Analysis
-
max time kernel
51s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
15-06-2024 18:11
Static task
static1
Behavioral task
behavioral1
Sample
Zrzut ekranu 2024-06-9 o 17.45.32.png
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Zrzut ekranu 2024-06-9 o 17.45.32.png
Resource
win10v2004-20240226-en
General
-
Target
Zrzut ekranu 2024-06-9 o 17.45.32.png
-
Size
367KB
-
MD5
da9849e4662c6af53c79711c3b521954
-
SHA1
7d7c685d9ada64d42cc3a2c98323ca38d786e855
-
SHA256
89affd593a66bf8e9d541c0c048b4e0368f7a9194278a2a408a1f2634b2d0834
-
SHA512
edacd4a378a1abde85d6d08d1c2740accc4a34ef192b364891a5e88f557174d98972ef1a3e5fd3a182a73f6f9502d89f07d4912c8e11ba45b9a8398929c7bdbf
-
SSDEEP
6144:VkKfovMEaYfdpRFVWwEhe8GCiJ3OudQ+be8ZR5PlgxpGrbv/mPTk:VkKg0EaYfdpRFVWwEIbVOytbbZR5PWpG
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2040 chrome.exe 2040 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe Token: SeShutdownPrivilege 2040 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe 2040 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2040 wrote to memory of 1756 2040 chrome.exe 29 PID 2040 wrote to memory of 1756 2040 chrome.exe 29 PID 2040 wrote to memory of 1756 2040 chrome.exe 29 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2832 2040 chrome.exe 31 PID 2040 wrote to memory of 2632 2040 chrome.exe 32 PID 2040 wrote to memory of 2632 2040 chrome.exe 32 PID 2040 wrote to memory of 2632 2040 chrome.exe 32 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33 PID 2040 wrote to memory of 2548 2040 chrome.exe 33
Processes
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Zrzut ekranu 2024-06-9 o 17.45.32.png"1⤵PID:2992
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f69758,0x7fef6f69768,0x7fef6f697782⤵PID:1756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1496,i,17918903348169248667,11344365974673607951,131072 /prefetch:22⤵PID:2832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1376 --field-trial-handle=1496,i,17918903348169248667,11344365974673607951,131072 /prefetch:82⤵PID:2632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1496,i,17918903348169248667,11344365974673607951,131072 /prefetch:82⤵PID:2548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1496,i,17918903348169248667,11344365974673607951,131072 /prefetch:12⤵PID:2332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1496,i,17918903348169248667,11344365974673607951,131072 /prefetch:12⤵PID:3064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1824 --field-trial-handle=1496,i,17918903348169248667,11344365974673607951,131072 /prefetch:22⤵PID:1528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1576 --field-trial-handle=1496,i,17918903348169248667,11344365974673607951,131072 /prefetch:12⤵PID:1696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 --field-trial-handle=1496,i,17918903348169248667,11344365974673607951,131072 /prefetch:82⤵PID:340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3328 --field-trial-handle=1496,i,17918903348169248667,11344365974673607951,131072 /prefetch:12⤵PID:1284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3068 --field-trial-handle=1496,i,17918903348169248667,11344365974673607951,131072 /prefetch:12⤵PID:1624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2348 --field-trial-handle=1496,i,17918903348169248667,11344365974673607951,131072 /prefetch:12⤵PID:820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2268 --field-trial-handle=1496,i,17918903348169248667,11344365974673607951,131072 /prefetch:12⤵PID:2012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=832 --field-trial-handle=1496,i,17918903348169248667,11344365974673607951,131072 /prefetch:12⤵PID:336
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1980
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
5KB
MD5f108d0abade3072da691912d21ef7e7f
SHA1c6f0fbe338472b1962f8552d0aa611774d443d13
SHA2560e92b89843c96b0a7183cde8f8f9e2736a46fceedf29024e06af7fdcb94cf6f2
SHA512e12eb11bd950bf50ee9a707f744538a05e4e5cf3199db91a4dacc9aaca966f1ffa81a53db677d63baa47d633aa72060667883d25cf127d37526a116bf6e5c13a
-
Filesize
6KB
MD5c7bd439584c30c12f8c9939085263129
SHA12b01b3cf89034f65e4ace95beedb4567b7657d2e
SHA256fc5c5ca42e39f0cbe0505ed1c6144bccdcacc3fb7acae50860de961a41912db9
SHA512e2f523576fbc7038c17b1dce05416ed88e50a34807a421cc60abc9d91638088add994dbde211646619174a6ff91683241982a421fa615a706156f385f117cab3
-
Filesize
6KB
MD5af8c610eb1d48e209617613e68ea8486
SHA1618831fb4aabed970ebfb6233403183c2df62d9e
SHA25625003a62d1055125ad8e086f6a4b35c3b7c17e5c3715e3db95562c4e808cbcdb
SHA51249197db6bc203dff9fd47567cce02cd3116002f1b8631d7afadeca80eb62f7576a699c5ec9218ea769f2eb3dbe2258a59168950f0f5585c4ac93410325a31f10
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2