Analysis
-
max time kernel
133s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/08/2024, 17:23
Static task
static1
Behavioral task
behavioral1
Sample
moonyV3.js
Resource
win7-20240705-en
General
-
Target
moonyV3.js
-
Size
10.0MB
-
MD5
0e57517b7b71a4ea9383c52f69b946b3
-
SHA1
a08536b1476670bfdeb483f90096f2ace55c6a27
-
SHA256
e39d9449218d7f579bb2b64641e4a028e1b798337e27b5445c17c8eaea218eaf
-
SHA512
0b0bc1d8e716b5d45cb9385b3b9a947c02d2deda87ee15324a8bcd0bbdcd8ad42ad0e17c9c8453c6e1225bab22513d1b77b1be97f45752e383d3cedd34031ef6
-
SSDEEP
49152:WPfkyWUuum+Vxg2Y+6DxeT7xoC56XFS/mG:v+VpYQ
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675251556402151" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1440 chrome.exe 1440 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe -
Suspicious use of AdjustPrivilegeToken 60 IoCs
description pid Process Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe Token: SeShutdownPrivilege 1440 chrome.exe Token: SeCreatePagefilePrivilege 1440 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe 1440 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1440 wrote to memory of 264 1440 chrome.exe 100 PID 1440 wrote to memory of 264 1440 chrome.exe 100 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 1532 1440 chrome.exe 101 PID 1440 wrote to memory of 3220 1440 chrome.exe 102 PID 1440 wrote to memory of 3220 1440 chrome.exe 102 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103 PID 1440 wrote to memory of 3228 1440 chrome.exe 103
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\moonyV3.js1⤵PID:3860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3692,i,16315016104747277319,5510969007830467313,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:81⤵PID:3048
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1440 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff956a2cc40,0x7ff956a2cc4c,0x7ff956a2cc582⤵PID:264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2108,i,8036027838350792195,964827191085216849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:1532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,8036027838350792195,964827191085216849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:32⤵PID:3220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,8036027838350792195,964827191085216849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2296 /prefetch:82⤵PID:3228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,8036027838350792195,964827191085216849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:3748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,8036027838350792195,964827191085216849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:1444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4544,i,8036027838350792195,964827191085216849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4508 /prefetch:12⤵PID:4920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4896,i,8036027838350792195,964827191085216849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:82⤵PID:1992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,8036027838350792195,964827191085216849,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3680 /prefetch:82⤵PID:4856
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4368
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4752
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
354B
MD57f472b0f831b59d85ceef2a5857cb71e
SHA143501caaafd6da29ccdbbaa2b71b4673ffef026a
SHA2561a8dd81a60c3c3a2b49299b346241214862b9f2cbb266b5c4b69ad404afbca8f
SHA512f9c7f20b2f81312ffd3f86d8e4bf56ba38d0a4eaad69d028e00f567afdb19c917e5f387df8ba8035ff4d199e393b9e50facecf146f57b16d43e46c09eb464ad4
-
Filesize
8KB
MD5206ee31e8ceecebfeb31667006fe4e3a
SHA1bc3dee5b23e6f0f28f40f7bf7fbb6ca7929de7a7
SHA2563006f3708b662df3da749896c33d1a8d2d80368d522836f2929835a1ed098d53
SHA5122fa2bba39c1805849b0640ac4af5765a4af823408837ac145f953964eaaf946782f3a6301a2db86a112f58389ffe20fa69b2aa6ed041d5fe582bb396585f2dd7
-
Filesize
8KB
MD5543e5e273f0b5a7581344cac9db19166
SHA1cf5a7103dd0759bfe3790132a10b7224ccc22073
SHA2562d9f0e40187e00a43245a6f61058d75256b88b647ae71bebaf2304cf7f75d313
SHA512bec76b9e062c43aae0ef7cbb270f32ad54d8ee8b3a10e427450ab3e086c03a97025b04c246587d4c12e875f540160242a782acb2ada64d51ff2a727d44bc616a
-
Filesize
15KB
MD5bae323f4e00fec4cffc6631e24b83449
SHA195efdccac5b102b30480e7cf2fb2d0fde440066d
SHA256b2811e6c35233c3995c2d5bf6888d422a1f573b7592b3d7adc524593a17e2706
SHA5125811e40c14a854357816fdc1bfdee7bcab3c1b68ae59d414aac895ffa76a59c9a463f0210a9cc311076bf5c7bfc61a81666d494a65488c5d4a0a644c7a3fcfd4
-
Filesize
195KB
MD50e058366bdefdf1569c4672f3e212a23
SHA1ca97b1131adf9ba20b9c9c17565f838decd5a3d9
SHA2562dfcc5731c84def9a5218ca32cbc126414efda01e3f527169df78d4ed33dbe97
SHA512554d7536647424b0717e8493166f236b25eab6df6913a827edce2bba7d5588f8e08f54288dcfac28d430527961e80680592cd1b6c8faee748f5c891fb68332b7