Analysis

  • max time kernel
    99s
  • max time network
    96s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16-06-2024 14:21

General

  • Target

    https://email.ninosdeahora.tv/e3t/Ctc/RI+113/cZLF404/MX7jHllPfW6VjQpt35vtSFDW7nzmJr5gntchN5VHnTb3prCCW6N1vHY6lZ3pdW4_NY427bPm5-VFDNhX1Q7JMGW5_q7d-2dwky-W8z3G-Y8ZdHYsW2r52Vp7SyZflW84m_606jkhwrW6bPNq93pV86DW5j6KcL1d3SPTW34q_fp499VmKW95LCL84qdPr4W6Wm5tg41MfdjN2YbtZrJz2CjW4w7_s81wpT7kW5hgs2s6vldkmW18pY4K6bwW9WW3QypcK3TL3WBW70mVL38mR1VcW7TBRk_8MBX6QW2jCJzG1xbVb0W4TTvtb8lQygjW6JQgTt4DdQ7fW1JK07P8bY_ZHf4M141F04

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://email.ninosdeahora.tv/e3t/Ctc/RI+113/cZLF404/MX7jHllPfW6VjQpt35vtSFDW7nzmJr5gntchN5VHnTb3prCCW6N1vHY6lZ3pdW4_NY427bPm5-VFDNhX1Q7JMGW5_q7d-2dwky-W8z3G-Y8ZdHYsW2r52Vp7SyZflW84m_606jkhwrW6bPNq93pV86DW5j6KcL1d3SPTW34q_fp499VmKW95LCL84qdPr4W6Wm5tg41MfdjN2YbtZrJz2CjW4w7_s81wpT7kW5hgs2s6vldkmW18pY4K6bwW9WW3QypcK3TL3WBW70mVL38mR1VcW7TBRk_8MBX6QW2jCJzG1xbVb0W4TTvtb8lQygjW6JQgTt4DdQ7fW1JK07P8bY_ZHf4M141F04
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffca65a9758,0x7ffca65a9768,0x7ffca65a9778
      2⤵
        PID:4816
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:2
        2⤵
          PID:2168
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:8
          2⤵
            PID:1816
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:8
            2⤵
              PID:1344
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:1
              2⤵
                PID:1204
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:1
                2⤵
                  PID:4684
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:8
                  2⤵
                    PID:1920
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:8
                    2⤵
                      PID:1220
                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                    1⤵
                      PID:196

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                      Filesize

                      70KB

                      MD5

                      49aebf8cbd62d92ac215b2923fb1b9f5

                      SHA1

                      1723be06719828dda65ad804298d0431f6aff976

                      SHA256

                      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                      SHA512

                      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

                      Filesize

                      893B

                      MD5

                      d4ae187b4574036c2d76b6df8a8c1a30

                      SHA1

                      b06f409fa14bab33cbaf4a37811b8740b624d9e5

                      SHA256

                      a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

                      SHA512

                      1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

                      Filesize

                      252B

                      MD5

                      6b72dd795d656208332b88add1ebd71b

                      SHA1

                      fe2a514496b31dd53803ad5f8508adcd77fbe4cd

                      SHA256

                      0a03753efa361d22bf509ee1a7755783e2442f33fd290f8bddc2b10b80d3e1ed

                      SHA512

                      52f43cf203b85ee6cc533b61faa80682518ca38577ed0c4e56b56ec43d06fd59aae3c4c1acd7d5ca5e67a79fa16e5eef91e62a8102aa423f3ec508052d224d00

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                      Filesize

                      504B

                      MD5

                      601d9ef5b48cfc01b1de8b8557694632

                      SHA1

                      ea8c157508b455a541c6a315656dcb1561c100af

                      SHA256

                      47f5a000c678be571371a519baaed14db806bc18ab1de58c8b30c7dab04a5968

                      SHA512

                      f86380c7fce9e9964685a4c9f5b39b91f1b28b5ed50f7caa9984ddb5ad00ea520a774f25f1b5a5e3c75efd48d555ebe6c85033cebef6640c34f6c69d3fa56e71

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      3KB

                      MD5

                      0f68cd2e86335d083c376c8d08c5ab88

                      SHA1

                      dfacb47e07a3d622571462a209ae21f791445bb4

                      SHA256

                      81e7d34730ab6b1f6c635a8068432add7a6d968098e179fd78dd21e8df31b640

                      SHA512

                      edfee8a6458d618005f6df0a122031029c5ecd63b1cbc0109e0a422274479e405ba0d528a34a076cfc75dc11f2ec6e5f104ef11529ae68a38f29d9f504242f49

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                      Filesize

                      3KB

                      MD5

                      9aac39cf722c3507f188c40f4f89ed70

                      SHA1

                      cc283e63434a039a99f5a91899d717ed231dd499

                      SHA256

                      6fddad253ce143b092db1c95af9e7c660f1b60f8e7ac4c373bd662f3662c6d4f

                      SHA512

                      bc3253eb914d2ec52f696fe5a7a81a2a392ccbc3770bf320c781b8c1a190d38b6e52cfd818052a8410582d415655bc4e7cc5f9cc2e2265413e5b5ed66d17bb52

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      6KB

                      MD5

                      b0278f7961043c91a9ab22bfbb4af1a1

                      SHA1

                      07cc1ca3b9019aeed2fb73e35df845c6c78ce3f3

                      SHA256

                      7e264f866f8af3ca4bfa0b5fce1ae5b3353c661d2e20c0115721ea8b6a1ce29a

                      SHA512

                      2b0fd1244523fbbd6595b8bac39b384fbb358beacb0d649995821318e9806d592e12ae8df4adb0ea922b7a852db2dfdfce867dede53f181cbf1657f96c47dc3e

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      6KB

                      MD5

                      ef91f3675140e8fb933212b48af4c47a

                      SHA1

                      95f2c30614c98c4332e5a09cf37aa24885fe6aa9

                      SHA256

                      b07acf8e61bff258b9dcfdef9cc253408105308450e93c0b2e5ceb8ec019d892

                      SHA512

                      17a50d4c90f742ccc21928ace08cc53a9d4e9fe3210e2b1bfd77f7e0f6c433c07eb452ad58af199ca69fe6a594b2e2760d3fe95a59a28aaacb9e02f6e52835cf

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      6KB

                      MD5

                      e9cba564cf15b4895c93830f157c0ca7

                      SHA1

                      15a5c1daf5479f56771a9ffb7b148b6b34084b74

                      SHA256

                      0d431591b64078b2d1a524a8d939ae5ed5f4d6202ed9c5b3fc7be0c7d38f3ef3

                      SHA512

                      102bd2043ca6191e64de2ab71d59ae60c90c651d25338a29413e26f160f1ae9449c042db7b6df1db907027d35323a41a8a43ada0267a61bfdcd30683c2f0fa2d

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      136KB

                      MD5

                      4a7594364771dbcbb1a384a4302992e8

                      SHA1

                      b331cb50fb83336cd4ef783976a962dc28f8d43f

                      SHA256

                      a8bf70ae7e58f4e5bea12eef132841e259b5e1daca137ccb416be7030b3f7549

                      SHA512

                      cc0a2dce777c01153aeed4e63eed80e291164fb559d6fcc623b289971cae531ba070397ddf60065ec740087554509eca70d4bedbc68b8ed64d83e97208bf8072

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                      Filesize

                      2B

                      MD5

                      99914b932bd37a50b983c5e7c90ae93b

                      SHA1

                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                      SHA256

                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                      SHA512

                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd