Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 18:06

General

  • Target

    f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe

  • Size

    1.1MB

  • MD5

    ec377e92adfa0307058d5833068df2aa

  • SHA1

    716a1cf152b98adbb374881375c286aa4e5faee7

  • SHA256

    f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3

  • SHA512

    a231696ef707cc7f3e4b0e9ce7eee27bdb77c80b2ed4e82431a5f9e4a08e80dc9504d3771f6e9b843730621d8629f365f6d722273bb115eaedab0d5b3615deee

  • SSDEEP

    24576:x1qDEvCTbMWu7rQYlBQcBiT6rprG8auQ2+b+HdiJUX:bTvC/MTQYxsWR7auQ2+b+HoJU

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe
    "C:\Users\Admin\AppData\Local\Temp\f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:656
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4536
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff984f09758,0x7ff984f09768,0x7ff984f09778
        3⤵
          PID:2752
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=584 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:2
          3⤵
            PID:4776
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:8
            3⤵
              PID:884
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:8
              3⤵
                PID:1280
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:1
                3⤵
                  PID:1624
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:1
                  3⤵
                    PID:3164
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4656 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:1
                    3⤵
                      PID:4400
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4836 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:1
                      3⤵
                        PID:4364
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3040 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:8
                        3⤵
                          PID:1268
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3044 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:8
                          3⤵
                          • Modifies registry class
                          PID:4064
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:8
                          3⤵
                            PID:644
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:8
                            3⤵
                              PID:4580
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5180 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:2
                              3⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4732
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:4736
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
                            1⤵
                              PID:5568

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              336B

                              MD5

                              1b259ee2b10caf44f8cb4b3c0b627f0b

                              SHA1

                              9c23b1f7390a4b744a310f27618b9064d8807708

                              SHA256

                              6462320ad3301ce1fca16325508ddfe3ee924f7b7b86b221b618f4db1bfa22cc

                              SHA512

                              602312c6bb7f6d17b37fa0542784608b9cebef310a804461276550f2eb845d4c4956292d3e4f7b9a679200b0441dae96b6bcf64e5621e4d818945bcd7b2ad219

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              ef8ce33608fd231fdef45f42f0e78704

                              SHA1

                              f56b01955ee0b0e51edd7a973ac507c7cb375338

                              SHA256

                              340692c9f92ad5045914727105dce5fb3a2c78e301f1ee9d528e04844ee2723b

                              SHA512

                              b0797e470f62f5d2e9fda243a817038152d98f05f3fddc97fe9b2749d0dfbde424e0bd3a9ff84d98c6671f291b229d4b509f24011ad251c36c565c1b5e7779ba

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              1KB

                              MD5

                              ef4408f5f4b5a97748ac20a30d35f54b

                              SHA1

                              23e7b64564b8a8149c3f44f5ef17edd0affda9ad

                              SHA256

                              bcff9479945de985cc92a2181f805287df55d6288c6766cb91ec46fcf3cf2638

                              SHA512

                              2aee624fd2c5e5957bebbad2a1f7290fa3bc7b523fd1e262af68e362e1cbb446ad84c6af0d59d9df314be4aba9042ee2a9887a257bcebc48be9b56b0183b56a2

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              371B

                              MD5

                              186566aa5139611f04f5d72c03c9f598

                              SHA1

                              c10add5a0fbd08bbb33c0668e66570cb81358979

                              SHA256

                              705e66dac5b860c6ea21d710151aa68e67cc04b53a85a49f7f529330a097872a

                              SHA512

                              9bf5a8ac54901e05682c67ebca37d721e64edf0bcddee84638e48253d55b0f027066d393ba3d09bfe0254c214a91c3ab6dbfeaa706480f1d2f88756ff866f79e

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              371B

                              MD5

                              b5dbf84418c34c24c5858d8106a80b6e

                              SHA1

                              c683363a1e62855b4c449161d1552a897559422f

                              SHA256

                              da8a9b2cafb4845fcf7a3306bc5d615868c0c9e7c0a1827938c0815392cf637f

                              SHA512

                              51083b1c40451e5f82cd694ead0dbacce3a2f082caeb0f374426514c10c2dff060cee979aa68c61c918b6a7c7a0d238c6b04e5ad2b3d7d173fd8d2fdc2a69261

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              5bf32a2591d8cdff57a01b5128ead775

                              SHA1

                              19ef4f6879a1bff445caf62977ab49bd510dc25a

                              SHA256

                              eb56477594648705be9cb4952cf76476dbd2cedd2887d567a69dcb18e716294a

                              SHA512

                              2463b698ab57505044d600a135d28c03ff3c6a9b98a3c518e5fc6727bf0fabfda56bec4943aae24da8df2c04e8c78271fa8028ab4b7b1fae52bf29b2acc74dfe

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              35bda0294bb9054cc28562e430599877

                              SHA1

                              53d09890981aa34cb0cc112f99dc408ce93ae7c7

                              SHA256

                              6862b2b7e2d823f1c9345e8089be5e2c8ef9520218362631dcd65aa94d979e13

                              SHA512

                              16d375e9b812b3fc5fda45980c14ba29c6e62b188921b389f96cba4a05063696ccb382219d5a3fd469693309a5221799cc2231de5b98076cc11d96c7859f0283

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              c8eb37fb49339f1fdbe9f96602b02729

                              SHA1

                              0b0bcadb9a0354e978896af5d57d5eee4070136c

                              SHA256

                              3b42154319c6f9a3338fc82d4af4d286f9918127114b619eb8795258d1e8501c

                              SHA512

                              d017221bc859704de425262f7ad26706862677cb628edd70678220fe64ce3aed095cdbac985529084de4ef4590642c0847e59da5e8c2e2d093f0f1b2f8b420ec

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              276KB

                              MD5

                              b980f347652b18a85b1e089a9b4f8d2a

                              SHA1

                              4a4cb5ee76a39db843e55390d2577a11f6928261

                              SHA256

                              14865ea5273bad820aca33b3d67afb9b0b6e46109527525638e93cb18b8f2ffe

                              SHA512

                              3503500ea1dacf85c08455c16d6ad82b05310acde741c3d1968c3bbf1ab831fb9c9d6f6f4c6c2130454d0dcdb570920dd674301b3e1976e20618749ccf0e23d0

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                              Filesize

                              2B

                              MD5

                              99914b932bd37a50b983c5e7c90ae93b

                              SHA1

                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                              SHA256

                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                              SHA512

                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                            • \??\pipe\crashpad_4536_YVZJQNOJGJNNGPSJ

                              MD5

                              d41d8cd98f00b204e9800998ecf8427e

                              SHA1

                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                              SHA256

                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                              SHA512

                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e