Analysis

  • max time kernel
    101s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-07-2024 16:00

General

  • Target

    Creal.pyc

  • Size

    108KB

  • MD5

    827fee64b0b3073f98bd0c945081f337

  • SHA1

    1bd490373e23f3db124f2049bf0081258b836139

  • SHA256

    67c6aab3dc0f448c4b4de7c0fce857961e098986ccabb7c71fb9f48aef29aad2

  • SHA512

    dd85c046bac960cfb4f2bb432ec5eee74e8fbfc48fbbb1727f9c140acf6fff2ff47ffb84828abf9ea470a2eb4216607f5ed062065345a1719f54d0780ab2fbc7

  • SSDEEP

    3072:nV7MaNdUcd63LDAFT8+IiEssh00mH0PtZ8IKEDRc:aQUgW33Hlc

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 30 IoCs
  • Suspicious use of SendNotifyMessage 28 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Creal.pyc
    1⤵
    • Modifies registry class
    PID:396
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4744
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3624
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd5d40cc40,0x7ffd5d40cc4c,0x7ffd5d40cc58
      2⤵
        PID:1724
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,12162329769760399694,2302423595832667030,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1896 /prefetch:2
        2⤵
          PID:2460
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1900,i,12162329769760399694,2302423595832667030,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2100 /prefetch:3
          2⤵
            PID:4024
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,12162329769760399694,2302423595832667030,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2456 /prefetch:8
            2⤵
              PID:2280
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,12162329769760399694,2302423595832667030,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3176 /prefetch:1
              2⤵
                PID:1732
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,12162329769760399694,2302423595832667030,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3216 /prefetch:1
                2⤵
                  PID:4480
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3728,i,12162329769760399694,2302423595832667030,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3720 /prefetch:1
                  2⤵
                    PID:1416
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4896,i,12162329769760399694,2302423595832667030,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4868 /prefetch:8
                    2⤵
                      PID:4928
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,12162329769760399694,2302423595832667030,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5012 /prefetch:8
                      2⤵
                        PID:4388
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4848,i,12162329769760399694,2302423595832667030,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5296 /prefetch:1
                        2⤵
                          PID:3924
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5284,i,12162329769760399694,2302423595832667030,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3196 /prefetch:1
                          2⤵
                            PID:1080
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3368,i,12162329769760399694,2302423595832667030,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3252 /prefetch:1
                            2⤵
                              PID:1768
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3364,i,12162329769760399694,2302423595832667030,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5008 /prefetch:8
                              2⤵
                                PID:4804
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5056,i,12162329769760399694,2302423595832667030,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5268 /prefetch:8
                                2⤵
                                • Modifies registry class
                                PID:1368
                            • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                              1⤵
                                PID:1108
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                1⤵
                                  PID:1036
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:3392

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                    Filesize

                                    649B

                                    MD5

                                    1c548200a10f4f2113b8ce36e4fa0f19

                                    SHA1

                                    bac0ebb01bbcdb669734ee84cf931b957cbc2832

                                    SHA256

                                    071968930356e0c13c74dfe9ebc40e40ef85667fb39aad3b386a34c7a87fc62e

                                    SHA512

                                    0d664f99c3adb698ce823ab58bad6ebe6ba7e734bcbd56bfa72f12fb9fe0f5a974c4efdd6d61615c2cba4c6e1489eb0b3ff2bd829381cb370b7a0510a421ae73

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                    Filesize

                                    210KB

                                    MD5

                                    5ac828ee8e3812a5b225161caf6c61da

                                    SHA1

                                    86e65f22356c55c21147ce97903f5dbdf363649f

                                    SHA256

                                    b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

                                    SHA512

                                    87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    432B

                                    MD5

                                    18b58f5a59779bbf2065dd0037f0c2e0

                                    SHA1

                                    5c21f6ee1fc26951771234b2e15e0667cd15a3d3

                                    SHA256

                                    dc55fab5d27443222af516e19016ddbdb09bae9fe4428caf9111702ce677eabc

                                    SHA512

                                    70f3516aaab2cfab63215985b5b511cd87138b495ec5ab3a9f069a12e63d98e730689aa6548c8cf81d63bca09ded41c5c5e04730de6eb84267e74093b0a7654b

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    4KB

                                    MD5

                                    8ab4f32222a19124f7870dcce7ea3883

                                    SHA1

                                    fff8ca75d3480f655747f1c270f3766c41aa197e

                                    SHA256

                                    e1f7b02bbbe4da25563486b814a12efa33fa7e356f3332075b24beb3ca7feced

                                    SHA512

                                    d6ebc260bfb0e1d239ef0677b1d4e6421e9d0fcf59168021e18dec6b6c6b3b150e1f4d5bfd2464111652e9d3c1dc1a2ca2eec528d10c4d6bfd4e60b40bcce4a9

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    522B

                                    MD5

                                    61bc55e496a38da1c9bdebd444d85e50

                                    SHA1

                                    7cf6ee6dfc1192e4a818bc4a8528e491c418b0d8

                                    SHA256

                                    2d327d4d9da5bd970be30c94e613fdc39cf5e947d7d2a614f5c1817bce33637f

                                    SHA512

                                    e67eedd26e406fe8dd3b452471fddf996e728c0b344d981c415d2a725424fec6b7636440bfac78d540acd58274156f58382fe329fbd407e849ca23c929db11d1

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    354B

                                    MD5

                                    10847f12995349e57bfd7a653fbc7604

                                    SHA1

                                    d9300acac8c8abbe0730e8d567422de3e29bd881

                                    SHA256

                                    c0071a10d7f39e9c3d5e7be53e8500f3e805d769a12ccc591a8a64a9ec0bcd2c

                                    SHA512

                                    7b8a22e5b94b658901dc7f11533f5da8dcf60af85d0fd09b6afcc9672e8e9709e9a62dd808ee0650a02dfefed2de58d820da2f2aafd1a8c771d8748fd787ca11

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    10KB

                                    MD5

                                    bdc6644cc2f57d55b8d30c7bcb1403af

                                    SHA1

                                    f2cb586d5a5b01b054423acde818c8349f3d7c1e

                                    SHA256

                                    9911c476bd33b0e0f9dd39d14c5a9bc4e63d0c0c5a289521389aa1f0f537f2fb

                                    SHA512

                                    1195bb071da322d8da7c894e2a3251fad2918f90fcbffa444664bfa331ea38e873dc92988f085a8b8506054395b468d8ad9e342f0b4c0c882365c0d91f2f1045

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    9KB

                                    MD5

                                    f61148e728d4ee46592b49622dbbcb49

                                    SHA1

                                    5d9d71bfd44eee584aa522c1f28b82659b0e9912

                                    SHA256

                                    150a2c402e137d481153710bfc7c64a5ecfde3f95a667fd2fde7f3a3e1b919a7

                                    SHA512

                                    e4715a8c49c726c83468617dfe34b1365699fb887d6d78d901e452f784ca95f6e142a2ee9b74f64ecd22b29b820d33d939e33cdf45884b9c3e05c2544a1566d3

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    10KB

                                    MD5

                                    430c81787d551f6dcadb037557d192b3

                                    SHA1

                                    ddc156d889fce7744364cae024a48648d69a0a90

                                    SHA256

                                    bfde9ac3aaba2feb81336b9161f3dae87b95b2ded6d71018fc4c67a0ee5962dc

                                    SHA512

                                    a138b5b6ecf1408b7fd764401af109533f99506d41a705a4e31998bd11c45249cc394823802755fb8a9cc6b8e23eb6bc30e7b722d4d1c8e8e22503a1404a3276

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    9KB

                                    MD5

                                    c7f7cb7063028ac3379d033c37cbe063

                                    SHA1

                                    73543b886201c1992c09e573146db26ec07d8765

                                    SHA256

                                    e6e4e8cd040856685f528c6e5df10153ef128cbce5bc9af8f1091d01680df11d

                                    SHA512

                                    68ad405c3d767fea2ae11420223f76fc3388638eb5ddbe3654ad3bf0215607054a944910a390d37d45446760d1a7d98bd6d705006c53d623b5dca3f7100b3f0f

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    10KB

                                    MD5

                                    d1b221af61d74bbb1de834f57ea31c0d

                                    SHA1

                                    109021789f83546e959ceb786111b0bdee203f85

                                    SHA256

                                    3729c0b340a0d2453ca6301a42395ff307b8727b02b2cb30dbef463a8dfd12ac

                                    SHA512

                                    61f99f69de3c5ccafb6f5ff6999f67e940f956ebe524b6a4d834e63e77dadb7a5b1d5cc13de60ebb4119dccd3a12a8f7f166ff49bae781f3b75a3f54912e072a

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    10KB

                                    MD5

                                    aec77918c6cc9db68179aa53fd2d1877

                                    SHA1

                                    33c9fefe93aaa2a6ad92fc3200e05930ae2effdb

                                    SHA256

                                    6f3e22c456c289c4ca8cbbeef88545c913f8584ebd9dc2dbacaaec88acd287fa

                                    SHA512

                                    7cfc37a8ff5b501a325fd9bee7e9b21ad5713cc5ca42de4084136ebde18db3834a8e6e0cb94934a263f89961112bef4c0512ef1bd3f75902d6c13f4bd250431b

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                    Filesize

                                    15KB

                                    MD5

                                    41be6574dfcd526fb4a8e47a81f676a3

                                    SHA1

                                    4ea535b0dcc5c14023d9f9c9103d3687cf188c0a

                                    SHA256

                                    72ac7520d51635efd576c18278495b354bbf0c61e6194badffaac5f1fea26721

                                    SHA512

                                    28442cf95a63e9df11d4bde4fb2a8b685c10d1e3edc37e1e3beb8bd528e53f6925f789c1bb4cf808cbdbec13f970111b2a04998131649629cd3bfb9f4c03fb71

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

                                    Filesize

                                    96B

                                    MD5

                                    d180645218059b17c46eba6680ba7d8b

                                    SHA1

                                    b61d4eba54783cf4fd691ce848abd07c65e46630

                                    SHA256

                                    8d19594251bdc97cca8998d6e2dcefb95611fb2a916c67af2ba4d3a752f94bfc

                                    SHA512

                                    b67c9e4b903b5d5021776fd01e36b4b1ee764ad34aab98a0187e124c3742b36f325301e173555a00c08eb0a06ad09d71b304174d8a0ce45efc21de735ec2ba9d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe580d3a.TMP

                                    Filesize

                                    160B

                                    MD5

                                    cb5d4b4df501bdb88aff97826257e2e3

                                    SHA1

                                    39e3e08a9b77a490db979ddb42bb880418335ab8

                                    SHA256

                                    33431e8fc3b585b80b152f77852b2b05648840dccb366d35c52a527d930a2db7

                                    SHA512

                                    129fe4961bd739702073f6ea8394629eece17b7d2be0fbbeec15f9b62e5346287868ab63c68f009cb3eb128ecd1997d35c2686a1acbec47150bdd05bdf786405

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    188KB

                                    MD5

                                    8fcdbd62b93a506894c2a2345e73f932

                                    SHA1

                                    2991cffbb12cc93ad6dfec209728fc8d4b254e92

                                    SHA256

                                    59d7344328828ce0f82fa027946b012ce11aeb154ac7d6b2917031e3ea255988

                                    SHA512

                                    cd3856678b7f5e80e2a5ed6d8e6f481cc9905e9043ae0ec56c423af7caf3c0bab30fac11e955b799e5c6c000c8d51e6ad3bfd760f36129645b0d99ff6b7b4c33

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    189KB

                                    MD5

                                    1e15e80697c8be6fc968d50c84272839

                                    SHA1

                                    3413738457935fdfb04a99945c0a646531b77e96

                                    SHA256

                                    9922ed7b9d07cd2dfc1072ad9ca91a336265da179a78cff823fc88a994f90128

                                    SHA512

                                    edca723fe6e5bc3a6487f8bafbbc934440c0768f0069adfee06585ca19c608e5f39284c15a2722548230e72f26f146bcf4f4d192e9c25e55473a68eed47b8f4b