Analysis

  • max time kernel
    149s
  • max time network
    138s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    17-06-2024 01:51

General

  • Target

    https://u.to/lz6rIA

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u.to/lz6rIA
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4732
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff95a92ab58,0x7ff95a92ab68,0x7ff95a92ab78
      2⤵
        PID:3680
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:2
        2⤵
          PID:240
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:8
          2⤵
            PID:908
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:8
            2⤵
              PID:4800
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:1
              2⤵
                PID:2096
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:1
                2⤵
                  PID:4752
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4292 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:8
                  2⤵
                    PID:2544
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:8
                    2⤵
                      PID:4748
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1800,i,16042385434348500829,2107373483116603178,131072 /prefetch:2
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1936
                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                    1⤵
                      PID:3568

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                      Filesize

                      72B

                      MD5

                      10c4010f19e1eaad07035a3c4ea0eb2c

                      SHA1

                      6aa1f7b7cd4a9d4b9c2a2a98dd78c8f45bc2d948

                      SHA256

                      e0f27b46e31fcd0150a35bb76755f2580c828c2fb48475bd1d21bcb51a55548b

                      SHA512

                      5276ae35bd8d624a1012cbb144f256595c5c69cc62ab58fa4be99cec79daa3ebc0709dfa01019a5d3b732726594f342f17fa41ce4c801faf750e4618e6473822

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

                      Filesize

                      16B

                      MD5

                      46295cac801e5d4857d09837238a6394

                      SHA1

                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                      SHA256

                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                      SHA512

                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      2KB

                      MD5

                      17cc7f25e443cbd9f4bf2727c606be14

                      SHA1

                      d0960884a1b482c8ef95de0cf06fed0dc8c3c279

                      SHA256

                      340b9ff1fc57867e94126fd30903e2fff5178bdfdb3cffd709d8003dd6a8471f

                      SHA512

                      312184f5c66d411fc09623a48fe442b6335773523f24a7bd092245e9da2eb7734801828d270fbe66e0f1fa068718a1894d5f0a948963518bbf5ba34ce4a0bf5b

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                      Filesize

                      2B

                      MD5

                      d751713988987e9331980363e24189ce

                      SHA1

                      97d170e1550eee4afc0af065b78cda302a97674c

                      SHA256

                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                      SHA512

                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                      Filesize

                      860B

                      MD5

                      5f3acb3b52397baf6b2cafadf46f0b87

                      SHA1

                      2ef9a497d8b71cda71a6784ab4645f19f5f7a11b

                      SHA256

                      59b2e4cb6be820b96d9085e863b5b81a8bd65c3f671d6ff92144c17393b9d7f2

                      SHA512

                      92d667b0ae0449c3f028d9b18529107fb73b97b88a25c47d01cffbc73d32d5719801057b4e08c4944fa7938c837d85c2851b4d36b6fe667dc62c38e3543dad66

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                      Filesize

                      860B

                      MD5

                      4f212ac00aa566a6d268ed7ca527faa3

                      SHA1

                      154303a222d0f7039371edeac105f0e099ea3032

                      SHA256

                      6d91ed9a23e299eac15c371fb70fb419e00af442185c657c034581a2d3f6b919

                      SHA512

                      7bfd02b402c7ed5f0d39dc4e3e9122d480e77bd9ba4dda0b1b3152aedfa0499904173f37c3936342b8693183b02294d60f43b1814dcf9b3f4b179e039c9e6a35

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                      Filesize

                      860B

                      MD5

                      26e2e955833854df92d09268e998b415

                      SHA1

                      bd83642874e325a78830675daf151d49ed0f5bcb

                      SHA256

                      589225cabf4cf5b3b6fdfa39cf1f7cea2c627b9ff8e6e78ff3835fcf28d35692

                      SHA512

                      792b9a5c7100a176ac1465cf97d6b419875918f347c63b79c388882f8c26c4ec92a6c397a60985cbd961c6dcfbe105cf7e900507c141704835225bd7b6f0f057

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                      Filesize

                      860B

                      MD5

                      75270e77244769a6563f88c1a480cb2c

                      SHA1

                      67d777c1b8aaf26612bdadf2e6b104c0c1554ec5

                      SHA256

                      c9bbd1f08e58ee7995f403b4e2a1bf795cf8a242bc25593122b56c4485af13b4

                      SHA512

                      e0ae9eb8f06b91fb7c154be8f9a5075418e641f6ecdf7781c241f46bdc1c88d293b0f1992843ad594b12f351f4ad473b501c10eab045c66a9ade80bcdcbfab4c

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      7KB

                      MD5

                      7b44312d97cab0cd5b7e7f99e2179528

                      SHA1

                      677b15588c457fe968da8815c5d0c03ced0074e3

                      SHA256

                      0bc6050f39ff645e8159e81cbd26aac0128b16d2b4bc3e0009c653980bc95a47

                      SHA512

                      63e9c1e8a1ac81965a9243334f64b12970f02ba7e1506b167dbeaa171adee12e11909d7724b00c01400375a1144141fab479491f13038b46c101413179ae0fc4

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      7KB

                      MD5

                      a477e7021c2e12c34b74b9a53afff02a

                      SHA1

                      3434727d30b0f0e98c62b36d2f4967529f4e44f4

                      SHA256

                      d2366801a9bad9a21a2b15aeba6c6f3908503b0dc3490d603041a96e3834c99d

                      SHA512

                      413e23f78b4c352c49bec0b27fa2c73abcca64f8d6f2a00383fb73a8d88f840215f30006c6e85330580aa7abaa27698380fef4a8cfb9f3e582c416e31c8ed39d

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      138KB

                      MD5

                      01f262842fc0344a96a06897bcffb6aa

                      SHA1

                      2ce367e19d80511e4125358db233cd34360e3532

                      SHA256

                      85523222397d6ae828aaaf290b09ca9cd4f9ad3e1c9f675c2063d4040d9f14f7

                      SHA512

                      210d19094ac3b97db40f698990eec786a2ce2afdb2e58b88bcffe220ff13e3e17937bad68e7fce07b8fc662470fa3c480d4afb994c12d352409106a9ee4f1509

                    • \??\pipe\crashpad_4732_MZZRXTAOOTJKSWVY

                      MD5

                      d41d8cd98f00b204e9800998ecf8427e

                      SHA1

                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                      SHA256

                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                      SHA512

                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e