Resubmissions

13/06/2024, 04:02

240613-el34ystdnf 5

Analysis

  • max time kernel
    1711s
  • max time network
    1710s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13/06/2024, 04:02

General

  • Target

    OfficeSetup (1).exe

  • Size

    7.2MB

  • MD5

    bc1c2bf64412e8c95ffe1a13c767e0e8

  • SHA1

    8b2f7c545b6aee74d487558c49a311245001024d

  • SHA256

    cce00c8ec2aa5e3f7e01544ecaf24b67aec0f38c34f9b6514a2a4e3e52cbfef6

  • SHA512

    5f1fdff19ff01f106024f5b61c7a5be6b334eaa7285dde3689bdb0c3312914c8ab7382f74aae40b367f5e6f8e51662aa68d94edc4f24c49720408c65ae1dae1a

  • SSDEEP

    196608:enmy2EuQ72XY4njm7D4cYm1jFqGEWYHu1kwzadF2haI6HMaJTtGbD:eIEzyY4in45msW025

Score
5/10

Malware Config

Signatures

  • Checks system information in the registry 2 TTPs 2 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 4 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 40 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OfficeSetup (1).exe
    "C:\Users\Admin\AppData\Local\Temp\OfficeSetup (1).exe"
    1⤵
    • Checks system information in the registry
    • Suspicious use of SetWindowsHookEx
    PID:2008
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
    1⤵
      PID:4088
    • C:\Windows\System32\oobe\UserOOBEBroker.exe
      C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
      1⤵
      • Drops file in Windows directory
      PID:3008
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
      1⤵
        PID:2740
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3892
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fffc832ab58,0x7fffc832ab68,0x7fffc832ab78
          2⤵
            PID:4528
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1920,i,13726800056230339464,11297865446433512958,131072 /prefetch:2
            2⤵
              PID:2460
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1920,i,13726800056230339464,11297865446433512958,131072 /prefetch:8
              2⤵
                PID:2756
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1920,i,13726800056230339464,11297865446433512958,131072 /prefetch:8
                2⤵
                  PID:1440
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1920,i,13726800056230339464,11297865446433512958,131072 /prefetch:1
                  2⤵
                    PID:1688
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1920,i,13726800056230339464,11297865446433512958,131072 /prefetch:1
                    2⤵
                      PID:3624
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3516 --field-trial-handle=1920,i,13726800056230339464,11297865446433512958,131072 /prefetch:1
                      2⤵
                        PID:2976
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1920,i,13726800056230339464,11297865446433512958,131072 /prefetch:8
                        2⤵
                          PID:3904
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1920,i,13726800056230339464,11297865446433512958,131072 /prefetch:8
                          2⤵
                            PID:4884
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4872 --field-trial-handle=1920,i,13726800056230339464,11297865446433512958,131072 /prefetch:1
                            2⤵
                              PID:2636
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4824 --field-trial-handle=1920,i,13726800056230339464,11297865446433512958,131072 /prefetch:1
                              2⤵
                                PID:816
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3356 --field-trial-handle=1920,i,13726800056230339464,11297865446433512958,131072 /prefetch:1
                                2⤵
                                  PID:4948
                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                1⤵
                                  PID:4424

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  811B

                                  MD5

                                  aa1dac24c27a90ddd1eaaa07418ee3ac

                                  SHA1

                                  0b20c6796ba9c4d44fd44507b178a9b8d735272c

                                  SHA256

                                  14f2d41ee95e1c725ad18db867df5090e5a980d285d3839c618294af4683f1f9

                                  SHA512

                                  351ce70154aac2b91c677a0c36c04e724a39f819f585a5cdd90c82b92ddd87737ee10b7b33d61325c7e39776e56a70de35da5f9856da3ea9f1306a43c82fb995

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                  Filesize

                                  2B

                                  MD5

                                  d751713988987e9331980363e24189ce

                                  SHA1

                                  97d170e1550eee4afc0af065b78cda302a97674c

                                  SHA256

                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                  SHA512

                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  6e290ce368e1e24825f42470b109aa5c

                                  SHA1

                                  6e57c42058f6d461d8786e47efa2baa1af323636

                                  SHA256

                                  9af96af05566ba15c830674704a0cbc98d0c7e850041d0ba22969207ddf33b51

                                  SHA512

                                  a66a8094337fc9ff3be2ac22eafb08b1edef0765376546f29ed21800e6fb09c5f8ea9e4fa12bbd756179c67ae1c1cf33f9a26ab8c1244c4ebbc682d254ef02a7

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  821f61e5bba2fa1e609175cc2af44207

                                  SHA1

                                  b57cb9348a3d66272e2c7f151bc277bc794dd97c

                                  SHA256

                                  91941b7e8f1ea5597f6711d2649a1b9813b377f64c0683dcf112b432bdc4e130

                                  SHA512

                                  f948f6102929a645788ec854bc9ebb3c5b5b8b9da4d04b46363ecac8a0e9b0093ffa37d1afe7d098397ff6714c95f1756f9702e8ff18c62bc4369d8a1d2ca355

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  129KB

                                  MD5

                                  96e8e58a0e28eab33b76f4e4e2615b6f

                                  SHA1

                                  48be5ef7258742cb3df2949c6cff6d6834104af3

                                  SHA256

                                  75cd0d82d195b650db524e8ee5863579cc673523756189fc43976212a72eed6e

                                  SHA512

                                  1c4e20e36375aeb44f8c1faa33f686950f9c59733afba00286ed6fdae977f81d155bb2b1798a454970fb5cb6b40c685ff5d174ba921449204cd36f1031f285d6

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  129KB

                                  MD5

                                  fbc2af990670ba6dc96ce78fe14720a5

                                  SHA1

                                  65a6f9be7dd9c5aa301f1edb352b407d0e87e9fb

                                  SHA256

                                  45e0b5efafa3c9f3758eb191af8c506ed2c3d798632fe9fb0e9883e000dbece0

                                  SHA512

                                  5a08be943411f4dab90ad892a7004178882a253f731cc8dd8afb94dd50c55d2da9f413f626a0c92889fb8d1e66e727fb16424e1fdb13d4a4740deb03665e24ad

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                  Filesize

                                  264KB

                                  MD5

                                  f50f89a0a91564d0b8a211f8921aa7de

                                  SHA1

                                  112403a17dd69d5b9018b8cede023cb3b54eab7d

                                  SHA256

                                  b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                  SHA512

                                  bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58