b43b1c5c0b273a752b054d1109ace00f24d5c7b24b96659abcf8033a7454c90b

Analysis

max time kernel
165s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Reactor Control v0.1.zip
Size

1.0MB
MD5

77e0a4fa75ab65c2db623ae7b421e521
SHA1

c5e08b0565e56d833637f9ce344e25d6d5d273f1
SHA256

b43b1c5c0b273a752b054d1109ace00f24d5c7b24b96659abcf8033a7454c90b
SHA512

ee8c9c56d305eade8f10002b1f3067ca6fb62051cb676d96cc4c344ff16c3f4a23d605cf33f0cc29770fc843366f602c01c433ece4051ae992fc274c33a6149b
SSDEEP

24576:hqMxOcuzW3A3zm6IqFnQZmGDQrJZzVlh+l1Rq:hqMEpm6BFnQNDQXzVlUl6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642369489756575"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4092	chrome.exe
4092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe
Token: SeShutdownPrivilege	4092	chrome.exe
Token: SeCreatePagefilePrivilege	4092	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 4224	4092	chrome.exe	83
PID 4092 wrote to memory of 4224	4092	chrome.exe	83
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 412	4092	chrome.exe	84
PID 4092 wrote to memory of 2892	4092	chrome.exe	85
PID 4092 wrote to memory of 2892	4092	chrome.exe	85
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86
PID 4092 wrote to memory of 3248	4092	chrome.exe	86

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Reactor Control v0.1.zip"
1⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffecbfaab58,0x7ffecbfaab68,0x7ffecbfaab78
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1952,i,254413859995075900,2300758335797854017,131072 /prefetch:2
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1952,i,254413859995075900,2300758335797854017,131072 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2300 --field-trial-handle=1952,i,254413859995075900,2300758335797854017,131072 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1952,i,254413859995075900,2300758335797854017,131072 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1952,i,254413859995075900,2300758335797854017,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3672 --field-trial-handle=1952,i,254413859995075900,2300758335797854017,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1952,i,254413859995075900,2300758335797854017,131072 /prefetch:8
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1952,i,254413859995075900,2300758335797854017,131072 /prefetch:8
  2⤵
  PID:4712

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4944

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8fb00616-6422-4fff-ae8b-b4a0b216745d.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
810B

MD5
8bf36724bd6c8b336e3296fdf9786828

SHA1
14c86b0a2b30b8e6ad86dc0a2870439266176963

SHA256
3f42ad5e72848367cc421b83277f7e44e25adf735809c929786bfe90bce804e3

SHA512
013b9e1e43ca59f14c1ad376e78cea596118fb135986009691d78e3fbe9d8da3cca5d50b8bd64601cfa0b77639443aa72fc38406460b8dcc262ad0552cd0710c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
93264aaa8218af2fddc9fcc280d3c9f6

SHA1
6ae5180e1f94e676ae25f4b394e199f32e93dc35

SHA256
6fa2fe445dd1707b7a5f505844ece855bbfafd178d45f81fb5df939bae06ca59

SHA512
3da5fb3c5a469705d75a05f6509c46c11ff6fb2ba51dd58297226dfbc37caa538a3685077aed848d555bca038af7f28fa59d727dd55a396d0c4ef8a44cd344ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
b1dd521b67efcd01b3a3a60ce925513f

SHA1
b00ac53263ce10937415a57dad4c2239538d0aaa

SHA256
c62de2c02e73e396360813508903191f66334036b792b4691c5de3d6d8e94be4

SHA512
ac7af932d2cf1f01785f4e2d625bd3aabf46257dfc5deaacb534074254dc155d6d344d97ef22fe29ca95903184fdae4899f58230b5d02d0addcd15cfbe0abfaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
bd2b79fae738a3d0afaee13e69ee8afc

SHA1
acf1fb990450ccfe4c0d958dbdf4361520108272

SHA256
80c6c185b5beffce5ad1045c9f7a2d0c888bcfc5e8346837ce5f10dd144ea345

SHA512
88b7a40f3c038395fe399a9167ff95daa65fbb7ae75b36c0f86103eb7b77e9aa311e1457658f03366fb0a85ef4f01999de5ec9bf24d417aa47592bcc999791c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit