Analysis
-
max time kernel
113s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
10-07-2024 06:57
Static task
static1
Behavioral task
behavioral1
Sample
TopMost_x64.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
TopMost_x64.exe
Resource
win10v2004-20240709-en
General
-
Target
TopMost_x64.exe
-
Size
840KB
-
MD5
0115e19acc8cd780d1fc6fbf6fc7018b
-
SHA1
2f771ac760cedd264123a2fb9c130021b48dd619
-
SHA256
3e978334c5465db8271a730e4cc36d90e9d0168919eb7125bb7f98e991fdc748
-
SHA512
0424896699b63227746666e5dae789fd84df062608f4529f6c7679a83a782d655d81342925fc61d2b00c952bc40361eb3d08e8ca50d67837ce398a6ffc490d28
-
SSDEEP
12288:D69zDWz/xwNqdfbrIX3JALF1QbragrEGgtNryyCJuDT/PNa0HYQ8HywOa6u4T:D2DW/xbxX2YIbBQsu3/PNL4Q8HyNa6uk
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2672 TopMost_x64.exe 2908 chrome.exe 2908 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2672 TopMost_x64.exe -
Suspicious use of AdjustPrivilegeToken 30 IoCs
description pid Process Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe Token: SeShutdownPrivilege 2908 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe 2672 TopMost_x64.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2908 wrote to memory of 2180 2908 chrome.exe 31 PID 2908 wrote to memory of 2180 2908 chrome.exe 31 PID 2908 wrote to memory of 2180 2908 chrome.exe 31 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 2140 2908 chrome.exe 33 PID 2908 wrote to memory of 416 2908 chrome.exe 34 PID 2908 wrote to memory of 416 2908 chrome.exe 34 PID 2908 wrote to memory of 416 2908 chrome.exe 34 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35 PID 2908 wrote to memory of 1032 2908 chrome.exe 35
Processes
-
C:\Users\Admin\AppData\Local\Temp\TopMost_x64.exe"C:\Users\Admin\AppData\Local\Temp\TopMost_x64.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2672
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2908 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7199758,0x7fef7199768,0x7fef71997782⤵PID:2180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 --field-trial-handle=1404,i,666734727607133455,2856232480375140801,131072 /prefetch:22⤵PID:2140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1404,i,666734727607133455,2856232480375140801,131072 /prefetch:82⤵PID:416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1560 --field-trial-handle=1404,i,666734727607133455,2856232480375140801,131072 /prefetch:82⤵PID:1032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1404,i,666734727607133455,2856232480375140801,131072 /prefetch:12⤵PID:3032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1404,i,666734727607133455,2856232480375140801,131072 /prefetch:12⤵PID:3028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1404,i,666734727607133455,2856232480375140801,131072 /prefetch:22⤵PID:2256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1224 --field-trial-handle=1404,i,666734727607133455,2856232480375140801,131072 /prefetch:12⤵PID:1524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=1404,i,666734727607133455,2856232480375140801,131072 /prefetch:82⤵PID:2216
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1796
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"1⤵PID:2784
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
5KB
MD532df1261c0c2b08df638997f866b41b8
SHA1195e0288abd7d1b26061795c0bfb5ec9b9285950
SHA2560f350eb6723037a90dd4f971fd1c60cf88262ecb48b0d1e74d4f369add226591
SHA512313292560b296e8baeb51549bbf9f1a4e94932ae8ed2a1c5cb059d166eec3820bd693855f0ecdf596ccf92e5d16512bb29e49153f12b130ec0e2db691ca0f05c
-
Filesize
5KB
MD5b59b628f161d635eddd6f535794a16c4
SHA1fcf3758c597904806ce1ed7d99c0273e781753fe
SHA256e8428c612b82a3fae958cf35d1840338fc20b449eba091ac44652fefcafe249d
SHA51257d9e85ab0c96c9bad1b6666518b6a65b1c3cc4882468d19077899e3f14ac50686fc34ec1fb868757217803c0ccf898a5ced28af4fe4d7c6c39585847df39edb
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
20KB
MD56f00f2710659ab7338d98b9d7d110e01
SHA1854ed424f9c92f3cbef58d7958619b36c5de0e35
SHA25645f02cb445df7352959af8dc75ddd89393f2cb48d908cd7160f04eb396c18424
SHA512513392a8f36c7cfa8f2ef7ed0ee91e214325c27e3b4ef25d4937261686385f7989e123ab3be8d908c7acff0bbc6012bba85e3a75759c0fb1b949e8e83ced09c8
-
Filesize
3KB
MD5a05c97b62e90da002b1eb20ea7dba66b
SHA1ce007a7f110c75d1ff432ec61e67911eaf023dca
SHA256a2b5dd22a817ec048445b80cc5959ac813b4548e496cd9c6602fcf757052cebc
SHA5127af7e6426ca7c544cc17ab01de1b966b3b16ef2336e9f87c1ec809eff3bb784898a903ceb8f0bc8759c23b6b58bec991c3cf47c5f0b1791a04da4b70bdd5fbd2