Resubmissions

16-06-2024 09:27

240616-le39psyaqa 3

16-06-2024 09:23

240616-lcyw7syajb 3

16-06-2024 09:18

240616-k9pt5axhjh 3

16-06-2024 09:08

240616-k397gs1frq 8

16-06-2024 09:08

240616-k3ytfs1frj 1

16-06-2024 09:07

240616-k3mq7axfkd 1

16-06-2024 09:06

240616-k27d7s1fpk 1

16-06-2024 08:56

240616-kvz2jsxdla 4

16-06-2024 08:53

240616-ktts5sxcrd 3

16-06-2024 08:53

240616-ktgtks1ejn 1

Analysis

  • max time kernel
    92s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 08:53

General

  • Target

    jfxrt.pack

  • Size

    4.8MB

  • MD5

    8dfebf0b78c6e3bf5aa5002ca9a6da1a

  • SHA1

    1edee53b9e0af5d767d0051c2beccc474035024f

  • SHA256

    0840d659560e62fcc41cd42dec9d7aedb8359f606097b540806452ca8ad05e21

  • SHA512

    f9bf6e9558b52969ec152fbfebc239c1bcb7e4343b3dc58da5e7cac015d1fe75f255bd9ceb3fdeb86b2c05be62c62b552a25c94aba4091df3eaf163cf91da444

  • SSDEEP

    49152:uCTbVLrqgbejNIJqcdTok/EWCdomwkX/YmYybyROodO0rW:1nTB/EmmwkX/YL2yRdS

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\jfxrt.pack
    1⤵
    • Modifies registry class
    PID:684
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3260
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4532
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9d862ab58,0x7ff9d862ab68,0x7ff9d862ab78
      2⤵
        PID:4748
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1936,i,18172693650461200104,5208291408568551557,131072 /prefetch:2
        2⤵
          PID:988
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1936,i,18172693650461200104,5208291408568551557,131072 /prefetch:8
          2⤵
            PID:4320
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1936,i,18172693650461200104,5208291408568551557,131072 /prefetch:8
            2⤵
              PID:1228
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1936,i,18172693650461200104,5208291408568551557,131072 /prefetch:1
              2⤵
                PID:4132
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1936,i,18172693650461200104,5208291408568551557,131072 /prefetch:1
                2⤵
                  PID:972
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4288 --field-trial-handle=1936,i,18172693650461200104,5208291408568551557,131072 /prefetch:1
                  2⤵
                    PID:3136
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4444 --field-trial-handle=1936,i,18172693650461200104,5208291408568551557,131072 /prefetch:8
                    2⤵
                      PID:4820
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1936,i,18172693650461200104,5208291408568551557,131072 /prefetch:8
                      2⤵
                        PID:3360
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1936,i,18172693650461200104,5208291408568551557,131072 /prefetch:8
                        2⤵
                          PID:5032
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1936,i,18172693650461200104,5208291408568551557,131072 /prefetch:8
                          2⤵
                            PID:4720
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1936,i,18172693650461200104,5208291408568551557,131072 /prefetch:8
                            2⤵
                              PID:2980
                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                            1⤵
                              PID:2868

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                              Filesize

                              356B

                              MD5

                              9166f8a19a9e489ad71e42f58e550fbb

                              SHA1

                              b614a00086b6e557d8910c9345dd8377a46579a7

                              SHA256

                              14a5f6a164fa8ee6ca668e9c1c0ce243384790324e4911c63c6a540b6b351911

                              SHA512

                              18cea0c6ace1ec119e8665c55bd37ac78990d7c10066065809a7cbd9ff1bbdb38c703a876e82a1992e73bfd6bbbbe58aefc81e21e354f29456edd6dd392e513d

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              84ae5b6a90c5998fdf22c1327584619c

                              SHA1

                              139321fad67c655d9884c447e7437236702e94c8

                              SHA256

                              f6c8164da046ae5c7f686c34e645697f4cd6e07a36639f837ec9735e9da09a54

                              SHA512

                              729de068e647991a3cf60a7f7b94777e313afdebf56dfe5b1d54ce970be7883d8003e8a949c1276e0825392a6794963b57f293fd60db0c03ff3d3c2fe398a422

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              086cac442b48192624f769c2e2aa75d1

                              SHA1

                              974fc5fa32b46f0505879bb1513ab10edf913b24

                              SHA256

                              72c0b758c6177476cee597fb779409d6d62c7f90d67c5316d85f9e7af641bcbf

                              SHA512

                              f4b65bdde9ba2d77d9e96e735d0c9df0436bf7699babc05b2e05cb0639c7e2ad6eae689b5aa19f7e5cd075ea0c5f39019757bdf29cfb941214caf2b96e68157d

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              41ca25761ea97790493e37679f332a26

                              SHA1

                              874aee8e723140d4d97a1fc15f912d2951682518

                              SHA256

                              5cc8e06f6ff274cd0beffe8850b48b9bca58e21fd7aec8cd81db5440c7f83cb4

                              SHA512

                              9a33969061a18fe57e0374457fad7891ee8a6bbc3dc759aaff33a6f46503d5fdd3bab4b21b0a875c9a4d1dbf12700ff703af81db885636d980fddd148ea12979

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                              Filesize

                              16KB

                              MD5

                              e94c8bc91706c9ab6288528a36358195

                              SHA1

                              c135d94c8b10c5a6f20c6d6fb25b4276a9d54ca5

                              SHA256

                              85b12987ff03a7139d894ced26a58cb8751ae5d53feb447018325965b5d017b4

                              SHA512

                              a95576bba94b116089f63ba8d95f92d4e284b757d7914241cea35e4a4bc0a5e4d32b348070ad05c8707ef3c7361a017162fe158c5448e556c4a6a4fe5c43a02a

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                              Filesize

                              276KB

                              MD5

                              4f0294e84c1e0756638ff329d680137f

                              SHA1

                              332dc43ed83089a5f41b9c9b77061826322b9044

                              SHA256

                              a9e94b180304c65a87098c696b220cd200387dc25e8463e972abf9149f059c31

                              SHA512

                              f8bc0bbae0ef3c587a224efd0201c4b090cee3f64f27edce7545006c8bcf4118414097b0ce9acbddc324ab8c4d75519a62ab31a5544457570b3d74cd9c5cc6e4

                            • \??\pipe\crashpad_4532_XQZXJTEOOKLSOBTJ
                              MD5

                              d41d8cd98f00b204e9800998ecf8427e

                              SHA1

                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                              SHA256

                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                              SHA512

                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e