Analysis

  • max time kernel
    59s
  • max time network
    61s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/06/2024, 16:39

General

  • Target

    playSong.pyc

  • Size

    3KB

  • MD5

    6e7f536ad672b85beda75deceb3a0e73

  • SHA1

    82c9b882266f0c3cf1c31baae5783f8995377b82

  • SHA256

    86ad561d94af28754f354a5131c7ccc43a29db3264b80f7c51437ea2ff5256d6

  • SHA512

    644e1bc70573b8e1402989a0d5b935b8c80321ec8e72fc1cc7e59ddbbb18428d2a83adef566b8e30be8a3963c45721b1d555f8fa993a1464be7639b4f7acae75

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\playSong.pyc
    1⤵
    • Modifies registry class
    PID:3128
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4144
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4296,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=3756 /prefetch:8
    1⤵
      PID:2160
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2548
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2404
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8427fab58,0x7ff8427fab68,0x7ff8427fab78
          2⤵
            PID:1708
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:2
            2⤵
              PID:4204
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:8
              2⤵
                PID:1064
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:8
                2⤵
                  PID:3304
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:1
                  2⤵
                    PID:4856
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:1
                    2⤵
                      PID:3416
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:1
                      2⤵
                        PID:4480
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:8
                        2⤵
                          PID:4932
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:8
                          2⤵
                            PID:4136
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:8
                            2⤵
                              PID:1488
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4204 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:8
                              2⤵
                                PID:2528
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:8
                                2⤵
                                  PID:4932
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5012 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:1
                                  2⤵
                                    PID:1652
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4448 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:1
                                    2⤵
                                      PID:856
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5004 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:1
                                      2⤵
                                        PID:5108
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3272 --field-trial-handle=1856,i,2829621533648443456,17944755408459368582,131072 /prefetch:1
                                        2⤵
                                          PID:3364
                                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                        1⤵
                                          PID:5020

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

                                          Filesize

                                          105KB

                                          MD5

                                          8e823d05ae750e75394aaae803f2ea10

                                          SHA1

                                          7bb90597040a4d589f6e6a34ab975ef191408176

                                          SHA256

                                          a03b9554c194d538b41f5937dc41d2c2aae2e195c29dfdf3dcf8cbb119838735

                                          SHA512

                                          3e9382c2bc83929884c50c10a88a1e610e6add7d9312bf6014aff9aec7a6ce2a7fed10b77aa6d3a1b1c7a701670832fd80ac28d12e0c740dfe85f8bbd690ea19

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

                                          Filesize

                                          206KB

                                          MD5

                                          9fa4b574b5c7167b90a91546b0269786

                                          SHA1

                                          0320824e542f225bad1a5d511a7480ed73f42e8c

                                          SHA256

                                          50f74556b182109f6266bdd1bc5f9024c2b9b7c4bb05d94c08a76fa9bd2bf460

                                          SHA512

                                          7a542ea89ff1dc2b5c6353a664859f07f3e1804c2c14e094f4652791e0f85531e211a24211d3f9627705936a2264f50dc33f42695f01c6e2c0a55fd0c89c03d6

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          356B

                                          MD5

                                          a9227caeec998e6baf0fd5a40bea05e9

                                          SHA1

                                          fd38e38f0f266353c007f2d8b2e6bafe70bbe63d

                                          SHA256

                                          e5b69ce0fa4ae0837fea5b9f9022d8f872dc10856679cb2166037cdb32cbff14

                                          SHA512

                                          6a9ad9b48de6eea501166f504abcbb4b79749781aedcb644c87d754b5dc73a79fe06d4b8810fd75bcc7d7ab6db17d5f89695d35939068f21149b3787c2cde65b

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          356B

                                          MD5

                                          935138cc4c524547730f86579e3d7549

                                          SHA1

                                          7732ced8bfdc863aa68d8f72d7f0fab3bbe84bc0

                                          SHA256

                                          73ce2f12d08e88d1ab2d428e86933dda28a0aae8cb5a37ca8bd56a700cfb5e5d

                                          SHA512

                                          22a2d6d5c6d55a466ffd6c9298a05e71a890ca2447095d4683bdfe61f04d1ce57886e3f5f79f1c25765011016d59817c63f8f013e1aa72ff98dc614478bdef16

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          1KB

                                          MD5

                                          36e675208097599e39d9d70b9dff60ff

                                          SHA1

                                          19e6d193c29e950affece68cd24dabe8685ebe42

                                          SHA256

                                          26bb05f39edb818a2d79399ea023a32e5434d6e05a8a81adf2490adcb00a3337

                                          SHA512

                                          eae00742b255fa02546e98ef74fe2ca16c0005231b5fc199535266befb9e8b1c2567def9511eef8d476186003fdab730b2d0331e5e8c94b468cb0db39e621f04

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          860dd20e78bbd8b40e5756cdfb7579b9

                                          SHA1

                                          5e1ea5e116bd8494e17992cb2574ac9a87277b2c

                                          SHA256

                                          67e49e0f368855f8fab4750d857e72e6d904f62036b8071b313ca91b857a066a

                                          SHA512

                                          f9ff9fe9fad8864d17758455e45151ba428b87dbb838a8124a3b54e45b726237dde7db3919ede08af9225627e03df8b9da741502a802a7c6a1300663622f3f52

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          6822eea11768868540f953ea66cc497e

                                          SHA1

                                          78afa8830f52960bc3cd8430e5f9a87a0b2acf6d

                                          SHA256

                                          33c3bfc57446c34a222bf2d785a55ceb9f5db7cb1b9626f65c7c24f1833259c6

                                          SHA512

                                          9ad97b2e320b82265372433eb6dc44f021212e831949df4ee1c37a0bfa2bfe4c67d4766b2ea9418f2bd4ad89a90380e933c9f68d0b0dd3679f955955c934aec6

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          aba2619a4a181db55e5f523562261f23

                                          SHA1

                                          bd35e7cac33bca5e8a7e1d5069ffe1435f32b153

                                          SHA256

                                          e17f4e40967f2423d6e30864c0729c72f65a0cd5026d962f512df2cb0f4a13fe

                                          SHA512

                                          27bdf71a1fd925382fe56a6717041cc727d61ae23c24b6e1b0287dab503dc0a2601d28161347d49644d8879a4d9aa65f14f041abe693f659afb5e95b2bdcbb61

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                          Filesize

                                          16KB

                                          MD5

                                          2fb2667d9cfd12fcb48b909789d7c200

                                          SHA1

                                          b4a1cf461387530fd748df6e74201126fba26a45

                                          SHA256

                                          5e188dafdc8618d99f197ee136087776d6644cec23231471039443fca2d6be61

                                          SHA512

                                          48ea9a2442c0e382c04215f7a36dcb4bf1362d54c24d0634dfc9fa234e7717a2518dc5c45ef562fb8967db48c4553e8736a9f03910f8d0b60a7e8c0f6a3fb993

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                          Filesize

                                          56B

                                          MD5

                                          ae1bccd6831ebfe5ad03b482ee266e4f

                                          SHA1

                                          01f4179f48f1af383b275d7ee338dd160b6f558a

                                          SHA256

                                          1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

                                          SHA512

                                          baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                          Filesize

                                          120B

                                          MD5

                                          0f89e2d5b3333700950a4133899c1486

                                          SHA1

                                          bc13ad7bad72bc5ae91358648c8b4155963e8e6a

                                          SHA256

                                          6dfd38a8a60b12a33ffc8040746b3b7edc81630cfc562ba323f59823f71048ee

                                          SHA512

                                          3bfb343e8c27f798f17b9244d4cfd7fa78e83745f7bab3fa5a34a1efc583c39f193d750dc2e22fc495dabfbb9b8b074c63c8705ca81e8f419b80adb03b1c4b2a

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe589640.TMP

                                          Filesize

                                          120B

                                          MD5

                                          57b2afb23f35a67165d2327bd0822daa

                                          SHA1

                                          7eccce840e2f5f7a0cc72122df23938c865d705b

                                          SHA256

                                          3848f4e5f3709c5389bdadcc214b5410068c25d40cc108d65345d749242563dc

                                          SHA512

                                          b7b9755b324636501b63c1dd52faf26e5e7aaf5b36983212627db1447332ad0f90b485150c116e37243a0237f847aabad9b79af887d9f290c2a50c09e4d050b0

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          272KB

                                          MD5

                                          105301a078165dd330feec57a8fabf91

                                          SHA1

                                          d97087e714733a8b83fed6d221bd867a6aee5e52

                                          SHA256

                                          a1ce5baf29848c0536ab3f764002750ecdc8c31d8338195187ba65cdfb763cf7

                                          SHA512

                                          d76037f8783f64aea789615a645e0accb204394424d6944412d704b1fd8ad50d8d60cb31716fe038a0feacc7148ce99acdf98931b0fbe99512f7a1d3a0a91fa6