Analysis

  • max time kernel
    299s
  • max time network
    275s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-08-2024 19:22

General

  • Target

    https://santa22.site/

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Detected potential entity reuse from brand microsoft.
  • Drops file in System32 directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://santa22.site/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2888
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff82fbfcc40,0x7ff82fbfcc4c,0x7ff82fbfcc58
      2⤵
        PID:2908
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1900 /prefetch:2
        2⤵
          PID:4524
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2192 /prefetch:3
          2⤵
            PID:3132
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1732 /prefetch:8
            2⤵
              PID:3704
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
              2⤵
                PID:1600
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
                2⤵
                  PID:4860
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4344,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4512 /prefetch:1
                  2⤵
                    PID:760
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3384,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3356 /prefetch:8
                    2⤵
                      PID:3084
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4456,i,15374631602123349728,10311055307543581465,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1032 /prefetch:8
                      2⤵
                      • Drops file in System32 directory
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4612
                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                    1⤵
                      PID:4428
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                      1⤵
                        PID:4288

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                        Filesize

                        649B

                        MD5

                        4f7f2db165af8ef81092f4b69714b35f

                        SHA1

                        1355e6359fd246ff51d07e06dfc41e4519d00dfd

                        SHA256

                        f3c4342853dd14a29f50d9da5a012260e64859841a1459ee2021b202f360b199

                        SHA512

                        5b7a9e4ea9bad0c1aa0f12b8bd940866d3071c157c657fb207bb55cb518be188001989ed8a0d86417dab4174314954fb9751cc363b437e6efd1bce209ccb0ff6

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        192B

                        MD5

                        d8c691a98ba601c5e6975f5e0ebd1964

                        SHA1

                        2900c2a3c8e6688118f9f45274e8f112e26ff489

                        SHA256

                        4425f25b0fa2fcdff018b98d165c2a6091d439fe94a27f98ecac84de9764a3e8

                        SHA512

                        d1bde624dcc85fa2b4b075c9631c52e19cdc7835f18ec03469b6e02f17816566745e44c98b342900ec5e47b8bbce5d9b939ac5dfacffc22fc18791180653e80b

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        120B

                        MD5

                        e09c53b2e67d0cd52d8c818fe16f237a

                        SHA1

                        5cac232d99fd1413779ce419f461510cfdca883c

                        SHA256

                        9bbfdf946cd1ea401462f80200895b9bc6101189cea24263ae0fa4e72f9a03a0

                        SHA512

                        9124900182a85bbe4a95280d5e524a2c919325e10459f2ad80f6cb7c7045c8151c12b7d8ce8cee08c2708825656e62102ad7003dd5853ad3fbcec839529b7798

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        1KB

                        MD5

                        39d75548113728d78cb3a43bd38c8a87

                        SHA1

                        25919f6815d7b6bcbfd901a706e93f261da7751b

                        SHA256

                        16abf738c9135788c7df2955268fa98bbe83f35b3b0ed78c6c8c691eed9635a1

                        SHA512

                        4d595527ef61359fca7ef1a06837d25de508e4f7c08963c7a12fa00d8bff837f142b6518e7393cd23c43a7574d59eb121f12b5ff90be74318d248730de068644

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        2KB

                        MD5

                        910a679bad4975cc28d75d924d25436a

                        SHA1

                        23bc3b0772347a36973ac9cef7d3398881101019

                        SHA256

                        e95eb869f5492a190ee10111ee71d362e67d95dd65a06190b76e71f5d86fe075

                        SHA512

                        b4f2ca892d3c04fea366de1c6b1689bb7d2ed1c182dd2e8735a1dfbedfebeb76569b6f9c77851792a43248aca4a37d0b5f6f4292b34bcb25ae0ce7acfafa9482

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                        Filesize

                        2B

                        MD5

                        d751713988987e9331980363e24189ce

                        SHA1

                        97d170e1550eee4afc0af065b78cda302a97674c

                        SHA256

                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                        SHA512

                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        521B

                        MD5

                        f72aa80f767034e361c66b0e79629b76

                        SHA1

                        c0b1e0d20558bfd3c4f33ff3e9a53149dfc758f9

                        SHA256

                        5f988a5da39815f274f7b824ff7db697f48e47305c2c00a6742e37875f472ce0

                        SHA512

                        d802eafc066767d4fac1a1f7cc6d72f60db37419bdb6af05f009215c7dd61a5a9a09477f7202070b35ea2e5f0222f7d63026f24ab5ca7a8d921d8f36c89ad841

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        ab62479633be50819d269bb3f74c3421

                        SHA1

                        dca631d3ed1f84b27039c7a9dd5ec2e8ce6493c7

                        SHA256

                        1fdb6b9920058173495e5439260bf685d765a84481f2103d0252175dabd5667a

                        SHA512

                        0093fe07e0053c17d3c926665a6ecda0fc31bdb7d3c46c2c58482bf4ff8ad49d27bf06a78ccc0869509e874d63d326ffcd1569f33173d4ae331cea41e9855c58

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        fe01dee93b52526920866728f8f6d07e

                        SHA1

                        7bbfd2e98956138194236b8ca53138cc03b5b127

                        SHA256

                        fe5cb77ecfa43f0810bd6becaa9fd2073c5d4af06e3a55e37d6537a99ee60ae6

                        SHA512

                        d0f38c90c60d92d8b2219be49648ede5e634bd9bbb786c43d85dc02161ee1ff81f85aa21d787fea23e7ffd08eb57a1a67c6972fbcc1511fa7af3b3453fbac142

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        facc41f701bf5bdd3a4eafb8afa3dfc5

                        SHA1

                        049f010b336fefd7aef76cbb645dbf58030507b8

                        SHA256

                        455ba936967674b10a4625537750f0cdd7adcef9434fbb9bb2bfce419e32c4ee

                        SHA512

                        328b8a88076d2275ee5f896afe622d3d278807c0166f780466d02779e948ad10a76f4f2e4ea0f6756e39a76a6d6dd89afbe0a9106521d081f49500381eac4a46

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        76f9c1901ede002694d2feb68ef24d16

                        SHA1

                        9ec558ee2df444b73e6ccc18aba3caca92f03271

                        SHA256

                        8ece408c936d3dcbbfdcefae750dea4f764727928825992f3afd68458ce4301d

                        SHA512

                        fdccae5d9f258dc532dc7ef8363e433e8aa9546d23e7c120fe22a3f6700f84d6c8243161a476511d24ec883fef841fe5c509b1b48d850ab18424b37067a7cd70

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        029f3aa416f86b0d93b3d115ee77ae40

                        SHA1

                        3f6c3335d8b02ae9eeb9084e3d9deeebf0a1e0d2

                        SHA256

                        294db05734dbb7f89b1cda8531d05351a03431607d63c9ed3484ca731c7d85ce

                        SHA512

                        b5e8f2285cd5732dac82c2f0886002be8d73c8d9dfe7bfddab84b2e16b2bd1f7579e78ea21e0f7f00b695b7df8f8a0a1157fee65740582e0a8721f29b4649886

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        63411294a70abfc1c2d3bc6f865e3632

                        SHA1

                        3e9f5459d29441fbae7589036b23530489a024e5

                        SHA256

                        8a81e454a77b9c98f88bd4e47436a308ded1af0fb0a022e6776b02a35c36bde5

                        SHA512

                        93fbeaa010a23ea83e15b82e4bfe0d96c2a0dfad756a594454f61ae120e7574384ca942d1daed4af0cb45db5fc73866919aa57300c15f036be525cb0bce1723b

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        76e4021de206b299b50f3ac5bea107c5

                        SHA1

                        72706de1e247b486e3b8ef704fbf6da4ff0f6302

                        SHA256

                        099bafff6c078fd47dbe8dab2de2f28cc9b04522734f47b111c502bce8fd4d24

                        SHA512

                        adbcf9e348900cc5008dc24e8a26e1157e20e9f421f8875611dcaa2261b800b1b5cf0b9c8103964b5488352d6c7f0f764838b163aadf844e447702581f771b96

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        0ceeb53e2cad1c9c88e549cfd7a3416c

                        SHA1

                        d2512d550a6549a5c19ac15846dd3ec0dacb8ac1

                        SHA256

                        d3eaeef9ac5f1d2d6562a1e0b0f2474ff8ea6b8c76dddb4ece0b016430832702

                        SHA512

                        9730024144075c827e2b75e0e3b7c4c287f069c43324439067ae97e46f4dc0f5de18b10ceb3aa031c614295e284ba2b96da416cbb6b48678f5812e284c967caa

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        0939dec502fafe1c018b237d79265b13

                        SHA1

                        e69256496f85223c050da0a5f3e12754641053e6

                        SHA256

                        d61cf0c95bf40178bc3578d5bbf7d4e66ba35b44a1a9732a2ca0beab2a517bf3

                        SHA512

                        9ee5bbb8e4c5bf505c4095864e8a75eedfcaefe030918436a46f4708c525ea7492cf6d87885832f1563e84d4066aed555999b62840d56b52efff26bd2706f29e

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        0f11059991005499ba4deecd5a0542ac

                        SHA1

                        118d2182e7ca6e906ff05165c0d8a3dc1fb18eb6

                        SHA256

                        2e893041872ac576c6bcd8e3046ab695c4be4da5dd0f75d54a8530eee154a5c1

                        SHA512

                        dbba730dbd3aad9c0424d812c98cbc201985763b78d53adf7f595b6e8e719ab5f61553bb105784ddc79204d3646dea88f3bfb46409710a6017b26598aa88f9cc

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        46eaf221a9902adbb974a992367e2f72

                        SHA1

                        7057ddcb4dc0ca66397776731df1e8a75aa68e85

                        SHA256

                        ba136779a09a5c586c7248bae9da8be74eda232ffc2afdefdca0eeb432d7977d

                        SHA512

                        c05be81224b5b970e921960bf12c4ffb9de71037da9a19a9d38b5ffa94f1aaa6cc2748c2000e4ea4262229a3ffc03d78e299e69b7a96e18545707540ff47e976

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        00de9e5c0cf8f4d4a0bfb774f4fe1e43

                        SHA1

                        6cd2180ae881347a47deca9f6c2599e00cd5d62f

                        SHA256

                        cf6aff6a37b564aba2fbefbfd9d1e895585301d2a3557289520cb08c9fbea1b6

                        SHA512

                        52e2d43b829d68ab5be19d3d530b0f624f52e86674307d8de3d9ca003518899659a9c92add9205d2c69ef0744d6b3a747a07906e5478b56f2139929c32f3b4a8

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        35326d32ce7dd72e77e3177435a1472c

                        SHA1

                        c3a6d4b5f3c11e05c7aeaaf794f5500c9c14e397

                        SHA256

                        79010086677bd3c5aea0e042b25b9a296e54b14e14a6695a1f98d6f249cffd7c

                        SHA512

                        231f988d6569165efa9cdef8185358e8266474e4745bde4e4defd75e66c2ccb0246b7f1739ea99e557916f62abaccd3d818a2d5df6cf9f8be5af60e446598a27

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        99KB

                        MD5

                        478d38709826897fec3fac4299ec9543

                        SHA1

                        ef6a11e8d69be035687ee9de65e64452a09be230

                        SHA256

                        0890879e255de25804e92ba6c111c2d69be590aadb14cc3a17924fd9d21b55ed

                        SHA512

                        22bbf9ecdc8813ee3ce6651982908d10c7a006f5acc83f69128b80990c581b57fcb65c576b560503f7367e7a012ea1901b1a28f8da844afb96ab16695cac3c15

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        99KB

                        MD5

                        026d74ef4572ce7ab7e5ce22709b210e

                        SHA1

                        dfdda1291f9b8623ee9d7602a06449b0601c0367

                        SHA256

                        4a09c78e4aafb1dbae5c755e259848ec705fe729c84091b1a89c3edecdb808b5

                        SHA512

                        b90c1ba865c644ee1695976d8a69f573571b305989a6cb9cb204e70ab58f8c1ca798eacd33fa483af4290587fb0e15f7b7405cbaf5253a5d2d9ef1f5cd054d97