mips
http://https:youarea...
debian-9-mipsel
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
08-06-2024 19:23
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://https:youareanidiot.cc
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
http://https:youareanidiot.cc
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral3
Sample
http://https:youareanidiot.cc
Resource
android-x64-20240603-en
Behavioral task
behavioral4
Sample
http://https:youareanidiot.cc
Resource
android-x64-arm64-20240603-en
Behavioral task
behavioral5
Sample
http://https:youareanidiot.cc
Resource
macos-20240410-en
Behavioral task
behavioral6
Sample
http://https:youareanidiot.cc
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral7
Sample
http://https:youareanidiot.cc
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral8
Sample
http://https:youareanidiot.cc
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral9
Sample
http://https:youareanidiot.cc
Resource
debian9-mipsel-20240226-en
General
-
Target
http://https:youareanidiot.cc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623482210477733" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 2708 chrome.exe 2708 chrome.exe 3444 chrome.exe 3444 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid process 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe Token: SeShutdownPrivilege 2708 chrome.exe Token: SeCreatePagefilePrivilege 2708 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe 2708 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2708 wrote to memory of 4976 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4976 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 3748 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 1696 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 1696 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe PID 2708 wrote to memory of 4564 2708 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://https:youareanidiot.cc1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2708 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa68eab58,0x7ffaa68eab68,0x7ffaa68eab782⤵PID:4976
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1936,i,4179906443273086011,433435233121265538,131072 /prefetch:22⤵PID:3748
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1936,i,4179906443273086011,433435233121265538,131072 /prefetch:82⤵PID:1696
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1936,i,4179906443273086011,433435233121265538,131072 /prefetch:82⤵PID:4564
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1936,i,4179906443273086011,433435233121265538,131072 /prefetch:12⤵PID:2600
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1936,i,4179906443273086011,433435233121265538,131072 /prefetch:12⤵PID:5112
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3600 --field-trial-handle=1936,i,4179906443273086011,433435233121265538,131072 /prefetch:12⤵PID:4828
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1936,i,4179906443273086011,433435233121265538,131072 /prefetch:82⤵PID:1004
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1936,i,4179906443273086011,433435233121265538,131072 /prefetch:82⤵PID:368
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1936,i,4179906443273086011,433435233121265538,131072 /prefetch:82⤵PID:2264
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1936,i,4179906443273086011,433435233121265538,131072 /prefetch:82⤵PID:1216
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1936,i,4179906443273086011,433435233121265538,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3444
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:5004
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5b4ac254d6e1483db59037be871823b20
SHA1ef2368b4fa43478e585a1db8742782a1dd8bfaaf
SHA25652300b18507d65148090d1354f2f7dd535decfc4563728bbfe8176c9b1f81d01
SHA5120537cf6a448b420384e8a4203f92f8cc08196d412249236daead8b4372bd56317a57ba5635638dc4ca57b81c19af391485a42f80ef63c002c7e0560615cea02c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
354B
MD5280e6472747069e4dff03e993c60c018
SHA1d2ffd7da8d9f3dccecb8139b5368140833b142ad
SHA256efc2cdc6305d0be261eb034629f9cdf55b8cd43a154b6dd78c6b0be697a0f0b1
SHA51209751fc5f65dee6e8002ae029bb3e04794c0a51e62e0f6ad598dab2b39c47078daacd0215a5518f888126e8566e1bed73b19126bb89086c7fe2bd5b9013c43dd
-
Filesize
7KB
MD5e850f417a5d69b5d4c22244603a22edd
SHA14cadf08853e35d22b91e97f3d4ef9cd33607490d
SHA256c274afa8f02f5976bb1fef80872f3efa2aee769e72c199985006630474d77614
SHA512bba28281b3e65cb26c4f4f2eba0f0d646d989746ecf0ce5c2325f74ac82b7e5805cbc103840058cec76732b03022d457aa7616726c89c7d214baf32662622869
-
Filesize
130KB
MD53d1a60c0eee19d206417014c32f7aaef
SHA18d15bcea990b18c50d11e78a78db62dae8b9463b
SHA256173506cb8c34e36365ff9937153378b33b912d7757e9970fa816bef705587d5f
SHA5124e93c741d860f5f35add6daa9fe0d53a605116c59736bf0d3c7f78dd0eeb8d81740c568d0a5b1a0cafeea3c3d86355b2dd031a17c6a0d10660ec01dc6aab3c87
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e