b662b1e8fc21313ad7a113caa8adc7f91cea41d43f3574704d05c123ed247188

Analysis

max time kernel
143s
max time network
152s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26-07-2024 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.zip
Size

2.2MB
MD5

c3808aea64dcaf5026947cac4ba20b50
SHA1

28ad151a0e3cd9a25f10711c9ea67ac79b9be352
SHA256

b662b1e8fc21313ad7a113caa8adc7f91cea41d43f3574704d05c123ed247188
SHA512

64efe049a1e45564334a5c0c42c462df8bb5fe9141a557f1c6d34e41ed2eed0aadbb50294d6911582269341cb9839dccbac76dc1d17c08843b12fae440d63555
SSDEEP

49152:JxVGiH1hUgILVvclcJBNEN4xQE41LMV310:JxVVhUbKW5LxQEiLMV6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1708	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1708	AUDIODG.EXE
Token: 33	1708	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1708	AUDIODG.EXE
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2768	2876	chrome.exe	33
PID 2876 wrote to memory of 2768	2876	chrome.exe	33
PID 2876 wrote to memory of 2768	2876	chrome.exe	33
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 1800	2876	chrome.exe	35
PID 2876 wrote to memory of 2748	2876	chrome.exe	36
PID 2876 wrote to memory of 2748	2876	chrome.exe	36
PID 2876 wrote to memory of 2748	2876	chrome.exe	36
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37
PID 2876 wrote to memory of 2516	2876	chrome.exe	37

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\test.zip
1⤵
PID:2548

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1280

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x7c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6859758,0x7fef6859768,0x7fef6859778
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=284 --field-trial-handle=1284,i,5140624463751279803,943174166116980513,131072 /prefetch:2
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1284,i,5140624463751279803,943174166116980513,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1284,i,5140624463751279803,943174166116980513,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1284,i,5140624463751279803,943174166116980513,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1284,i,5140624463751279803,943174166116980513,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1104 --field-trial-handle=1284,i,5140624463751279803,943174166116980513,131072 /prefetch:2
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1456 --field-trial-handle=1284,i,5140624463751279803,943174166116980513,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1284,i,5140624463751279803,943174166116980513,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3672 --field-trial-handle=1284,i,5140624463751279803,943174166116980513,131072 /prefetch:1
  2⤵
  PID:976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
1c04b7c5556e8cad9decf8142af326d0

SHA1
2f81db072152f6d3fca1f36a8721e32bb94b062e

SHA256
ca7839748b7b5ffa1c978db76a3ca86987ab5d3569ba4a21b1b7cc514dd6fd3a

SHA512
f8e5adeb8cb6a6ffe1e6223453028a4b963d1ed7b7596a7c94d21917425b12e3352eb0c22aea81c0ac4bd9f9738a98c99249d09f05a114a9e965e5459c3fa4f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cdce7c9531c1fe751f3168e2614339d7

SHA1
d03e19b96c2611c8f51a74551be01c7f2a1e9a27

SHA256
b7ebf3ed7536ee2d4d915fb9c5ff6c01f4cfd6a4dbad5862c04cd00e1acf54bc

SHA512
f82dbcead0b3293082699696d749b897568efde02cbbed95ad665e39006338aee5f4c793e10c5ea9b397ed17732b0e055bac5892206d3b19042285e10a3ca609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5d2fc38e75367253a97a16c58eb27dce

SHA1
863ca8afb2a0395a8d736a573185b82319a12856

SHA256
304a0affee06810e2b0da472be8dd30d92b714077096baef24fe13f97e495964

SHA512
20685d784cc20cf2bffe19e6e78ff1567e57a0f08b02a16cb997830991b1fac9c1a21165d7c140652b82bc82a00c42286fb6ea8bb09ab29a59b2598b643b2933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7d1c6660586fce27d09efd90fb872b0b

SHA1
77367facb4cf584ea5796e2bd096b5c84312b83a

SHA256
b2c7f144b218ec0c60407f3199efc016d3949ddfb5431ba25c0fe553a19c8171

SHA512
5674eea59a3787bb65fb06bc7d9ba9aafa19e144082247376fc715558a66a2c922e5bf80ea26b59ac1e1220df2d434257b5c6f6efe4e442c1b72eec6c445064b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit