Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-07-2024 03:23

General

  • Target

    https://pan.baidu.com/s/1jFC4jjtMpOnoJLCmO3NInA?pwd=iibh

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pan.baidu.com/s/1jFC4jjtMpOnoJLCmO3NInA?pwd=iibh
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffee382cc40,0x7ffee382cc4c,0x7ffee382cc58
      2⤵
        PID:1956
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,115702369236963975,11636297548228310707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1956 /prefetch:2
        2⤵
          PID:3688
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1836,i,115702369236963975,11636297548228310707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2072 /prefetch:3
          2⤵
            PID:1960
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,115702369236963975,11636297548228310707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2256 /prefetch:8
            2⤵
              PID:4204
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,115702369236963975,11636297548228310707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3112 /prefetch:1
              2⤵
                PID:3384
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,115702369236963975,11636297548228310707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3144 /prefetch:1
                2⤵
                  PID:2488
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4580,i,115702369236963975,11636297548228310707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4584 /prefetch:8
                  2⤵
                    PID:832
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4964,i,115702369236963975,11636297548228310707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4976 /prefetch:1
                    2⤵
                      PID:3140
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3252,i,115702369236963975,11636297548228310707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4444 /prefetch:1
                      2⤵
                        PID:872
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=940,i,115702369236963975,11636297548228310707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4988 /prefetch:1
                        2⤵
                          PID:3216
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5000,i,115702369236963975,11636297548228310707,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4960 /prefetch:8
                          2⤵
                          • Drops file in System32 directory
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1388
                      • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                        1⤵
                          PID:3532
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                          1⤵
                            PID:2792

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                            Filesize

                            649B

                            MD5

                            88a6399eab51cdf3fba1f04e2b0b8d63

                            SHA1

                            8d18df8408abbfdccc42ef5ff6bad8cde960dd61

                            SHA256

                            3c10f15327242c718e2ffafb2bdad8f092fb70b757f600e74076bb71ea2f84c7

                            SHA512

                            7a4ce47cca2527a5e844f85349c23c217f04f0004b0685c7ebe27e2cc2b9c124d545261b5327f1baef84edf923a3ccc420ba70c588aa532eaf5b0561f89877ba

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                            Filesize

                            2B

                            MD5

                            d751713988987e9331980363e24189ce

                            SHA1

                            97d170e1550eee4afc0af065b78cda302a97674c

                            SHA256

                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                            SHA512

                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            7476d28f51dfd9860071e9ee2d2b57c2

                            SHA1

                            ea95802b62249dbd0afde86a60561492d1bc9167

                            SHA256

                            a2b1c00e0492ba390dc8a1b6ef2f8ee2b6bac4e918cf361b195165e672ef1fb7

                            SHA512

                            d40ae5c3ec0a3e8a17cef619aac9b0f26ebeeecccf7dfdd543cb38f83d2dd487c9dad78abc64a3239fea482555ff6f6da5e17d74800a4c1b0e5d144654b39564

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            56793df84a792af7b4683aecf97f51df

                            SHA1

                            06349d8000073778ae09ae9b0548674aa401c7ee

                            SHA256

                            442fc0bbd4cfd203aa68652340b6d9ec800440611d1480650ecdd366d49a4364

                            SHA512

                            72024a6901e8650209aec455293fea8a03234f2735c20fb49096e422b441d80a7b703cd2f056eff6217cfc679ed60e59bbbe994df8789fa4b67765a2e5c0d81e

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            3556fd6b66fafc2e8c4d4be4fcb4bf9b

                            SHA1

                            b7614aebf2058aed65c24f1e96b23e57ec96f0d3

                            SHA256

                            90e307ec549f574bf490ab673fe65098a1095c01158128cea049d3e79a0873b9

                            SHA512

                            951b164238d792a61980fe03fc3eeaf9af6f52237fac2976b56e20947916242bd915643e96207ffe7076c055beab039ab0ffce42276ec83aac7f1105aaf4c3f5

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            3f1bd18f1ab8ed96aacdadd7e9780ddf

                            SHA1

                            781ef9e87ef197fab51a3ac09b3ae59b3554e7aa

                            SHA256

                            a33fc6eb609bbf257ca2a11c1837a02b810122b49d73efb2c9db6a1b071edeb0

                            SHA512

                            75d43fa2929abc4715dc0d577f8096bc30eed6339192743ebc637a0cbbf6fb98a77873bf09a035758b082df0f416f36308cefee21aca134916fa92e7b504228d

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            b36f48b86785631dfc46504afeaebae6

                            SHA1

                            b511e7669be04928e29dde8fa13343ac2787d019

                            SHA256

                            b2ce6ed2e85065253a4a3f60264afd3acbbacdf65d584308a246f65e45e6251a

                            SHA512

                            ca0351ae88c4f2ca38914847fc1c1347c3e263bd4eb6693bad5b13ce4cf6086a802e06ead700c8e89ac7ba9b1ebbee89cde832a6c6488e33f1f1626e27604e78

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            b11ae44279f9dcd114385d6151f6265c

                            SHA1

                            65b76e78a6dd0833915985b769d2bf991a686cf6

                            SHA256

                            cc79d42a9fe11895e3d017944b63e528489d3e6ef288f8148f161401c8751132

                            SHA512

                            6783b61c7aa8416ff23f2f310495d6f8fa45e62d4d990e15937ea2efc9c6209a0917d6a8e281dad0d73007e5d278a3192d4413927889bdd9766011d24e8fe98c

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            8832795e4289c410ea63b871a0731b5d

                            SHA1

                            e4a83af3b22f2306685fda767a870a07c3e0d8aa

                            SHA256

                            127235f6f138fe29ac736737ea3d1b4477b3659f4a3162fb60f5506596371aec

                            SHA512

                            b5016765062355c0251a204efbb1a22ff71c9712bf804e8087ce965f4bf34e4a02cfba17f294fb0ea2d8de31a343f0cb75754873e9d9e1a1a32c25efbf5ac627

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            7c8419eb4335e9059871f1e6b3d46aee

                            SHA1

                            a23b7be88e7a12a282eb9bca78a32f58076af3f0

                            SHA256

                            4e1790e4836bcc1b8797445acd124a1cf325892fac4bbea8ae657f20c501df23

                            SHA512

                            bf6e4ee8feb9bfc9f4c24203e2359fb5ae3f6853a347c86fed595001229616445c01a2f0306a9f151b21f48c6522352b1ce4ea9fc48c229dda2ad84747eda0bb

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            8KB

                            MD5

                            be6c71163dcc8c32451eb46c7490be71

                            SHA1

                            42ea7da056e4e600a7619dba3213708d9610c91e

                            SHA256

                            9d8e0dba9865380276aee49e9cec66153bf61f7223919d380b153b7aec8b9679

                            SHA512

                            bf736d75ec5d22bd97e9c261903f5b8114da65dbdf692867578b611fd18a34c1f207a0c65494b7453ee949db0c690e8dddb9f929830a7b6222d97acf99c04d6b

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            47b8c445b442b53100510390c0a225ec

                            SHA1

                            c7d2a71fbb44edfaba1dbe488670d5e50e28bdb0

                            SHA256

                            36a2c6cb6747681aeecfbc39c035f4ec674f6deabd3f898dacfc4e34ca948b5a

                            SHA512

                            7604363cc41e00a09a7d66e084b48aa16135ec3ce0243c3aa2dbe63ee420cd73849f5d262789d87d0db629ebc166512f3f70f555f36974b6c6f373a119395fab

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            92KB

                            MD5

                            8bf6d15d252ec3de7caf1caa5313705d

                            SHA1

                            d112d604cf007225c6c47477975c1c94c10334f0

                            SHA256

                            7c951bf133bc2ebf1ac55fee22b346d8792f4eece791d96ccd1d376723b87562

                            SHA512

                            18f6536c0a75d228adf301f4673ad80cd6d7f744523984b55452852f45df43ed98c29d5d521270659863286172171b2f3e44e8672ad8ffcab6079c5bf0df9264

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            92KB

                            MD5

                            dc8933a6816b10e68e878d65cddc70b8

                            SHA1

                            83bba56dc9a9094412b7f4a95692dfbb49d7a6b0

                            SHA256

                            e0bfbb7ef2c5e741795000db851eb8ddb9829361f5a42ac09a76003903ef831a

                            SHA512

                            ff78c4b9fcfe3007c764026471d1f14b782109fecb0b17b1fed440717445b38d45c5d1b57ab1bb11f2418e902f01b7aa3cc5fbbadd0dc58dd35f5767ccab5f9b