Analysis

  • max time kernel
    1799s
  • max time network
    1685s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20-06-2024 18:30

General

  • Target

    https://hatching.io/blog/tt-2024-05-16/

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hatching.io/blog/tt-2024-05-16/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe30759758,0x7ffe30759768,0x7ffe30759778
      2⤵
        PID:4112
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1800,i,3211006748675764425,7480127266260778200,131072 /prefetch:2
        2⤵
          PID:4480
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1800,i,3211006748675764425,7480127266260778200,131072 /prefetch:8
          2⤵
            PID:1520
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1800,i,3211006748675764425,7480127266260778200,131072 /prefetch:8
            2⤵
              PID:4856
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2840 --field-trial-handle=1800,i,3211006748675764425,7480127266260778200,131072 /prefetch:1
              2⤵
                PID:96
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2848 --field-trial-handle=1800,i,3211006748675764425,7480127266260778200,131072 /prefetch:1
                2⤵
                  PID:3680
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1800,i,3211006748675764425,7480127266260778200,131072 /prefetch:8
                  2⤵
                    PID:5028
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=1800,i,3211006748675764425,7480127266260778200,131072 /prefetch:8
                    2⤵
                      PID:2280
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1800,i,3211006748675764425,7480127266260778200,131072 /prefetch:8
                      2⤵
                        PID:868
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1800,i,3211006748675764425,7480127266260778200,131072 /prefetch:8
                        2⤵
                          PID:4140
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2468 --field-trial-handle=1800,i,3211006748675764425,7480127266260778200,131072 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3940
                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                        1⤵
                          PID:3528

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          144B

                          MD5

                          2ebfaaca42dc45c0eb187023263e7fba

                          SHA1

                          17135564f7f6f17b3b6399ba9610075234dcaa56

                          SHA256

                          0bd39490dd791de1f0693bd7da0a9ab5ca5b7f9922269880e93397b93c2a8cb2

                          SHA512

                          27bdae56f119317012cf82709b99c7f603096dbedea55265607188b0a0953b1aaaa43acd7a444905810c464c8302b1d9388df3276899d6ffb54ba10820d67519

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          1KB

                          MD5

                          de2a678a0544cdbc911cc5322fcd9ab5

                          SHA1

                          9577651650f1ccf157b1f440e579864080fdcacd

                          SHA256

                          849b6fe3f2644c772277118f85573d78c50ac7fc7cec408a75e2fb336ebee23a

                          SHA512

                          64c52b8a5627d9602430c52916522b0b4d88e903bd9519ef8b8bbd1e63a081f76fdf078d04bbef27153085f5880695406deabc8266fe8f64c7824ba83491a69e

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          865B

                          MD5

                          a17285f6e9df188df660b1eb7a750ff0

                          SHA1

                          73bc126de96bf99ac8662955b37fa0ffb821fed4

                          SHA256

                          d02b74c54a31c4f466bd3ea14af561ca8f5f8fe6e572d280aeff1e88ccea9f15

                          SHA512

                          1e778171b554b100f4b8d43be9071919c74c493f4900923c62aa2ba41c06f1b9ff0c51b1f5605c08db4dfaca6fd74aa0e8b250dc63085a690e3944f34e111ad9

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          6KB

                          MD5

                          7b0a44d03b7171f7af93f1a12e3fd097

                          SHA1

                          4b64817dd9e3032a62f7b078178f4582345147d8

                          SHA256

                          a89e8d43eadd39b3752509c2218af828655d3aced43d4958887426a963d9c8ae

                          SHA512

                          26a9f95822c7ebfef1140eff4b817e17f28bb920cfacf532de92742eafcf0633155cfd454c558e91a2f97ea0c5f00c4940fd6c1ac27ce16f474dc6c2746745d9

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          138KB

                          MD5

                          bb1309b453b0d007df8f374fa245a18c

                          SHA1

                          c713990b45e816a1216e8fcf9cf529768b8d0257

                          SHA256

                          36e050a0c71a0b4033a112fd3f1c5c54c92de15a91e6f0c1fa5e8d3cfa34a480

                          SHA512

                          5f4362d82721e7c6793b8736cc0d2ced9657d79f8dac1e152902e8b84f1d6644381774e5f144079c0b9409df5008155133f8dec4f7c1f798cc75b421f6db6e5b

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          157KB

                          MD5

                          9411a69af40bef728950199bdd88d545

                          SHA1

                          d923e4b0753c515b0dbae57a580ec8b87731f7ef

                          SHA256

                          60525598fd049a46140d1d20172cfd7f143a2089e7cc544e853a5ede543fcebc

                          SHA512

                          f6c74c7ffcfd0f563eecf002aa7b850949fc4cbc3809c45b7379ac9b5203b6b781fed8d06271462853906ce939d510ae1ca8d83686fcc1438b025b980ddc06da

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          138KB

                          MD5

                          fd73c91a8ed9dded15df88095b9ce8a5

                          SHA1

                          d7a414555683469c68b28fed76c50e3928316d2b

                          SHA256

                          975c3f72b200fdb73d77b52cb16b2cd42907e1d9e4c1ff2ed20218e69b8f0358

                          SHA512

                          2ef96baae37e9687e3a2214794ba18492d99d519eead7e1cb60e654283a35fedc571fa026b8dc375ef39064ecd07c0c1f11f33ec7168f66f5eba2082f5d784cc

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          137KB

                          MD5

                          f0b99d5338bb7553aa3be9cd8725edee

                          SHA1

                          f389383d6f518a8e57366819d5ab79635aca6491

                          SHA256

                          f35da98f8713024de01142e21d21ac69a82b3c02ba680e4b6551f8cc0d33f4cc

                          SHA512

                          6b1955bb75a2c753d37ca5339e9afff0480c34da99321bda259699400bd8fdc3aeae30640c72c125c9f3e7c19cd56077e4e5f21b513a15b34e0f56c6c74a0a1a

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                          Filesize

                          2B

                          MD5

                          99914b932bd37a50b983c5e7c90ae93b

                          SHA1

                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                          SHA256

                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                          SHA512

                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd