Overview

overview

7

Static

static

5

cryptolaemus

windows10-2004-x64

7

cryptolaemus

windows11-21h2-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2024, 08:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    82d497c3e09f9cb64c0a29fcf83cd0c6f8f87cb77b6d844ff9ee240f06d0f552.exe

  • Size

    1.1MB

  • MD5

    d8ca910e8acd2d722e93542d3ce3787d

  • SHA1

    f6d755de088521b1a212368955b4cd14fcc5ce68

  • SHA256

    82d497c3e09f9cb64c0a29fcf83cd0c6f8f87cb77b6d844ff9ee240f06d0f552

  • SHA512

    87072e606c337b04b8634bc5162640d8fdc02ddb7b1866fea792b6ee31d41414004ea9468613eecf78db3f40735e2311f9e5d15d31f4d6f5d7a7cb82e43af6fa

  • SSDEEP

    24576:0qDEvCTbMWu7rQYlBQcBiT6rprG8aSh2+b+HdiJUX:0TvC/MTQYxsWR7aSh2+b+HoJU

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82d497c3e09f9cb64c0a29fcf83cd0c6f8f87cb77b6d844ff9ee240f06d0f552.exe
    "C:\Users\Admin\AppData\Local\Temp\82d497c3e09f9cb64c0a29fcf83cd0c6f8f87cb77b6d844ff9ee240f06d0f552.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4124
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc23a29758,0x7ffc23a29768,0x7ffc23a29778
        3⤵
          PID:4316
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=2000,i,11591529136040017756,9499957143651089396,131072 /prefetch:2
          3⤵
            PID:3672
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=2000,i,11591529136040017756,9499957143651089396,131072 /prefetch:8
            3⤵
              PID:648
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2308 --field-trial-handle=2000,i,11591529136040017756,9499957143651089396,131072 /prefetch:8
              3⤵
                PID:4584
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=2000,i,11591529136040017756,9499957143651089396,131072 /prefetch:1
                3⤵
                  PID:2896
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=2000,i,11591529136040017756,9499957143651089396,131072 /prefetch:1
                  3⤵
                    PID:3920
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4048 --field-trial-handle=2000,i,11591529136040017756,9499957143651089396,131072 /prefetch:1
                    3⤵
                      PID:4028
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4816 --field-trial-handle=2000,i,11591529136040017756,9499957143651089396,131072 /prefetch:1
                      3⤵
                        PID:496
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4888 --field-trial-handle=2000,i,11591529136040017756,9499957143651089396,131072 /prefetch:8
                        3⤵
                          PID:2664
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=2000,i,11591529136040017756,9499957143651089396,131072 /prefetch:8
                          3⤵
                          • Modifies registry class
                          PID:4748
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=2000,i,11591529136040017756,9499957143651089396,131072 /prefetch:8
                          3⤵
                            PID:1440
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=2000,i,11591529136040017756,9499957143651089396,131072 /prefetch:8
                            3⤵
                              PID:2024
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3564 --field-trial-handle=2000,i,11591529136040017756,9499957143651089396,131072 /prefetch:2
                              3⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4816
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:4880
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4828 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
                            1⤵
                              PID:3628

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    336B

                                    MD5

                                    c4becb6d448fa16c28952b419b866955

                                    SHA1

                                    ebb7949d0307bca18eca63815d16bd05351cb23d

                                    SHA256

                                    7cbf59f500ed5d6bdd56c2581ba8a0d83f2a2845bbf449e35fac2bce1e80d27c

                                    SHA512

                                    aadebc56469e9e5c92823f88a9987c8ce5fa0335550771b92c049947f589c4f8e5467fc4927cafe273d5f6100912b74d64f28a96d576818ac34d24028ec60381

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                    Filesize

                                    2KB

                                    MD5

                                    43ade7f83b215a0878f74e8020d34817

                                    SHA1

                                    af34afdf0ae7381653869b1465d1ed0cc1337342

                                    SHA256

                                    dfba4273249b330fc83932af66612c4cbbf1ba7fa9aa479ed85a685597de6015

                                    SHA512

                                    c6add08d282924580713c3c0f303206e9e1b3982d6c6190ff39760db554a6b6a5be04527e7772b67d38ca3735cf0a9183ebde52275f989eef50480601af5849d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                    Filesize

                                    1KB

                                    MD5

                                    7163da7e3a6a2f489d49e826d2bf649c

                                    SHA1

                                    9bd651f0cb0ed3eb62d8b4b4fa051aa15b239400

                                    SHA256

                                    ce788a3dd8597889f09f09a69ce1797037f22f4bf534a327aea1eeee911edc2d

                                    SHA512

                                    ee8acd668858cb725020099c599ad97d220fc728ef56d34ad20e4787aedda1b1c7c43db69212fe995fe5feb0e46cebf579848ac6758fa5258828ccbb32503f7b

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                    Filesize

                                    537B

                                    MD5

                                    f95fa5a06284b5031c18b1711c83b232

                                    SHA1

                                    387d51e1753077c8f19a5f8e4af65e500d380ea2

                                    SHA256

                                    07bf33f893bf8bcdcfa6c5f1378b83b33c9da75351693dc9aa324562179e87ec

                                    SHA512

                                    76d3965ac4425443dda75f1d46b46c6b5fa291740669ab3192084fa5b9adc1022f029c57c3a2e1cd61d9993610081dddf4a0edef553d8df4849d038339cf7237

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                    Filesize

                                    537B

                                    MD5

                                    5fffc7005fc724f962e3a7b1ad997886

                                    SHA1

                                    8a8692fb86538c31d1726778f5bdf0f1331c0d45

                                    SHA256

                                    138884f84b6700c0a31e19fbd212c9b31e20a054d592bbffbdb26c2590ee4c55

                                    SHA512

                                    3b5f14709da788a0b68524e3db9f37e008a3b09ae36aec5ff6904839fc3f26b270a1fc9026b70173714399320e86b42064b5e8c5163639f86b33634e44f367d2

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                    Filesize

                                    537B

                                    MD5

                                    3ec60e7babf168eb88b88e37fb051b6d

                                    SHA1

                                    44e422dae70d630ef99f92884371683710b539a7

                                    SHA256

                                    e85384facc9af02c814f220edca0cb530702cc288306ba1d768ff842a23a359a

                                    SHA512

                                    d7a802e8dff9a8b8c8abcf48e350f3f284febb1b52b11599967eae50b88526db18ca26cdb425883c62d4e0a39cf529d745c70b49fff6298a273b2548cd97cf43

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    934673ac96b96b7a07fa3b6af75838bb

                                    SHA1

                                    914a286195bea6fdd2ee8bf516076a0890e086f5

                                    SHA256

                                    a856eb0dc2bf9492d86c2c0ea4fa30545dda1ecd99683de60e0668bb1815c67d

                                    SHA512

                                    0162c8b6628b92991bf8e2e3633d80aa2c3ca9b82d1b976a4d180840b3e1c61bc7d7b5f04895ff4689c93a63f0cea653421d45c90e863eb71a8b0e6a01a8b46a

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    615ddff34b72798c30caa88dc1c1c6c2

                                    SHA1

                                    efb719cb97586b802f846324775ba2c6af8c2625

                                    SHA256

                                    c1f61a873df4d12ea5a8553605fd367d9e90e82a3dcd6bf3e96b2cd0149db55f

                                    SHA512

                                    dbaf4493ad79adefa2db1412702a96688de9cdab06f3108fa0d756cac1dc7c0574aa97166840d9a95a77d295f8c5561d7b26ec162fc9e5074d8e382b4ef2dc8b

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    ea4e458bec0f57f0b69b4bb38ce4e40d

                                    SHA1

                                    968c18901f6437e288995d62081e53a22f6c5acf

                                    SHA256

                                    bb0511d1305f181182066338f5b415b0472f14413ba0ff341078a70655aa91a9

                                    SHA512

                                    c0f1f2b6aa28ff20f93963019d67f029ad4dbb60fb880a8d041caf5572a2dc429fd806848bf3127f542ad15293ab17b7d9b1163b8dcac8dcbeaca8379e9d259a

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                    Filesize

                                    276KB

                                    MD5

                                    40cf409a88b8f2c018fe22329e7932f2

                                    SHA1

                                    981b2f77da15d82ba2381bb1d5db529be351b96d

                                    SHA256

                                    8b2158dc5aec7dfb872035a1aab7f8eec44e09de01e49cafbfd9f0188be64bd8

                                    SHA512

                                    49127039c57afd5e6e05b94dcfb8f9d939df112615d0fb7452b2dbbbe40519f70e9e8c29ddd04d7c6e502f2d240b7295098d458883316c1c149638be1073ef42

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                    Download Submit