Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-06-2024 19:11

General

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://millworkclinical.online/UcbUcb/UcbUcb/UcbUcb#[email protected]####
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd504ab58,0x7fffd504ab68,0x7fffd504ab78
      2⤵
        PID:2660
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:2
        2⤵
          PID:904
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:8
          2⤵
            PID:3552
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:8
            2⤵
              PID:552
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:1
              2⤵
                PID:2916
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:1
                2⤵
                  PID:2900
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4288 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:1
                  2⤵
                    PID:3328
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3376 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:1
                    2⤵
                      PID:388
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:8
                      2⤵
                        PID:3168
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:8
                        2⤵
                          PID:3140
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1876 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:1
                          2⤵
                            PID:1524
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4964 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:1
                            2⤵
                              PID:4592
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2608 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:1
                              2⤵
                                PID:3616
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4892 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:1
                                2⤵
                                  PID:4684
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4708 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:1
                                  2⤵
                                    PID:2456
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=980 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:8
                                    2⤵
                                      PID:4948
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4648 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:2
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:5100
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1900,i,8970301895254019355,13315254299034184367,131072 /prefetch:8
                                      2⤵
                                        PID:3148
                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                      1⤵
                                        PID:4488

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

                                        Filesize

                                        203KB

                                        MD5

                                        99916ce0720ed460e59d3fbd24d55be2

                                        SHA1

                                        d6bb9106eb65e3b84bfe03d872c931fb27f5a3db

                                        SHA256

                                        07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf

                                        SHA512

                                        8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        504B

                                        MD5

                                        cd914287edf538f09cf6316d22ba85a4

                                        SHA1

                                        3f1f0116b7f8b27c6e05c9c99ab94a40f6629e85

                                        SHA256

                                        f05d676b9a44cce14ef45f6f5ded3da2ad201a89c35e81096318ad95a20beba0

                                        SHA512

                                        8bdaa8eb007ccd15fade4437e3b7c92ffd8e975f4ecd7db1f5d329f49cebbd43ecba87a512a5399b30c23b22086826676126eab36b129857b0769c3c7803bc81

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        192B

                                        MD5

                                        e65bbe8568e03326c002ea88e78c3c1b

                                        SHA1

                                        da528ac141fe62592c881437be891b3c3642983a

                                        SHA256

                                        3614fc9421dc0e0bfe2f71182123a7acdb1be6241008530cf08a349b79269f4b

                                        SHA512

                                        2e49fc744baff1b43a9acb91580340072f303ed6864924594b5e27e13b3ca645d3e924a78da774b709659e8f793b424412cd9a9a9fc2465d5b786000bff5b277

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        1KB

                                        MD5

                                        52f89a9361aa470dbc0dac9e3a4d4144

                                        SHA1

                                        fbee7475114a92aa1cfb8bb5353b45712da4fd14

                                        SHA256

                                        aaab8e4ca45fc99bcc3c0c8a3d946f1ea2809cca7097642c4d71609a14769678

                                        SHA512

                                        a348c8cce7f5adf5ada781d96bc439d28829fb125eceb6419b013016702ca4b9a0e78677e737e120bb2b6355b67b7285a46c7051da172f8058d99eea104e2980

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        2KB

                                        MD5

                                        ab7c88af804e3f39074b4db6fb3fb724

                                        SHA1

                                        be5f106e004771e094e4523d5438fd95013c81bc

                                        SHA256

                                        9a61bc8645d91d64faa5ea4e83280045915ae32e96083364e513268eccafac41

                                        SHA512

                                        21d3e4e5cf064ed583f8e65f4b75df70425431b604300293f47e03eee3c22ebb4ab463f4605d7a7cb4ccda7518ae78effe8ca54d2ff05eb032a53155e31617cf

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        859B

                                        MD5

                                        acfcebf360043adb3e75f30c0bcdc906

                                        SHA1

                                        d6fc649aca226e546ae04aa0b778276f63769ec3

                                        SHA256

                                        8c8c6807d5a4c4be9e46e2d098171750bbf8bafc919636b981153ac7d1bde0f8

                                        SHA512

                                        c195fdbd61a5efb9c76d8c7fe5fc5114a2cf6b74cd6c237545b4935ada8401550aff97fba66a34b6697323d950d2c1df6e6428b12a5ddf0c6148cc1e41548604

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        7KB

                                        MD5

                                        b43d5b36b96efdb281e0443b81dc3683

                                        SHA1

                                        d10c02009ef1ab7647a48a6555d03d53c7e74905

                                        SHA256

                                        ebf17b6e97da8ebb0e636f30736f032c69871245d5b616037925ec5b34ae047b

                                        SHA512

                                        52fc669d9f9f678267d897ce0813fab9ba5fed69bb7a8e2d35e25e7b47cf3b772b2d0f81bef8cb4f9364307593c9ac29fb83f00fff2141c4d61286c3538231bd

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        7KB

                                        MD5

                                        92288fd79f24e21827b925870103d10d

                                        SHA1

                                        1dbd12c76f88fb9998ca6e9c6cbbb934a16d4ff7

                                        SHA256

                                        46af8ff34485426edb65bb03ba4c4768cabc7158e8b83faff30afc772921967f

                                        SHA512

                                        8e95996b1879802eddc579b09f73b2a8c8c26f91e5ce08e1cf34ee1b19d7fddb7464c2a404856d0d726212838b79f7b6c63097f803792a75114f8ab1e0dcbc86

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        8KB

                                        MD5

                                        c820b6681d37baa522f5ed0c917fc7b9

                                        SHA1

                                        367945631da3fd4eeca60148966f6b9614d692b9

                                        SHA256

                                        137b5c177d44d8859c9be51a339c7206badd0a2f12366202f3a86ced79bcf93d

                                        SHA512

                                        0238eb05bfe9881fdc6af78050c79e3b81f458d7c038f1e101572d48314cc69591c4bbf0d9fe861aad1a4d83d7670251ad48d67e2269d7e5f001c0d5e6130ea5

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        7KB

                                        MD5

                                        eb226a5b4b10056db80625c61983edeb

                                        SHA1

                                        953733313653cbf3c9d834dc281ce00ec4f2fd9b

                                        SHA256

                                        e61b2a8759fc85d501d5aff48120639179c82e92d876ad5d4ee0929ea019175f

                                        SHA512

                                        84a9286c218511fadb3cf15af3e021c6e41239149acc51a1b449b3b0a6d3e71efb838cbd2475356dd2a835c3a176ca287245e87aaa511e46aa67fb0e51ed5666

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        138KB

                                        MD5

                                        b86d6316912bb2583ea19832a50d7e38

                                        SHA1

                                        9f08ea0ff100dec25fdf4aee4059a594f4a964ff

                                        SHA256

                                        75ab5359bf882bf1a8c2ec3d24339bb4025552aa7ba61703170007a53437a27c

                                        SHA512

                                        837b2820710df3b1db76ab8de53ef3e24c7b53903f4ddcba3c962bba577a8085dcd631dfa7af94ee8a275cab75524cd83bcde040de748263d275663a75d29076

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                        Filesize

                                        92KB

                                        MD5

                                        bdc77ae5fcb91ab5549248d8e0ba631c

                                        SHA1

                                        c8a6ca4489c9bf29e083cc7d1bd01da084acbbae

                                        SHA256

                                        02820a189bcd258ba90e3fafdbc0593c18dd39b723bde4cdf80e14612684d314

                                        SHA512

                                        6b878372340643f716f056a2d47eec71ce5766e22cae3aa79616bf889a03b6086a0e89a55a32992a14ff9880778f8b3612b93629ac6fca00f219854b93bf53b7

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                        Filesize

                                        91KB

                                        MD5

                                        eac52361d7bb25997dfc5fdd76b473c2

                                        SHA1

                                        22be6448d0e2454ddb7671e72b089ea54b07d8eb

                                        SHA256

                                        1d0b776767cf496b0a6765484d417a5d972efaa5d3e042d2fecd6c73fbe3ff32

                                        SHA512

                                        df2e5fa4f7de3cceeba9da412b1b09bfa3d6d7a54e63ea9ff872651a37a00c14466c6e4c95a202668318edffd953e955bf904b529826c4d32b9c8f3388a3b2fe

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f41f.TMP

                                        Filesize

                                        88KB

                                        MD5

                                        cb31e89ec1549ab38c8e26f17aeae22a

                                        SHA1

                                        284088f819949f7c2939ee1cab830fde75973749

                                        SHA256

                                        244952a82d1dee9bbb15b298a2b60c704eef0b9f4bf28a8dcfbb157b3102f9be

                                        SHA512

                                        2f8d091db82e9a79c70ceba3df1c7f00506899a4b3a29e0e26896c6bb95378b3319e1d507144cb4e7138f89735fc17fc9475a9fa9ae548fe1885dd0979b84b42

                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                        Filesize

                                        2B

                                        MD5

                                        f3b25701fe362ec84616a93a45ce9998

                                        SHA1

                                        d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                        SHA256

                                        b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                        SHA512

                                        98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                      • \??\pipe\crashpad_2744_SIWMZMZBEUKGCZUE

                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e