hxxps://github[.]com/IceHacks/KrunkerCheatInjector/releases

Analysis

max time kernel
49s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/IceHacks/KrunkerCheatInjector/releases

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644995225560281"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 4388	4864	chrome.exe	83
PID 4864 wrote to memory of 4388	4864	chrome.exe	83
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 3192	4864	chrome.exe	84
PID 4864 wrote to memory of 4348	4864	chrome.exe	85
PID 4864 wrote to memory of 4348	4864	chrome.exe	85
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86
PID 4864 wrote to memory of 3496	4864	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/IceHacks/KrunkerCheatInjector/releases
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e2ab58,0x7fff76e2ab68,0x7fff76e2ab78
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1640,i,6764727723844645140,5659520371298358213,131072 /prefetch:2
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1640,i,6764727723844645140,5659520371298358213,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1640,i,6764727723844645140,5659520371298358213,131072 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1640,i,6764727723844645140,5659520371298358213,131072 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1640,i,6764727723844645140,5659520371298358213,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4364 --field-trial-handle=1640,i,6764727723844645140,5659520371298358213,131072 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1640,i,6764727723844645140,5659520371298358213,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1640,i,6764727723844645140,5659520371298358213,131072 /prefetch:8
  2⤵
  PID:2288

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
46d1d784ad071c776cea951cac114be8

SHA1
650a80f92a53c26ea78e4a7de58a731843b88d93

SHA256
eccda45bac7a582a4cbb4637815644859dccbea7242dbbd2741a6e7f7d56b5c5

SHA512
8e0659c9a8db63b4130624d2bf67d802c8879441099334a087f4e77ae9e644c7197611b3abc45e9b3e102f534e0b9d6abc1707062ea5c487aa9b320f43257a64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1b1b5fbf5fd71d317b4e729651e3a7c5

SHA1
b0f652ea91426c816cd5aac4830215b37a7db960

SHA256
46f36a5d27cca3539a834a37aab5ff4e0fc75c90285137fc22a7a303f2e5ddbe

SHA512
b841ed791f5a9245ab53de6bc0f64a6f6eb1d22b9e4ba5a68c3d10929f90cdf4d74e103f01520717c9e1b25eaca4f89c6ffcf2918b2d0ff3e29fe78021d6122e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
deb6efe4c50cee791c9d4cb923681cb4

SHA1
4b09e1a82a6b460ec2a907a23bfb5b10d9a1923f

SHA256
3f3dfab41f034cb10d9cc1ec84b26efeee8a52c5d6e91c7b4189b2a20dffaf44

SHA512
90c626288f12b4d06e683d660aa9c6be9668cec68eb8a464e57b4ad20bdd9614f3c1fe46871016fac91c2de518bea09fc46c56ee9da0c063c458a5d54e6277ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
22540510824a2e75567facfe50202859

SHA1
87837c0041aab549363b204351fde3d91d25d47d

SHA256
69ca90d8e0e1a08342c6a8074fcc741354146fcfa19d38a3fadb61d841309d15

SHA512
f71a9595d1458cceef8124fd602ea30ba3778de51503ea6ade4b4c0935a52e3f5571d894715e1e56adc6c75a76130a38683b7773df1081069c2ee761e23f0973

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b60812e485b6ea6efd7cd6de45019e70

SHA1
d82a60ac44dcddad7e2a6b1ad9a3c2ffc5f86bca

SHA256
77407498525646c72b1ebbb8033bc949c059c73b5819325bb01a189e06c39350

SHA512
9f3fda9014925eeff5ed4da16683830b395456fedfb7030445b00ed750c50cdfdf35e49fe08fb8c620447d1064ba780d766c06a93565bb90bd7d35f77c375e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
d6ac1e9b1485068c0e079cc54af65585

SHA1
71fc0f2085543b97c39ff99cbda5d7dd9d8a4cb7

SHA256
370e28315fa0a3b3635945e8fdfc67cdd78eb6643ed437d40fa780f34ea8dffa

SHA512
0934bea0ff1509e38b10feb93beb5d7ad191b01092bdbce900eeb732eb1962394707a848193daf0b663e0f2df19a676b08be797e15bf8147d92046b26ec12b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
e174a8e746b580cf3ecb24dc6d51045f

SHA1
f3602ec9afb52475a7f7a85401006e0fb27f792b

SHA256
c3b78f0676c2790ca55e3a7fdc8816fcd574abc3e81f360436ebe4a6918a6c19

SHA512
1496ddeb8504124513b502d7d338fe5ae5d59f484567203951d415bd16fe650aebc24124c2cf40553165e7ae2c6efa4a0e12f045f2440a5defc6b169ff6c4b9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57db4c.TMP

Filesize
88KB

MD5
586a5e8f08b31dab4bb68e27d16529d5

SHA1
5435970ff2d54a32ccee08e8b6c19a488b7f91e0

SHA256
9ce02640b3b18232f3d344a9b9299fd45e17a3e703ad9ef13cae1f46e39f308c

SHA512
366c6a6ca4a2a7e82c9d6288e9bb55921ba142f5dc3a6ce2996be3f8e3ba76b4af06a72456faae3f855589ccf44168662b1d9e5c51fe5018e2516fe34537b8f9

Download Submit