hxxps://github[.]com/pankoza2-pl/malwaredatabase-old

Analysis

max time kernel
599s
max time network
591s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09-08-2024 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/malwaredatabase-old

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676856347240928"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1844	chrome.exe
1844	chrome.exe
1812	chrome.exe
1812	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1844	chrome.exe
1844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeCreatePagefilePrivilege	1844	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 2064	1844	chrome.exe	75
PID 1844 wrote to memory of 2064	1844	chrome.exe	75
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 4700	1844	chrome.exe	77
PID 1844 wrote to memory of 2284	1844	chrome.exe	78
PID 1844 wrote to memory of 2284	1844	chrome.exe	78
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79
PID 1844 wrote to memory of 4688	1844	chrome.exe	79

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/malwaredatabase-old
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff843689758,0x7ff843689768,0x7ff843689778
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1772,i,6664655053704448354,15844519847399280935,131072 /prefetch:2
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1772,i,6664655053704448354,15844519847399280935,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1772,i,6664655053704448354,15844519847399280935,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1772,i,6664655053704448354,15844519847399280935,131072 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1772,i,6664655053704448354,15844519847399280935,131072 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1772,i,6664655053704448354,15844519847399280935,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1772,i,6664655053704448354,15844519847399280935,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4416 --field-trial-handle=1772,i,6664655053704448354,15844519847399280935,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8c16f3756384ebc12d19a64c28d893db

SHA1
20643c823b0eab91745ab5a806e33a9ad3f9e922

SHA256
c8e89ed3f5e566318c1a8c4f0635d50bb481f403d56dbc4a7675f115716210e8

SHA512
5190ee730122a7dd9c03db8f52fac90e6931261b9de03be2a7a6e5acbf6bb929307bbb12d4d588d0bf78b5178aa97545c4e44410545fb0ad3bfb05ed0e94498d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4e1fb72a8621e16342298a981ff51d0a

SHA1
5620500993ac9ef1f5b528c7f0f2be51faf10569

SHA256
484b94b177b46d9043a67a7c7a71eec8837bde3fa6644cc4a320f4600f0e24af

SHA512
579d71aca14af8557f804861f224fe89b051c7475d04f4b074c9b84580eb1026098f8bdf7ff129de14db3a050f648de2f88819111aca695e1c517a73028aa94a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
20ee510690561030376b089b571f3fc6

SHA1
c1432292cd0792863f7889134dc6fe80ee7f6ea1

SHA256
775a7b366dd868e7a90b5579f21a5f3e3c302db6811608b54f596a7720efc83a

SHA512
37ab7ac458dced2aaa6147374b1a72f02cb38a23f4b8dda6c637e2c35575d5d86ea5a18e0f6f226c191d78aaae6ac05113b7147e510dd14d3542fe85de3954e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d67cf408ab43e625e985e32768bc3f2c

SHA1
6db5eb06e9d4a8b1aaa7a7235aa23d57c046fd66

SHA256
d7e8e859f2e5803b4d6f5673d6381f0c34240853679baa976df8480b4b22f367

SHA512
6c9367cfa67a6c0143230ce079756cb1440fc79b3c2a68bcd21e390fa19c3e85622a322756307844e74dc8e0782ba4cd774f8873706fa5f4c473a06e7e286bb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1726de3e733bd58fbd1a19419b31d8b3

SHA1
fdc5e3fbae8961145557a35588bdef97a7a9e9ac

SHA256
9246d9c83375faf383902a6f165d891ac640e16829b1e0408ac83c8481a18765

SHA512
a369f29eec4c91d9045bdc6987681e2b56db006f2e1aeaa6d4b496daeef2f85670b4ae36f569330bf0c80d642fe80aeee4a8f9ee98fad7f5e8b3e9a606fe409d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6f34014508801677fa8608726265fde2

SHA1
1a7fa7afb204e28745b457b65728f929676e63ba

SHA256
ec9c789bdae1753c60796dcc04022caec1e4c13534f0b135cbdbe5c770969398

SHA512
bbaefb1f2a39db0350565de965cd58cd20ae1b0cb931b436b0e180febd53cdfaecca2ec744c4678870049a2ab0323d9b145e8a8452cc99eb522910a72926d77c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e8fd496d96781ae58267f8a642e50a08

SHA1
0ac69e14d878280f28cb7e33286c0feb5980ed9a

SHA256
43a47a53d2e2c176d4bbe52546b1d4ba9f606ce0c221e1409057a69082b4d917

SHA512
5f10940e6af4b71653f7ebd8e20a3f51cf262ff1715da3fd8a3954fa2a558b4d1c0601024f51465d3b8cc6f0bdb3207f76116c3f032a348be5e11f209b6e3a82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
1972aabe2b6dda0269f102ca90d74a8f

SHA1
fc2b002c121b1940d74f2dc050f65a65c62abc9e

SHA256
b345447f152e95922b2071ba19e704b8a5646db1cf7c037af7fb44c8882c4ef7

SHA512
0bac195658a40c3c993bd09e0680672a9587d3f5f0933d9457d3b3d24639f9c83fb0299b6ba378505c47111e5f40a3a96f0246f2f62a6ec43aa3eea2cb693ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit