Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12/06/2024, 15:31

General

  • Target

    https://betonrossi.atlassian.net/wiki/external/NzIwYTI1ZWQ5ODMxNDk4ZDljY2M5NmFkOGZhZjM3ZGQ

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://betonrossi.atlassian.net/wiki/external/NzIwYTI1ZWQ5ODMxNDk4ZDljY2M5NmFkOGZhZjM3ZGQ
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc699fab58,0x7ffc699fab68,0x7ffc699fab78
      2⤵
        PID:4208
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:2
        2⤵
          PID:3104
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:8
          2⤵
            PID:4000
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:8
            2⤵
              PID:3996
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:1
              2⤵
                PID:2860
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:1
                2⤵
                  PID:1140
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:1
                  2⤵
                    PID:4556
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:8
                    2⤵
                      PID:3196
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:8
                      2⤵
                        PID:864
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 --field-trial-handle=1764,i,4320036029028002096,18302023281702493049,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2588
                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                      1⤵
                        PID:2928

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        3KB

                        MD5

                        d2e62c68b47d09dc5203c13e5937f3d0

                        SHA1

                        d0e8bc6fad1b80f9b319447f709d174ef050d295

                        SHA256

                        25bdd14e4ada514fe3439113730f8031586bc5a15e49f5dab8751df89717460f

                        SHA512

                        0a7d83d4d1aec0f6e0ac98f3eda32275cbd9b52b5df05ad294140a306b59470381150799368033b446da541ef06768b65faf136aaa95f544db17c4cd1df8d3a3

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        2KB

                        MD5

                        2598abacc71dda641b5d1bcc6f2ae96b

                        SHA1

                        3a28734477a3cecf58162179bded11105d9d2e56

                        SHA256

                        cc7e9f67ab9b446ab5d1a106b934f0c792ba95b62f40b3f29e3199359498fda9

                        SHA512

                        63f49d24fc9f575c46117441385aecdb37d9cb3d66a3ba213d1d2e39170eb999a57c4e89c07ec75e7685a09eeb2c1b2293fcb1cd762434a0782a27d156ed0206

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        1KB

                        MD5

                        92af8471b010b178ebc3191eb25d90ad

                        SHA1

                        d71f2641bf6184e5d313973ccb4e550e5d92eceb

                        SHA256

                        81b388bbf44a5b7dad1fa4470b0f929e84a2a8ca479832251b8aae25eeec2b1c

                        SHA512

                        9ce0a220c6b8f9fc50db1c384d7f72bfaa1875690b08438d9865fd5b90fa94dad45eeb1cd2bad5494a0dbf032b876adf8fc3c38883e4d4684b132e8d165ff3dc

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                        Filesize

                        2B

                        MD5

                        d751713988987e9331980363e24189ce

                        SHA1

                        97d170e1550eee4afc0af065b78cda302a97674c

                        SHA256

                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                        SHA512

                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1018B

                        MD5

                        7490960f2bbeedcb62737d2fe5b28c48

                        SHA1

                        85ecd5df49f86d7be7f74e4a3672649795351639

                        SHA256

                        377dac23c8ff192185f2fcc9f2fba30f38b2a1d0f770acd59eb886e52cc375c6

                        SHA512

                        e16725a6ac27e029fbb6ecad15ae78a2962f5c8a9b62692a840b9278c4916e63426c0f244cc7516293b0c6edf2da74f92300cf45388b2f82536e13df85216dac

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1018B

                        MD5

                        bbb15f200661eaa4d3e1e15c80875b58

                        SHA1

                        65054e4dd178bb365c40979d71fa5c898cde58d4

                        SHA256

                        34436f64bf2183fc71f4b0b1fcb82ab66b5501c9574996110e3cffd75609fad6

                        SHA512

                        4da0568e6e3f195aeaac22f009bd8c86544e77f28f39c98e379422eb2006244f7732ccca11a2823568c7f7871eb734cc96300de09e9b29e86ac3b76f7f5f3426

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1018B

                        MD5

                        971973a732970899c4d3830c4a8f8d39

                        SHA1

                        f19108277e509f24021372d0f966b4534d25fbb4

                        SHA256

                        50983600be885933fb2e189134ba14906f58bc5ea36ce5b817c9ee68e7235cce

                        SHA512

                        f3ab166ef07ca85164f2b2c3dfecf7c860df385a0d9af1cbca4115bf362b640df87d3c294e3b3591ecdc228d90d9d29fe9e8f81d7efd03d18c849df4865ca517

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1020B

                        MD5

                        1c448704b700a966f29fcdeb51aa6f81

                        SHA1

                        ecfca7195f38eabca9e0ea80fafd388a5a450b77

                        SHA256

                        02672a44b670fc189b5bb36b0e339da84c11d9d462d450302108c0361fba850d

                        SHA512

                        2a54401b818c14d2e5588ab6b9d99c78206ea4d91bd8dfe4bcd2f1538760675fe17df4f3b06541ce4453205a38034cfc4f8e8bab67e5531ec8291a2465312975

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        f0bce2eb746161f6c7dc704fc53cc963

                        SHA1

                        ce103626c5f0cabbb39732e68d15fe72dfbfb8e6

                        SHA256

                        4aa59254bada14ddcb27aad2543c04040b2a5144a3b3b799a21fee47d4d622b3

                        SHA512

                        3c0de4f03b4be77aa43ff27e2c8ce6f2a4d72a1f6355e2a4183ed71c4a38bc9591f56ba743bc598d55ed5d1560a466c72d7c8aba4a3957c072caf0b97d38debe

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        138KB

                        MD5

                        219c6f69e57067e0527ba3d3e8f90371

                        SHA1

                        37b05dc2a26ff3ae398c155d1054ee743f5fb040

                        SHA256

                        79bf5e9b3fcfb775dc7ccfa2e4710a108c02bc7315db0fbfb763722e419a25b9

                        SHA512

                        5624f03d984172b86210c2c772533650b54769248e4a12845b46f82c3a3f1778cb907dc7d74ce094f0632ea7cf9e6bbe65af36ddf1f3798d31ed70e682f39b3b