Overview

overview

3

Static

static

1

42.zip

windows7-x64

42.zip

windows10-2004-x64

3

Resubmissions

05-08-2024 23:21

240805-3b848asapr 1

05-08-2024 23:18

240805-3ajsyasalq 1

05-08-2024 23:15

240805-28nn4s1hpp 1

05-08-2024 23:12

240805-26xh8s1hkk 3

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-08-2024 23:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42.zip

  • Size

    41KB

  • MD5

    1df9a18b18332f153918030b7b516615

  • SHA1

    6c42c62696616b72bbfc88a4be4ead57aa7bc503

  • SHA256

    bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

  • SHA512

    6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80

  • SSDEEP

    768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip
    1⤵
      PID:2980
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1504
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3160
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffabcccc40,0x7fffabcccc4c,0x7fffabcccc58
        2⤵
          PID:3676
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,12959855138598752306,1164673840443245534,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1904 /prefetch:2
          2⤵
            PID:4776
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2236,i,12959855138598752306,1164673840443245534,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2244 /prefetch:3
            2⤵
              PID:1400
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,12959855138598752306,1164673840443245534,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2472 /prefetch:8
              2⤵
                PID:556
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,12959855138598752306,1164673840443245534,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
                2⤵
                  PID:1680
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3280,i,12959855138598752306,1164673840443245534,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3404 /prefetch:1
                  2⤵
                    PID:3364
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3796,i,12959855138598752306,1164673840443245534,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:1
                    2⤵
                      PID:3332
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,12959855138598752306,1164673840443245534,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:8
                      2⤵
                        PID:3044
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,12959855138598752306,1164673840443245534,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
                        2⤵
                          PID:4232
                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                        1⤵
                          PID:4328
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                          1⤵
                            PID:3992
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:3312

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                              Filesize

                              1KB

                              MD5

                              190b97888eb67c9c0e76ca570e292feb

                              SHA1

                              8eafdde63e1b2b031c764bce24e4297bea0cf55c

                              SHA256

                              a961cfbe73be4b5e0bef1d50589822d6041d10c7bb0f37e245a8d64000dc5168

                              SHA512

                              54d9e775c4ae05c01b1c9d8fdedb0164d6a8663bcce82202c3c9b4da59f7f9019ed50f359a605d219434f483cc1bb446c2b3d47048e76ce4b6b726e1d9154699

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                              Filesize

                              356B

                              MD5

                              d7f0ac7c55b2b3e68f713cfa380542c6

                              SHA1

                              a4d7d3c0386638a9eb82b83c8bf43d1916b36d48

                              SHA256

                              34e4deb185273f4165e5397640f5d5e3737fd36ff3234b02679ac7dcecf80c2f

                              SHA512

                              e093db630b997e5dd896cd521ebb19eae9d0c1ddcae5019b22f1167db240f73179cf91a772bc1f7cf74bffcc5363ef3ddd91c1e0974aef07f45e435da871a0e5

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                              Filesize

                              8KB

                              MD5

                              f6948c64592640a6cd9cc216bc095033

                              SHA1

                              68884057b4c4fca63d196538355bd8560a457878

                              SHA256

                              dd5bb8523fd723bb9943d1ad95b4cd8964bafa54ecaac82006de81f418a2d00c

                              SHA512

                              9347056cdab94870cf9c4e9ff6202912b424082fc326bcd6a9c1407c8fab5d6babaad3ac3cc769192ef19a8745a7d5185d6cc268d98a6923b6f79cd38898ca71

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                              Filesize

                              8KB

                              MD5

                              f08729e1ecc5a919074e402e94465133

                              SHA1

                              cfc073f6da1fb2330de61265774791b4fbf2365f

                              SHA256

                              3291df59c07d186f95f00d95b2e20d239bba7a4992f760ebebf770c0c372048f

                              SHA512

                              0210ea4837a9fde91f3f32a268bf7de1703be0a73a86cb2592131394e8d4cd9c49175b9a711e44f3c6879834f12c1f1cbc376f9407d2fe0384268cbd61f6a740

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                              Filesize

                              8KB

                              MD5

                              4a180cc063076b5ee41142e7a6fac37b

                              SHA1

                              d5769972235e724861f3d0422c5abb374c4905f8

                              SHA256

                              0e2b39978bd30d2fe744698b4450e2d31ad66d5eb20a40a5ef102511350e3b9c

                              SHA512

                              6703434e07a7a7b92a8bca41b404275988f23e2d4bdc2224926d28b780c434ce31964d5b735e32ef862a9ac8e98ca93f2be54d1a7ab071a7813265716af34a9c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                              Filesize

                              15KB

                              MD5

                              91125ff0d9dfb93ba173d8c8729bfb70

                              SHA1

                              7c8099a27326ee95c47b4e854c84686d9b6b91d3

                              SHA256

                              afa297b07ec357569f187ac6dfb2e38deb140775937b54f2974bfec4d425ba59

                              SHA512

                              598473ae81f1b42847ba15104c4209948bdb443e89ecfe3db4a29577fea0c2f5fb23b76fe9f096334aa4567e87ff064eb4126db5fcea04752b59e8c6782e7ad7

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                              Filesize

                              195KB

                              MD5

                              d3e0ff3c5dc6bb285c7bc01e820735ce

                              SHA1

                              4af7de9a9a22246789b6f754b267c1fd5cfea804

                              SHA256

                              222affe169de2d26e085c7690e4cc1b672358d42a21a70e8b7109002c12cce25

                              SHA512

                              a83049f7b89e98cf8d5a489446ba77a540e9a1367a722c565a0f0dfbba8dec2f03dffdceb9ea748f61df61d82f748bc9db7a2638b61a15ef4a02181a2b0883e1

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                              Filesize

                              195KB

                              MD5

                              1a9af018608d44f3f866e6e1f7200d0a

                              SHA1

                              64794ab7eb79908060e12cf05cebd31742363471

                              SHA256

                              d17266a76d0caf7b239ae059caf1e3f5e907ca99eb4761889d95b89527bab12c

                              SHA512

                              ad9b93b4a7926c1284357ee0e89b893983c546959ed89e6a4839ef1a490e1e4b3f4e2d24771bbd2902408d636c8f774e672d10ffbef917294d6db76e354fee5d

                              Download Submit

                            • memory/1504-44-0x0000021CD9420000-0x0000021CD9421000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-67-0x0000021CD9570000-0x0000021CD9571000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-41-0x0000021CD9810000-0x0000021CD9811000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-42-0x0000021CD9810000-0x0000021CD9811000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-43-0x0000021CD9430000-0x0000021CD9431000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-0-0x0000021CD1140000-0x0000021CD1150000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/1504-46-0x0000021CD9430000-0x0000021CD9431000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-49-0x0000021CD9420000-0x0000021CD9421000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-52-0x0000021CD9360000-0x0000021CD9361000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-64-0x0000021CD9560000-0x0000021CD9561000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-66-0x0000021CD9570000-0x0000021CD9571000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-40-0x0000021CD9810000-0x0000021CD9811000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-68-0x0000021CD9680000-0x0000021CD9681000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-39-0x0000021CD9810000-0x0000021CD9811000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-38-0x0000021CD9810000-0x0000021CD9811000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-37-0x0000021CD9810000-0x0000021CD9811000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-36-0x0000021CD9810000-0x0000021CD9811000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-35-0x0000021CD9810000-0x0000021CD9811000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-33-0x0000021CD9810000-0x0000021CD9811000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-34-0x0000021CD9810000-0x0000021CD9811000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-32-0x0000021CD97E0000-0x0000021CD97E1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/1504-16-0x0000021CD1240000-0x0000021CD1250000-memory.dmp

                              Filesize

                              64KB

                              Download