Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-06-2024 18:28

General

  • Target

    https://p6f.org/B4GQ3Eam3T4RAI1Azz01klQ3EmP212APclz01loTxckm3ToTxnz01coTxm

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://p6f.org/B4GQ3Eam3T4RAI1Azz01klQ3EmP212APclz01loTxckm3ToTxnz01coTxm
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5008
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97791ab58,0x7ff97791ab68,0x7ff97791ab78
      2⤵
        PID:2892
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1952,i,7383070964003822985,4374884694646971764,131072 /prefetch:2
        2⤵
          PID:1700
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1952,i,7383070964003822985,4374884694646971764,131072 /prefetch:8
          2⤵
            PID:3768
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1952,i,7383070964003822985,4374884694646971764,131072 /prefetch:8
            2⤵
              PID:4184
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1952,i,7383070964003822985,4374884694646971764,131072 /prefetch:1
              2⤵
                PID:4308
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1952,i,7383070964003822985,4374884694646971764,131072 /prefetch:1
                2⤵
                  PID:1480
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4740 --field-trial-handle=1952,i,7383070964003822985,4374884694646971764,131072 /prefetch:1
                  2⤵
                    PID:4448
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4892 --field-trial-handle=1952,i,7383070964003822985,4374884694646971764,131072 /prefetch:1
                    2⤵
                      PID:4288
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1580 --field-trial-handle=1952,i,7383070964003822985,4374884694646971764,131072 /prefetch:1
                      2⤵
                        PID:3724
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3268 --field-trial-handle=1952,i,7383070964003822985,4374884694646971764,131072 /prefetch:8
                        2⤵
                          PID:4104
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1952,i,7383070964003822985,4374884694646971764,131072 /prefetch:8
                          2⤵
                            PID:2236
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3064 --field-trial-handle=1952,i,7383070964003822985,4374884694646971764,131072 /prefetch:8
                            2⤵
                              PID:60
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1064 --field-trial-handle=1952,i,7383070964003822985,4374884694646971764,131072 /prefetch:8
                              2⤵
                                PID:1296
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4016 --field-trial-handle=1952,i,7383070964003822985,4374884694646971764,131072 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2972
                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                              1⤵
                                PID:2708
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4188,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=1296 /prefetch:8
                                1⤵
                                  PID:3712
                                • C:\Windows\system32\AUDIODG.EXE
                                  C:\Windows\system32\AUDIODG.EXE 0x4f8 0x4f4
                                  1⤵
                                    PID:1500

                                  Network

                                  MITRE ATT&CK Matrix ATT&CK v13

                                  Discovery

                                  Query Registry

                                  1
                                  T1012

                                  System Information Discovery

                                  1
                                  T1082

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    288B

                                    MD5

                                    e5af7c94874aac5d5890ef54d350b3f0

                                    SHA1

                                    b1997d31a319fcf7a9145a0ef4e1e2d187c40ad3

                                    SHA256

                                    99c3b026537306266dac67416e0eff3c86108f31dee1c3e911f9bf9e819fb3be

                                    SHA512

                                    0cdd325311158aed316f3d7f2a1c10363cce4ef429953149042d3f6950b6b047a8ee466c5f877def33620af93cf64b3769c7450cd6ac5fdde20301ceee9231f4

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    168B

                                    MD5

                                    bda0a43dd0610967c23357af8481af85

                                    SHA1

                                    da466e57c54d5dbfeff180032bf39febc33ac294

                                    SHA256

                                    1cac7beb478232fe270b6019b347b77f77acda95dbe3d2af32eb49a0f5df2fa5

                                    SHA512

                                    6796d495f7777c0b1d1cd1fd7c4bc79b1683411af754ef17cc8c6aa1fef87d2ffa8dd92d60c78b98cffa06dd38dc9245e159e7177d3376eceb1ef327217845be

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    144B

                                    MD5

                                    05f50fa9d181c53b8599ec7bbb6ee9a9

                                    SHA1

                                    82fb271045802963613d2375acfe116033547103

                                    SHA256

                                    c20ff9cb629f782ee50d9dcbc9d11631850d387629c0a4555305adb8ba6896ba

                                    SHA512

                                    60c6997815fb5ea20599b2575d9715adaf01db1f1549b8e350907b90c119fe305d8d144bb7c0de9b3733b244b7aa34c1edaf7debf64f6007445da8cd0401e600

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                    Filesize

                                    2KB

                                    MD5

                                    0013f1abd06984af5af4104bb2b17fb7

                                    SHA1

                                    859e51002fab718d8cdf905ea10515df4eab165a

                                    SHA256

                                    352ef42eef1ba1879c2503fe8357dd2d0bf4368e7b72abc52e04cec4c8e49cf4

                                    SHA512

                                    78ed75fd9db878331b7e85b0211edc1a666a84a112f12bc26b54bda7bf1d58356ab5cea16239248d8beb7e3738f039d83e7c27840f710e36d2e0d4f82fba6445

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                    Filesize

                                    524B

                                    MD5

                                    a10c35191d9e567cf89bfb922e9eae6f

                                    SHA1

                                    e105b5afb86d355febe309dda23fc88144164fe8

                                    SHA256

                                    eeb58d5fa507e2d37ea22dc15504a12ae705643527f2b4e40b2369b9dabae531

                                    SHA512

                                    08231bdad32d00ead408d103bb72c430c7c4630f0b14c278bb398b4c3852f0c89b80718a32d32a3dd49a74a6418d0a2ff254805a502b63f5ed675ace48a00dea

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    4b29cd202864786ebf6abbbb7d94a3f6

                                    SHA1

                                    a45b43fc066df8a95d411f0cf94ea9b4e7711abf

                                    SHA256

                                    f246e7b71b7c7e102ed1633257c1134ee0a97a4d90c3af12f6d64d15257647fc

                                    SHA512

                                    27461fcd6189ab4b1a9a7ce5abbc139f7d911ad0aae1085122f18514943d8ceb972c6dfffc9ea52f2d1fb6687fee40d09093f9d6f67147a03ee94bd16d8e658d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                    Filesize

                                    138KB

                                    MD5

                                    6b0ba03bdbabc995b8670651a12ccf4b

                                    SHA1

                                    ad47fae735bf8a8e7e6388c0ebf689ea753c8472

                                    SHA256

                                    3f9e1af925833cc1163a54591e92ee3aff2fb981630a70c9b1e1ae09b8d7f462

                                    SHA512

                                    9d4fa50fb83cd77a5d0face9ab9dc47131de4a6a640ee2f36f482f74cb6ebd13677304006bd0d5f4e91cd8d37ffe54e40ec42543cbf18c2db0352eb35393dc9f

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                    Filesize

                                    89KB

                                    MD5

                                    9583bfd3231fe1b1baeca419d12d9f46

                                    SHA1

                                    0e790f7625a0a04ade67897d542daac24a9faf6f

                                    SHA256

                                    1d289fa1847d5011fc0e82bd0c1da9c835af2733939e52d278977f5b7ea81504

                                    SHA512

                                    5fcf4da10962174eb99b816ccbc5db9bdf44c05607153e6de3999c6041dc5c36a36631fbe339138cce8c5b69bed5467c72e58ecd8c4a8b233c5964c39e3268d2

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe595f6c.TMP
                                    Filesize

                                    88KB

                                    MD5

                                    bbdc63ac5cf198dbc600dc56c95c01ae

                                    SHA1

                                    f040b0db5ca51745200f95a8e40faa2dc402bcfb

                                    SHA256

                                    9fe05981084574cc9fbdc85f821f86248b8825e39ab569cda57699d79436e847

                                    SHA512

                                    3635d85edfa79a69b97336ca51c0e1fd955a6583921622d3892ef577826cb9174639272837886d4664365bbe53cb7fc30d76c0b9ce3c2dcfcb5b4ce7fd152c8d

                                  • \??\pipe\crashpad_5008_NIMFRUQGKQWXJBYF
                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e