Resubmissions
10-06-2024 09:03
240610-k1e9bsfe58 4Analysis
-
max time kernel
6s -
max time network
22s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 09:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://Gdevelop-app.com
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
http://Gdevelop-app.com
Resource
android-33-x64-arm64-20240603-en
Behavioral task
behavioral3
Sample
http://Gdevelop-app.com
Resource
macos-20240410-en
Behavioral task
behavioral4
Sample
http://Gdevelop-app.com
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
http://Gdevelop-app.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 2620 chrome.exe 2620 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid process 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe Token: SeShutdownPrivilege 2620 chrome.exe Token: SeCreatePagefilePrivilege 2620 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe 2620 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2620 wrote to memory of 904 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 904 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 3556 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 2568 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 2568 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe PID 2620 wrote to memory of 4252 2620 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Gdevelop-app.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2620 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd94569758,0x7ffd94569768,0x7ffd945697782⤵PID:904
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1888,i,2919718430230462183,15394351397231290461,131072 /prefetch:22⤵PID:3556
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1888,i,2919718430230462183,15394351397231290461,131072 /prefetch:82⤵PID:2568
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1888,i,2919718430230462183,15394351397231290461,131072 /prefetch:82⤵PID:4252
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1888,i,2919718430230462183,15394351397231290461,131072 /prefetch:12⤵PID:2852
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1888,i,2919718430230462183,15394351397231290461,131072 /prefetch:12⤵PID:5340
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3880 --field-trial-handle=1888,i,2919718430230462183,15394351397231290461,131072 /prefetch:12⤵PID:5992
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4972 --field-trial-handle=1888,i,2919718430230462183,15394351397231290461,131072 /prefetch:82⤵PID:2052
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:5568
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x33c 0x38c1⤵PID:4452
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD5044bb0d5d00667065a1a458c2a6a9ce4
SHA136f44aea6e417428da23dfa5c90008a3ac04b4a9
SHA25694cb37f09e2079cfee1d08794092b05595b92ceacb3248096b222aefc8b16625
SHA512fca174be21f689659ffb7a7d15d5fe3d31a2b8c5fc4b6ffae9db9828c7f14e53d8d022fbf9a7f70b7ea9bf42651484cf342a509462e928fb89a3725e48beebab
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
128KB
MD5b1f97d13e701650f56cc855cd87d34af
SHA1789c25d2071bef32a5eefc0737a1b23c0d11a5b3
SHA256370f1615efb7688c8bf212f34ae2baf3ffd33a0e849c8f2bf277216f7fc55bad
SHA512e87e7eb92446a8a84e4339255a55ff2250242721f49ee8554294ffc61fe5976e9c14752f00806bfd0bb13063dea4bd17b03859f054ec4b9032adc1f7f4e8ce8e
-
\??\pipe\crashpad_2620_LNCCLZJMWWHHKMFFMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e