Analysis

  • max time kernel
    1799s
  • max time network
    1685s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 14:41

General

  • Target

    download-page-for-spotify-premium-mod-for-pc.html

  • Size

    87KB

  • MD5

    b3cb5748500413c4238d8731c22cda20

  • SHA1

    27f5b18773cb9658e2753f203d0d0d4752d46a00

  • SHA256

    48263729135489ce33976907d5aae647d902df2d9c18a49ebc75f0254a876f58

  • SHA512

    322d48e882b2a7e2db16313b4a8dc78360f4aec50f5bc3bcf5115dec8444788d14147cd542402e3b5db4c30530b5331840a41e683fd4df242aa954bac58a3de3

  • SSDEEP

    1536:pRMMUE2C78Tel2ap7OoI86j3S8RZjfkDEa0O3HvtzicE1mh2Wc:YTelJO/XjfkDEa0MHxhw

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 46 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\download-page-for-spotify-premium-mod-for-pc.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ee9758,0x7fef6ee9768,0x7fef6ee9778
      2⤵
        PID:1716
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:2
        2⤵
          PID:2956
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
          2⤵
            PID:2808
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
            2⤵
              PID:788
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
              2⤵
                PID:2620
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
                2⤵
                  PID:2644
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1552 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:2
                  2⤵
                    PID:1644
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
                    2⤵
                      PID:2424
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3484 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
                      2⤵
                        PID:2356
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3804 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
                        2⤵
                          PID:1140
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3784 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
                          2⤵
                            PID:2168
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3508 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
                            2⤵
                              PID:352
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
                              2⤵
                                PID:2796
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3768 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
                                2⤵
                                  PID:2936
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4212 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
                                  2⤵
                                    PID:2940
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3692 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:1
                                    2⤵
                                      PID:2160
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=904 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
                                      2⤵
                                        PID:1772
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3564 --field-trial-handle=1228,i,56755231381378893,7419577004886896564,131072 /prefetch:8
                                        2⤵
                                          PID:996
                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                        1⤵
                                          PID:2868

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          c1e0fc426d499a64733c898934e516ac

                                          SHA1

                                          0177ca4429e648a3b5611c5232b42d3451d452c9

                                          SHA256

                                          9cc88e298e90b89a9e4411c0dd90a0d1c01b88c8a72157528a48aa23002f1f65

                                          SHA512

                                          8142a514a909fa807ee008328dd251e00bd32bc0a546dc51ed26cb0e386ca0b5872e5bfa9136f4cbbb94fe1d2717a54fbd051dd926f223e7ecb13c533c46527c

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                          Filesize

                                          342B

                                          MD5

                                          e5c2227b898ba5efb90d0effc75901fc

                                          SHA1

                                          7cd4db2464e1609e9ffa1903f68b6c3582db665b

                                          SHA256

                                          369b06e18375eb44e2fe19108cbff18c7eb80ba32ff8ecc039af97c6ffef0b18

                                          SHA512

                                          9ee25c0cb1bfdcd93fb4e950b3db4a154d0e610c0931b59edd261771ebe11a315cd471e460561c8361082888b2a7cde76f067bafeabed0eed4935258f310ccc0

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\83ee090f-7e2e-4f42-a199-1f4a761ac18e.tmp

                                          Filesize

                                          5KB

                                          MD5

                                          60113a94c68857bc4ecac5d484c4cd02

                                          SHA1

                                          e0bd6457ed62dcef4e916c57203483678516dcad

                                          SHA256

                                          8bbc370b9dc188c9c0e350e3da057f56fcda9d738c3a521f601b034facc02a38

                                          SHA512

                                          c932b91acea49df6daa3431b10b8a35b176b70e2281df800ad17944bc5c5a3e644cb5c7ef9893abdae187211e8d3b91651a227460b1078adcd10d22a84950de2

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

                                          Filesize

                                          978KB

                                          MD5

                                          0488e42e4d9207a1021437a335350467

                                          SHA1

                                          99c2423b06c46abb3ee7fe1f310e49c956a51759

                                          SHA256

                                          1a1139c9b2853517676ccaf4881a9d83577d1f8322ffd886c93a8a955efd380b

                                          SHA512

                                          b03a9662a3c9edd2b5ac10fb56c4e5e26edc818f26070e33976c12eb72f4d6ee93e6f87e9f5c6447a1141e3fc72244634260c260aef250a06e1442d6bb7df5b3

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

                                          Filesize

                                          16B

                                          MD5

                                          aefd77f47fb84fae5ea194496b44c67a

                                          SHA1

                                          dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                          SHA256

                                          4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                          SHA512

                                          b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          2KB

                                          MD5

                                          444398b2ca8e64d20efd5197e799b238

                                          SHA1

                                          e4c6cb0acb42f35e4bc80763592e4e590a5f2cf9

                                          SHA256

                                          75d0252b0e1b18614297fbc7cdac45d074d51d742ebc7273866510dc0d0bd97c

                                          SHA512

                                          7e45f1550b217e608ee2b5b82616dc8ef24158bbfa15d5f17bfe2a4645d0b695e641696ef8943d3d7f55fbc9628cb925dc9a56b9c6af46615195b1ee01e2ca68

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          2KB

                                          MD5

                                          19956a7aeb6f98342f5e5a85b89ffbb6

                                          SHA1

                                          72d86b298e8938755041ce946c35a7fc8c5d59aa

                                          SHA256

                                          00f849a6edb2d0d006f366d6abecdcaf454497b06763ca4b72d8a195265e8fb3

                                          SHA512

                                          8ab574532428fcb81a6c697b7e4bb76dde192bda234ae62e52236e595f739f443562f2f764a5d6902b96ad466a9d0a5ea8d9c10c555939c1b3825bf87fd5bf07

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          2KB

                                          MD5

                                          04ef4248f2489f59d9cf674e925232e3

                                          SHA1

                                          26edd54c71841c845d77e9738a85a938a1231a8e

                                          SHA256

                                          41d53ac5a17ad29c993db515f06ce0af5027280fde4182f2778301c1fdc385e6

                                          SHA512

                                          0a0f5484d8ecf02251b291341cb0099fb3626cf569debb0cb886c08f8abbaba6070565d3f99eaf61544f67dbd0b541e0ab083312092664202d641b4622d10ce9

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          5KB

                                          MD5

                                          e0212ce961aa846eedc57fd0c6e4c8cd

                                          SHA1

                                          a75ccf22199bb63cc27fa04684b34bb7b70284e7

                                          SHA256

                                          939bda9d34600a5b9b580eeaf0ff0adccd724b104cfa361702cfec5ce7c59029

                                          SHA512

                                          301d555d039d5783347cb1dd66654bcb75dbc9fdab4e6a9f1410191c3e5511732c837c6a1d31611caa3832dbdb616f95e3125ed4c37d87937b98385d3a9f2f85

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          5KB

                                          MD5

                                          b464f12086ab04ecff789d0158ab7063

                                          SHA1

                                          033eb55f5851bf39e10d8d1c1a585664031d8eba

                                          SHA256

                                          8a87a360d984aab9fa6e25e17348685e7329c103e3020c4aa9bc59516bbfb1e7

                                          SHA512

                                          4d4ef360911480ddfb8cc676ed14dbe7b5f3ad5f77d28b71f7821ed070cb933547583e69477b3f293324032ed333f9c5e9714b93b31fdc62dde7a67f690d53a0

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                                          Filesize

                                          16B

                                          MD5

                                          18e723571b00fb1694a3bad6c78e4054

                                          SHA1

                                          afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                          SHA256

                                          8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                          SHA512

                                          43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                          Filesize

                                          264KB

                                          MD5

                                          f50f89a0a91564d0b8a211f8921aa7de

                                          SHA1

                                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                                          SHA256

                                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                          SHA512

                                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                        • C:\Users\Admin\AppData\Local\Temp\Cab368D.tmp

                                          Filesize

                                          67KB

                                          MD5

                                          2d3dcf90f6c99f47e7593ea250c9e749

                                          SHA1

                                          51be82be4a272669983313565b4940d4b1385237

                                          SHA256

                                          8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

                                          SHA512

                                          9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

                                        • C:\Users\Admin\AppData\Local\Temp\Tar3904.tmp

                                          Filesize

                                          160KB

                                          MD5

                                          7186ad693b8ad9444401bd9bcd2217c2

                                          SHA1

                                          5c28ca10a650f6026b0df4737078fa4197f3bac1

                                          SHA256

                                          9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

                                          SHA512

                                          135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b