c28450696922dcfa91d777278d00bb2e4e6fb08ef9b5c841a937388ca916f639

Analysis

max time kernel
74s
max time network
149s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 06:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

amtemu-2020
Size

15B
MD5

98d6f38478233dd803a7e1b4f870faf9
SHA1

9b1e09f6511f387768da72145790446bd7e7cf63
SHA256

c28450696922dcfa91d777278d00bb2e4e6fb08ef9b5c841a937388ca916f639
SHA512

3860dfd7e39458d1d111cddee5832f015410647118af0fb7ad4cdecbb682550957b5f797d780bc3a3c350c58b5c85a3d66668ca7c8cd08c16840ed2526e8c61e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1616	chrome.exe
1616	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe
Token: SeShutdownPrivilege	1616	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 3016	1616	chrome.exe	33
PID 1616 wrote to memory of 3016	1616	chrome.exe	33
PID 1616 wrote to memory of 3016	1616	chrome.exe	33
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2620	1616	chrome.exe	35
PID 1616 wrote to memory of 2744	1616	chrome.exe	36
PID 1616 wrote to memory of 2744	1616	chrome.exe	36
PID 1616 wrote to memory of 2744	1616	chrome.exe	36
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37
PID 1616 wrote to memory of 2836	1616	chrome.exe	37

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\amtemu-2020
1⤵
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef74a9758,0x7fef74a9768,0x7fef74a9778
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1360,i,2036144156954045443,10295266414697703022,131072 /prefetch:2
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1360,i,2036144156954045443,10295266414697703022,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1360,i,2036144156954045443,10295266414697703022,131072 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1360,i,2036144156954045443,10295266414697703022,131072 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2236 --field-trial-handle=1360,i,2036144156954045443,10295266414697703022,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2824 --field-trial-handle=1360,i,2036144156954045443,10295266414697703022,131072 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1248 --field-trial-handle=1360,i,2036144156954045443,10295266414697703022,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1360,i,2036144156954045443,10295266414697703022,131072 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3760 --field-trial-handle=1360,i,2036144156954045443,10295266414697703022,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3024 --field-trial-handle=1360,i,2036144156954045443,10295266414697703022,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3776 --field-trial-handle=1360,i,2036144156954045443,10295266414697703022,131072 /prefetch:1
  2⤵
  PID:2876

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d1185854e39a12c7f2fd559e32f12053

SHA1
602554c5e22866c9f731f5b9842935d1c1e51022

SHA256
8da263299749d6d674fe025c3551d9196eabc75594c87bec6d8a150f429e9a1f

SHA512
a40387685dccd9e39d38b34ee50c419eeedba1d320eee73419736ba3efb2df5dcfe121c9ff88d65798f52c8c6350aaf37ef3fb8ced3dddaee7d3186261a48e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
5e9fa58156fb781dce6d54a283ca16cb

SHA1
9c3421327d9450e6e3ab73deeeade412abdc9876

SHA256
553ed783cb58d10835d44662add7c89d6e6122ea22f1a7504e3b5495e663c367

SHA512
9bc30e08a955f2e20d5e58071a656fc843bc0c90f70913c7c29392c31835cc5633eb7440a124e2515295b3208024355e284ed28ad36861ad9d4aefd897512511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
797a476b0367bd8b83d25fdbbd530b4f

SHA1
3d0ff75071ba423f23522f4faefa6e4b81396400

SHA256
36ed3f48f091ceab03a1e6eefcf8e80b847456e0b2c111038b017b460f28b78b

SHA512
69873823e721608c664a43162e7e25f8a76ba0da7d4270e47c80c2de398751f1a150261767b7d6f7ddac7a5dae12f237a423f63d88d2fce3e7996695e61330a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
449ea51d20712f1516428aed7544236f

SHA1
c60212b3272bf5bcf0497b5114ed2b730de7224c

SHA256
cebe05135a2adf8cbd60b7994ce5bd5c3e51bdd5e06cae7ccf835434c007ef31

SHA512
7099ee08a17de76e728494da1d3df8f45e69444b0e5d9288d7e17c23069cb46c72b3c68fa1616d7cffffccb52eb1ecda0a6e270a102be1a846544fcf2c769853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
36594e966874da66dfdd58e6a60bfc78

SHA1
f5a693925f25ca694522a522f39544bd711c51d1

SHA256
885438e3d26ea8dfb9340b747711780bcb90dd496cb8c500e6c8696af307d151

SHA512
ef08e363c0c05ee3ef60b2034ec563216687b0837eff2e8e705ac62e9e5ede382d99ccdd00e2421209bc11fa8d634d078c3badda666422b32bc4d82ae135185b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit