Overview

overview

9

Static

static

3

cryptolaemus

windows10-2004-x64

9

cryptolaemus

windows11-21h2-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 20:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d192731deb864bcdf6b7195969c50dbd1466ee8f9b10da0561220f6458f0ac5a.exe

  • Size

    2.3MB

  • MD5

    d9f021d7ee18dba40fb638b11fe07ecf

  • SHA1

    7ed9a0427b12e93b25892a1e6620871f960529bb

  • SHA256

    d192731deb864bcdf6b7195969c50dbd1466ee8f9b10da0561220f6458f0ac5a

  • SHA512

    349beece2f6f1dcc06c413451448436352854741f6865890539c281cd8299705b483517122a2d3ceabfa4417750bb013292a266d0a5a9097ebceb8dfb50969bc

  • SSDEEP

    49152:o4PrfgfESo9xCv1mWsd3DV63yUdmeaMUWx45k+3SLbiU+SBg:oafgfEFiv1mWshV6xsMUv3SLOUtg

Score
9/10
evasion

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • AutoIT Executable 14 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 61 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d192731deb864bcdf6b7195969c50dbd1466ee8f9b10da0561220f6458f0ac5a.exe
    "C:\Users\Admin\AppData\Local\Temp\d192731deb864bcdf6b7195969c50dbd1466ee8f9b10da0561220f6458f0ac5a.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3140
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1484
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac4b8ab58,0x7ffac4b8ab68,0x7ffac4b8ab78
        3⤵
          PID:3472
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1936,i,15088202084209781475,3235782998612247461,131072 /prefetch:2
          3⤵
            PID:1988
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1936,i,15088202084209781475,3235782998612247461,131072 /prefetch:8
            3⤵
              PID:2308
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1936,i,15088202084209781475,3235782998612247461,131072 /prefetch:8
              3⤵
                PID:4120
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1936,i,15088202084209781475,3235782998612247461,131072 /prefetch:1
                3⤵
                  PID:3120
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1936,i,15088202084209781475,3235782998612247461,131072 /prefetch:1
                  3⤵
                    PID:4060
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1936,i,15088202084209781475,3235782998612247461,131072 /prefetch:1
                    3⤵
                      PID:3232
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1936,i,15088202084209781475,3235782998612247461,131072 /prefetch:8
                      3⤵
                        PID:4336
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1936,i,15088202084209781475,3235782998612247461,131072 /prefetch:8
                        3⤵
                          PID:3200
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1936,i,15088202084209781475,3235782998612247461,131072 /prefetch:8
                          3⤵
                            PID:432
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2464 --field-trial-handle=1936,i,15088202084209781475,3235782998612247461,131072 /prefetch:2
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4384
                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                        1⤵
                          PID:4908

                        Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                216B

                                MD5

                                6ef20e2a1fac66835d60e30cbf597d0c

                                SHA1

                                413f726a900cc54c0c4eacdab3bbb030a8e6ea7e

                                SHA256

                                bd6a954b7df4be656f23012adfadb91df8fcde500e62270c72b53044d0752b48

                                SHA512

                                317979c3eb1766687cebf73663b6b02bdb93073689963acbb6ed9e33f0d5ee27602d5c33c5504687f57f72c22e5c06c951cdb4b9af0173beae0fb485738e406c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                Filesize

                                2KB

                                MD5

                                f940fb4324cbf54a29ce624652ec20e3

                                SHA1

                                e06591419716475265a175b18270c8cded0b27bf

                                SHA256

                                79c6bf5600a3a3c3c989c9d4a8c34b209ee18b255f500669de4faef5d0062838

                                SHA512

                                a32a242d576d33a42e6c419a67cf571ccc31bb3fc965cbfa1e3e0650a9bc6036163dc29573e19609037646fdda5dd78c6925c5cf823d19e1ae94814819a89628

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                Filesize

                                2KB

                                MD5

                                8b822e161c990f8cb82eea616aa121ae

                                SHA1

                                62952583e6ede1d2714df937e1af0076a74e615c

                                SHA256

                                dfd3d28fa2e6a5138a595e8010e43ce9cc63bb368e54030ee3a2e14d092fc906

                                SHA512

                                1bed90bd4ddd867bb11e806ce9166e1bdfdc8f0a639d2ded763e80a82fe7e500bc7cd2215d4950443ba220d13465ac9c14190ad9c5aa51dcf06559d8bd82b63c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                Filesize

                                2B

                                MD5

                                d751713988987e9331980363e24189ce

                                SHA1

                                97d170e1550eee4afc0af065b78cda302a97674c

                                SHA256

                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                SHA512

                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                Filesize

                                692B

                                MD5

                                ad9fe3549ad898be828967a6de45b663

                                SHA1

                                083a48a190f9622211ef8e80d06f292dc14f599d

                                SHA256

                                ddaa9bd255f179fdee2b2da4b850a33e8368ba4f593500944c5f63d712ef72d2

                                SHA512

                                e1baea2bc9e885094a46afdeea8b4e39fb3efbf13158b785d86fd9564763970ca28a12969bd502c6587b229350c9116823fc7a8e63f8c84febd3282ed783721a

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                7KB

                                MD5

                                92ea73e97b777f1b66cfedca45161298

                                SHA1

                                8722967caf2ad0621911edcff045ca68ca41fa39

                                SHA256

                                7acdcbcd31414e8a4c0a93bf5a0249f60ce1b92da9f6f476a9328cf2e80b65b0

                                SHA512

                                4564f3adc63c8197fbe92b96fc6b1b8ff34862b24ff12bc34ba1b19e60c4e50205203ed4ef4f7110f4417437dd72179e2f64c27b7279f43f869019fb65c14431

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                Filesize

                                16KB

                                MD5

                                090a594849769e9c9a21782bef768026

                                SHA1

                                529aef21488a1e2a91819b056dcae9784e83e0c2

                                SHA256

                                97f09bb4901a4d037c84880bc284225e7d077e3c9d10aeec8f48339bd40a876f

                                SHA512

                                896176d609e41818e7404025ee655d3c010415e04040fe40edd56ac9b910d14e9d558b497e0e082d4d2f93ecd5af49a853b404af92f8c75b221ca1c528eb9b1a

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                Filesize

                                281KB

                                MD5

                                57e3a4f48c8ed9a03250c945dc162608

                                SHA1

                                636ec1b87a2e24d5881918bd41de499fa0a17890

                                SHA256

                                6a548cc6224f35bd50ebe896d9420c299cbc742412817f7901e65bf300d4cdf5

                                SHA512

                                bbb2758d1d19b3c42d1e8a9f9aad3c2cb5c04c098d662d3f4b34a7eda4d6d14a1bd7afa846d0d76eb8195c02ec3a97d5618e54364a5074167e8fddc51e0da5c2

                                Download Submit

                              • memory/3140-6-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-86-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-59-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-7-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-0-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-4-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-5-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-84-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-85-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-8-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-2-0x0000000000141000-0x00000000001A5000-memory.dmp

                                Filesize

                                400KB

                                Download

                              • memory/3140-92-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-93-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-94-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-95-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-3-0x0000000000140000-0x0000000000698000-memory.dmp

                                Filesize

                                5.3MB

                                Download

                              • memory/3140-1-0x00000000775E4000-0x00000000775E6000-memory.dmp

                                Filesize

                                8KB

                                Download