f0982c63b5006fdcfed5b582b5df500b27033ecea5cba5e09886a816ece6058c

Resubmissions

22/07/2024, 12:46

240722-pz1k4axfme 10

Analysis

max time kernel
77s
max time network
137s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

local.exe
Size

5.6MB
MD5

354610622a0044d74b0ddd31fce9b3b4
SHA1

75a06569ecb6427dd1914f6e1fec3a889d92d075
SHA256

f0982c63b5006fdcfed5b582b5df500b27033ecea5cba5e09886a816ece6058c
SHA512

df72baa6254136d09469437f8de112dd7ad1c648b7d84ff816dd2f934af3c7df0b0fdfc2e58c95f0a04cdbb39a201fd3a2f4d3aa41ba0b77596c335361a6080b
SSDEEP

49152:YfPM6fbpCpuj2TCOHIiRO06E6M5UqdJtunHnVnzm5EatXXzihWGNggHL/rF2tZVW:GpRY2IEf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2932	local.exe
2640	chrome.exe
2640	chrome.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeRestorePrivilege	2608	7zG.exe
Token: 35	2608	7zG.exe
Token: SeSecurityPrivilege	2608	7zG.exe
Token: SeSecurityPrivilege	2608	7zG.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2608	7zG.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2680	2640	chrome.exe	34
PID 2640 wrote to memory of 2680	2640	chrome.exe	34
PID 2640 wrote to memory of 2680	2640	chrome.exe	34
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 1684	2640	chrome.exe	36
PID 2640 wrote to memory of 2788	2640	chrome.exe	37
PID 2640 wrote to memory of 2788	2640	chrome.exe	37
PID 2640 wrote to memory of 2788	2640	chrome.exe	37
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38
PID 2640 wrote to memory of 2504	2640	chrome.exe	38

C:\Users\Admin\AppData\Local\Temp\local.exe
"C:\Users\Admin\AppData\Local\Temp\local.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2932

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap22115:76:7zEvent853
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a79758,0x7fef6a79768,0x7fef6a79778
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1188,i,527027223488520732,7224852602682828245,131072 /prefetch:2
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=1188,i,527027223488520732,7224852602682828245,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1188,i,527027223488520732,7224852602682828245,131072 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1188,i,527027223488520732,7224852602682828245,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1188,i,527027223488520732,7224852602682828245,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1392 --field-trial-handle=1188,i,527027223488520732,7224852602682828245,131072 /prefetch:2
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1404 --field-trial-handle=1188,i,527027223488520732,7224852602682828245,131072 /prefetch:1
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1188,i,527027223488520732,7224852602682828245,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3808 --field-trial-handle=1188,i,527027223488520732,7224852602682828245,131072 /prefetch:1
  2⤵
  PID:2256

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e7fa1d68e8e069a448bd11d3ebbae303

SHA1
0c3bae87ddc07a687998a38c7ffc5d3721594f25

SHA256
d5b642cb6bfb2206ce1af3a38a2d0769147c317f1fa883abcc14e9a3cdce6af8

SHA512
7129cb8cd2da4274a7008360f6e2f915ae85b31f4aa3e78b7f93c07caf24264896351bf4e5723e321401ada7b57149a6ade3d0431883fccba5e0a81f89e3a7b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0e23ac5e479f9fc126d91f3ade8f3772

SHA1
bb8533e1e93b895082249fdfc5a0e54d40a661d3

SHA256
93c8dd01359709d22d680409c50dbab3193804a4b1bf42f8f3ab093f6f32f05e

SHA512
afc140fb6e3f58a8a87917bb526d4011b6de68848d0a2e5776c82eb0269949d8f69f8ea9dabc0d96c659cc99d304995e58d8bc09285212b5185d3a87386fc05c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b4f8279c1de45247b0f1e548edc296bb

SHA1
d717b042d95a407095c0b0c8c48dd6c606af817d

SHA256
378be84abb5ca593de0cc3a9d90e8a2fca974004616d3797638cc804042594d8

SHA512
2e83c45283266a11b4213255a92f9afcf1dc4e7e8503fe88faa0e1c4c6ad25f907b1b621e91957bac1e59022da0351cee5261fdd0f82d4c665da3ecb6e8799d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit