Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 03:34

General

  • Target

    http://apps.timopartl.com/6nc46des8zk3e/workinghours.appinstaller

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://apps.timopartl.com/6nc46des8zk3e/workinghours.appinstaller
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:220
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b214ab58,0x7ff9b214ab68,0x7ff9b214ab78
      2⤵
        PID:3220
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1924,i,9174365414595686583,3840671011500111840,131072 /prefetch:2
        2⤵
          PID:4076
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1924,i,9174365414595686583,3840671011500111840,131072 /prefetch:8
          2⤵
            PID:2112
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1924,i,9174365414595686583,3840671011500111840,131072 /prefetch:8
            2⤵
              PID:2436
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1924,i,9174365414595686583,3840671011500111840,131072 /prefetch:1
              2⤵
                PID:2768
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1924,i,9174365414595686583,3840671011500111840,131072 /prefetch:1
                2⤵
                  PID:1672
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1924,i,9174365414595686583,3840671011500111840,131072 /prefetch:1
                  2⤵
                    PID:4880
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 --field-trial-handle=1924,i,9174365414595686583,3840671011500111840,131072 /prefetch:8
                    2⤵
                      PID:3560
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1924,i,9174365414595686583,3840671011500111840,131072 /prefetch:8
                      2⤵
                        PID:3680
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1924,i,9174365414595686583,3840671011500111840,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2760
                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                      1⤵
                        PID:2156

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        1KB

                        MD5

                        df492bc8134ec459647f6da04eaeb4ed

                        SHA1

                        87589cc45ebe5a11bef58655ce5f5fae02f31bb4

                        SHA256

                        0c846e0e858beff2bf04d49cbabbabdacee1ab0cfc4739b24402ff81dd7b319c

                        SHA512

                        1233eb9cbe6df2967b198fde7fa37d86a8d1d01cfd6a7567c8c9fcf154b0a6d29d137f7e78ba8c7aab733229cef9b65844db903a12b2eee5f1cb62a160aaf062

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                        Filesize

                        2B

                        MD5

                        d751713988987e9331980363e24189ce

                        SHA1

                        97d170e1550eee4afc0af065b78cda302a97674c

                        SHA256

                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                        SHA512

                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        524B

                        MD5

                        46681d62bf3a8257c2e58047b754398d

                        SHA1

                        6d557dfe59c192aaf72c239ee417887b98f8c5ed

                        SHA256

                        b962a5860d2bfac0a0708d61f8aeeebd9e3ad84dca54a31e887c8e45a1a4231d

                        SHA512

                        263f48622e8bcacdb6129a81a3dc0fca9f6a0c73482e06dfa4e98ac669c978f3b411d0a671fb0c16fd0ae28379c483643d4009648a8540ca81465d285a17f711

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        7KB

                        MD5

                        9e429400822749fd0a812e7807f9cd61

                        SHA1

                        b57dd5460806d9100f747d8b546365a3261777b7

                        SHA256

                        ac73841ac6c2ba95476b6129ae4877ea8361a16a646f3c8c86300cea45c4110b

                        SHA512

                        ec5aaf465ee0d629a93aaeff9ec115de6426e79deed82440541c7b3daa0d10e9c8f4c2f956922640541ab9194c6127a31efcbeaf12245108326de2a5f13f4bd5

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        138KB

                        MD5

                        ed909fd1f33ba0f4de7a36a317ade65c

                        SHA1

                        195f8073ee77dc7c4989c8a7597747ea17c324fc

                        SHA256

                        870b3ea39b0f7724863b4e4060c5f8a894ee8809be451fa4f354b7871ae21330

                        SHA512

                        b78fb61e5ee1e303a2b61d24e2619127713fa185d71c126059d4ec58a54e21ff7a422022ff4e130cba8295a6aadc63d61e12e78d42fce8caebb0b4379c1dd678