Analysis
-
max time kernel
126s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-06-2024 18:33
General
-
Target
7z2201-x64.exe
-
Size
1.5MB
-
MD5
a6a0f7c173094f8dafef996157751ecf
-
SHA1
c0dcae7c4c80be25661d22400466b4ea074fc580
-
SHA256
b055fee85472921575071464a97a79540e489c1c3a14b9bdfbdbab60e17f36e4
-
SHA512
965d43f06d104bf6707513c459f18aaf8b049f4a043643d720b184ed9f1bb6c929309c51c3991d5aaff7b9d87031a7248ee3274896521abe955d0e49f901ac94
-
SSDEEP
24576:mGIyixBMj+/A2d+UKnvT+LwZWj7iDDVVYrz0rbzGTw3DoA/sk6smE:mGbj+/BpKnvyIxVV/XDoAfmE
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 20 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 28 IoCs
-
Suspicious use of SendNotifyMessage 26 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7z2201-x64.exe"C:\Users\Admin\AppData\Local\Temp\7z2201-x64.exe"1⤵
- Drops file in Program Files directory
- Modifies registry class
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa719eab58,0x7ffa719eab68,0x7ffa719eab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4328 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2308 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4880 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4888 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4980 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5232 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1940,i,987877431155007174,2840312358615285345,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe"1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5c3af132ea025d289ab4841fc00bb74af
SHA10a9973d5234cc55b8b97bbb82c722b910c71cbaf
SHA25656b1148a7f96f730d7085f90cadda4980d31cad527d776545c5223466f9ffb52
SHA512707097953d876fa8f25bfefb19bfb3af402b8a6a5d5c35a2d84282818df4466feba63b6401b9b9f11468a2189dcc7f504c51e4590a5e32e635eb4f5710fd80b2
-
Filesize
935KB
MD5d36deceeb4c9645aab2ded86608d090b
SHA1912f4658c4b046fbadd084912f9126cb1ae3737b
SHA256018d74ff917692124dee0a8a7e6302aecd219d79b049ad95f2f4eedea41b4a45
SHA5129752a9e57dd2e6cd454ba6c2d041d884369734c2b62c53d3ec4854731c398cd6e25ac75f7a55cda9d4b4c2efb074cb2e6efcbf3080cd8cc7d9bc8c9a25f62ff2
-
Filesize
7KB
MD59e98af3bcf7acc98daf492ea28bd178d
SHA1e30d0e8b3ad98104fe3582bcbf28e36276a9b544
SHA25619cb2c1b93673fcf63ea28b7fe4a0b09603700b421922a0a4fbd01a14e7994d5
SHA5121c9fa652b0f13996f9fcdfaed3b90e9ab464a49a5fc3a5ff544ab7823db716938a4f3d74269e7afde299918a146283d0db126c7973e0dd29b3a976d5f144fd28
-
Filesize
203KB
MD599916ce0720ed460e59d3fbd24d55be2
SHA1d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA25607118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA5128d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8
-
Filesize
1KB
MD5e3421512104d91f7b2e6591e80d55733
SHA1a876a2b21d4bcd689b11f45fc22ca37746aad9a6
SHA256530621f7fcfcd37b85302f75e720d44f4d3fd5633411b7ed77fb648e14ffa18b
SHA5120cf9f332b482e14d685d7206d1d3a4d97e497548718fbfb7f12f5e5acf349b49c7a269387b2e7928e5706eea6c0049c580a4e5c3bbcc9d4f64b0f3162eacf3f7
-
Filesize
2KB
MD57eadb7f75c04708e9be3ad92909299f3
SHA1832e06003c6342d74fbcc7ad4fa7c1a7323121d4
SHA2561bc27269ec0399d49e76b08ec511e56a758514add0a1c27e762dee218cdcafa3
SHA5124606de380b7b20f749bfff5e3a93e4b754a94cca999ef038808705c56d3b8c34d98bccefd618066caf1773703a42cf47a06f93cae7cfeeb9bf8bc541d24699ca
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5414dea44ddf1add49fe459126fca583a
SHA1b3f48f0b985359fc3aa83961c20a5c0b3511c549
SHA2560ce27acf786890286ef1ee548dc738a22cf1ffff962bffa7e8c7d059845fed6b
SHA512809d495030be81a5c0a17737e69bc4bdd1a23fb0e44c15dbcc58f6db56558c4e83e8acf06e009a2832ba07ed968ac9cd69d90a3b0436927ad428dc7a30d1296e
-
Filesize
858B
MD54027a5cf9ebb987e6f7b2f227a59b56b
SHA14c35a1ba547ccd7709994d3abdb91d425928d329
SHA25686c2f1319b6f5b2397a89cde16ec96187094e12740184b60c444421eae2dbbfd
SHA5121ade47f79e4c7fa5021ceb3d7337579bbc7c7cc19059278fa6f7262cd47118cc3ff8ff58aae3aed374ab95e15d7ef6867aa1724577aa9fcea276a4017d6cf1db
-
Filesize
356B
MD5f500a6bc346f899accb9172f43bb8c5f
SHA11330c24e8b6e04e8dd8b1b7eb3f5d40407c1871a
SHA2561d780a690994ae91962d1e1c1e49ca53b103d44fe1fb694e17ca2d09da85ed67
SHA512098b7a4ade36ccc8c96a85d1a59c4ebb7c307f094996efc4a4bfbba34371c392558ecf4f49f9c02b06ce3d82e857bfee3bd054db5ef1a4b2b0828f6a054aabb1
-
Filesize
8KB
MD52ae3d7535881d58e209138d35a0ad2d9
SHA1f1ab42ebeb2577eb3f511033be33d9919f06d5a7
SHA2562bc99fd2ea69001e74042a263583ea358bee09a62abed94cfdef0e44d9ed4422
SHA51266d6a015b2ad9882d770fcf1adbe45a70d282e608ccd9f39cdf4d9cf388812205698e212ef600dbda3959fa1b754669f5b7fd2b0538f3c38eaacd9e75fa803c7
-
Filesize
8KB
MD5886d880932cfd9f2ebb5e3587fd8fe7f
SHA17bc57be0fb35719f12002b0a56acb349c937e80c
SHA2568d47a32a13a0149cf3b545f929bcac8facda55680e504515a5b16ffe07df890d
SHA512d9c4bcf58036dfd950b88bd4388719db8bcceed6076853adca0f223f7a1765555a3ce9c3e8cdc31113d794d6b422afcecd0931409ec5b80bbf6b4de6f3bee689
-
Filesize
8KB
MD536bb8e4d891689e18eb546ebdf7bbf65
SHA1a163281fc4fc92747fd10d07dd190b91dc81a65c
SHA2569205b6b7918798ebd6f3284dc69d6a00ff5e1deeb29348ee58fc0d2fee10b59c
SHA512778df23bd50bbbcc95b30b6fa0e038170624fccb3b87f39c7dfc849350ee16cde534d6d4cad72b45e75d8d096d677b64387e637b560abcf83dcb7497fba194e1
-
Filesize
7KB
MD58d38a6363c5cb4d1711db0b9328bd790
SHA16327b16661daa82cd9182df117dc33a127e8ec8d
SHA25648b6982ce94d37e66e766e8746b57e1584a8f3df22387dc6fc5d367c35b9c48e
SHA512f0ee70fcc3d5bb46d6ca62d658d74d162a4c52830106544a3f47ad5d1c5c0a1fb13d7977c0d39bda3f7331ac1f83fba65f40962afe8f6cf06ec7e3f0e0d5648d
-
Filesize
16KB
MD5079e27b02c86737226d9ab15eb400c4e
SHA151594e967275fea3c105721038ba62e4a9eeab1a
SHA256de4fa0a0130823ac560a853d3dd2b88fe1e463ec03e8b723f2ed3746e22e7457
SHA512eb9079ec7a9fba69f8bd7bd247e3bcecd2d3e1f477b1ba4c2415d37ce405182e40049053d04c2ec472f09edc4c3dccdb7ca41fe625ccefa161649f7f1a9e7941
-
Filesize
72B
MD5d62f9cd2ef250a9d4f4ef0cea9d44006
SHA1c0eb78e7683627ba69ca054fd693ab116df297b8
SHA25665bb6586b3a55b445b51b922836315637047f0a0e2349b1fb1bcef760ce7e1a1
SHA51249219ae736708156e7be1bda0762ab71266cbdf3fef75bd11ee641d5acea4f7ac1775aed70b4a0003f92e5bfe277e42d9d07964541809ff1e9da6cea05f69eab
-
Filesize
48B
MD5dd9c7728086a453658ade6c95e9fa785
SHA1803415192be9e47367a76f37be9d08897aba27df
SHA25651369717539957c2df0c2ad90f664e716101a150a5ce6176774010d473bd6304
SHA512e387f7183ce089ae9d99c60ab1d4c864c5a9477523043cc1d58c61b0e16ace0da1ddf30dfd22bb67cb83100ddc466f85c273cfa4ec8f03e760d5e84aee08f478
-
Filesize
269KB
MD5f8fb9b64602c423e0eca555196533b8e
SHA180ca86295ee5551fd7d8eb50b4f99ec133bdece8
SHA2568cf88114eedeaeeb446b986ba23d0251b796e9d99692bf67a701ecf7370249c6
SHA5123c83908f0e32bb207089ab9620ceb495198bab1a1969ac8312ead635fd6b40cf14cb7dd018b70865e262e54d0aabda4a965d6bf0035b2162ad7d213f8ab00ea1
-
Filesize
269KB
MD50f365fc456dad658955786da91225925
SHA149bb20e47792202aee824022f89b98355ae5f2fd
SHA256c6708a9c038deb868a1936d3abf4022629eb1e158e72820d29832bf1f244c0fd
SHA5123f0634939c4e4aba75a3f113c77a02791c0632bfbc0b8e07d1e5ac050f3735e0ab1e5ffc2e590274b06afd766b902e29fd83fdf9c8e8290a64ddfa02006ce26c
-
Filesize
90KB
MD54bda715daa227f52cbfc087510fa1a0d
SHA124bf41b381040d69b46106f1915051199bcacb62
SHA256b7733e4686b1647785390554f3791aa2b678ff50defe41a2bd8ee3a23ef750c6
SHA512d8c4394ba10f94bd2f3ddc909e5fed3b73ea0358ed7d24eb3125e4d307d1c3ad016d123d26bea79c9cbb8225cae39188de231ced6270db437d3b9b2ae01b6552
-
Filesize
89KB
MD5b8dfeaa7b9aeae1acd65677982822deb
SHA10921def71d54273cd9fb5fd26a097cf49437b76d
SHA2566ab674d9e4a1e26a49d4dbcec99304262742483f05aff6ba2e2bd5f5a2b89833
SHA512f9a81058c2addf14ae6864351a18759598f0c442808bb89874ace92e3c9595a8a3b42d96e04a4250244fd7bcc5b47c7b121331a9cbb9b47af4c7aa4ec3e554d1
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e