Analysis

  • max time kernel
    1144s
  • max time network
    1739s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 17:50

General

  • Target

    main

  • Size

    239KB

  • MD5

    cd534e71c38149d93c8b411fc89402a9

  • SHA1

    26857fa7d6bb74d0e0a4512b60e4ca78fe604493

  • SHA256

    b773e90ba8f28776bd25d39d5db37c8ca1e2bd95b3d3715d34e81c650e40594e

  • SHA512

    888b1ee1177353faa81a5ba30532403b3c02fa7b2bd5bcb983c3528b20abf497069bcafab118dc4d006764f4bccc418f927d2ba6309a0ab3a6d8634d3d5b9f50

  • SSDEEP

    6144:ELo0y2n9dH5M2vkm0aWyRv3pId9RN98vZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vn:8o0y2n9dH5M2vkm0aWyRv3pId9RN98vs

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\main
    1⤵
      PID:2180
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3052
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef62a9758,0x7fef62a9768,0x7fef62a9778
        2⤵
          PID:2112
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:2
          2⤵
            PID:2828
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:8
            2⤵
              PID:3068
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1648 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:8
              2⤵
                PID:2572
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                2⤵
                  PID:2872
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                  2⤵
                    PID:2880
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2844 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:2
                    2⤵
                      PID:1124
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1480 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                      2⤵
                        PID:2380
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:8
                        2⤵
                          PID:1504
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3316 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                          2⤵
                            PID:2372
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3056 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                            2⤵
                              PID:1908
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2476 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                              2⤵
                                PID:2940
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2560 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                                2⤵
                                  PID:1900
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1540 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                                  2⤵
                                    PID:1944
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2736 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                                    2⤵
                                      PID:1904
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3008 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                                      2⤵
                                        PID:796
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3032 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                                        2⤵
                                          PID:1636
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2436 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                                          2⤵
                                            PID:2860
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3644 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                                            2⤵
                                              PID:1776
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2988 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                                              2⤵
                                                PID:2180
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3684 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                                                2⤵
                                                  PID:848
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2108 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                                                  2⤵
                                                    PID:1972
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3664 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                                                    2⤵
                                                      PID:448
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=904 --field-trial-handle=1264,i,17559163354043963327,13144108809940054109,131072 /prefetch:1
                                                      2⤵
                                                        PID:2756
                                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                      1⤵
                                                        PID:308
                                                      • C:\Windows\explorer.exe
                                                        "C:\Windows\explorer.exe"
                                                        1⤵
                                                          PID:2732

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                          Filesize

                                                          264KB

                                                          MD5

                                                          f50f89a0a91564d0b8a211f8921aa7de

                                                          SHA1

                                                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                          SHA256

                                                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                          SHA512

                                                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          f285fae93ac12196a1891944d0a3c771

                                                          SHA1

                                                          e8c028e3b0ca2bd1afee6778c75d5fe4a287cdba

                                                          SHA256

                                                          837404c66e246631fdda9b92c4de76b7cbda1947f42c9bf5eb432dd59d0d2a07

                                                          SHA512

                                                          368cbcf84d4da2a126f1874842103a41cd83423d33c7ee57ae7090267a5b5ac72d080366c65a1ea4b339ba87fa299bcb7c9a37f0f337554c19d9b8a5cf86607f

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          4df8456637cb48fda3586b6719821dab

                                                          SHA1

                                                          c8e2797544efe09a2d30cf9c6b000d48ebf9a7a1

                                                          SHA256

                                                          e173e28c9517357c6893eb1ca01ddfbc9e491257835c8d5c6f3d9ded5b7edb72

                                                          SHA512

                                                          a661aefa90e7c79a4fd8137aa80b6e5afa9882f9ecd78a0e8e8b2032f72f30ac7394c8d7d5c7a52488955517fe7365804f8bba391812dd1e6c66f759729f0d6e

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf76bd27.TMP

                                                          Filesize

                                                          5KB

                                                          MD5

                                                          31d18a5a4f2d8781d1d713f52a71284f

                                                          SHA1

                                                          fa9429d209d94e1f4967671e6fba139afef8dbe8

                                                          SHA256

                                                          b55d08ba0057fdfef3d730c19ab15743ccd42711441abbe3082a626b1930d394

                                                          SHA512

                                                          1a8165ae6e75592216671f22af9b8525147858aaf3507b28facae098674e7b642cdb632d234c5bfa577b0e43573d8a4c84d9155e61d88bef2d0c0a21e828eafc

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                                                          Filesize

                                                          16B

                                                          MD5

                                                          18e723571b00fb1694a3bad6c78e4054

                                                          SHA1

                                                          afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                                          SHA256

                                                          8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                                          SHA512

                                                          43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          140KB

                                                          MD5

                                                          6f0a305b3b315db27b8dad3024bf204d

                                                          SHA1

                                                          8893a78d91e5d874f7a30f1aa3be104e30ed2884

                                                          SHA256

                                                          29dfbfec82bbda1842c187a270df60ad3ec2a6e14e06decb703fd96e830d702b

                                                          SHA512

                                                          405889eb8ce7936baf73e62406c41b08f519123dcb4d16fbb6185c5a39eaa3a9e0b6fb2f24f1739c5cf3190f5b21a3131d703c94246255dce41145c1a5e07692

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          140KB

                                                          MD5

                                                          e55f11bc1688d1659ab4633289d39650

                                                          SHA1

                                                          a6a683c290f06b5a797654e784eb5125c6cdeaae

                                                          SHA256

                                                          0de07d36074c960a5e654f53d58c582964d93a9e504e6422657d5331a3acbf5f

                                                          SHA512

                                                          1cc47f08a32f296581511ae3d0382ab5aea99915804805d40b74ac34e0d3fb64251cccebbac4e4b9dd3a4801a5a705e43d2afe68e8d8f0efb36cec10e3ba509d

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          140KB

                                                          MD5

                                                          d0fd688a91b15a68cdf1b5cbccebf36e

                                                          SHA1

                                                          8683819ad3e71f0e112d9f34516828b23344e3f9

                                                          SHA256

                                                          741c5e93d421aa7df7b811ef4d9e0cc992ec659a0a28482841f47ddb5a03c0cd

                                                          SHA512

                                                          68862e97a78e17ad39a329716bd14477723e1be708e6ae2c0a166b9741baf9f32c66185eb921522292940094259576fc14def95baef02f567b7af7eb43dac106

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          140KB

                                                          MD5

                                                          31b057dc32feba2380e949b4b638bbb7

                                                          SHA1

                                                          00312b4e07cee4681fadd97c8b60438e7172da6d

                                                          SHA256

                                                          510d154b1399c2e0c8e48598aa7824ce7b5fba61c5be965285681be03a850195

                                                          SHA512

                                                          7b8b8cfab145e42e8ecb351e42880dab69022dc9ade4de56cad774e39d48b0870224bfe5b5914dfa74e6960c2cadeb9f73ba0e7986accb6092533d98348f10f7