79e3037e9a06e020f071e87180d44e82e8f12067351c6ef6258d6d80afbce090

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MHDDoS-main.zip
Size

44KB
MD5

ac19023ad6a0b70b1b4b783f8ababb12
SHA1

535d5ab0826c843b7c2c1dc12dea9a2347b5832e
SHA256

79e3037e9a06e020f071e87180d44e82e8f12067351c6ef6258d6d80afbce090
SHA512

eb1b304bd354a82573ebc58d9b9431bedb8c6a4480e3a4244bfd19943da9d6671293b0bc15e25442262acbe65193885a1c8e92ec9e8e1ee6c7caca5711da1b3b
SSDEEP

768:1JPxcRx9BfbtSqVXp5DXUWCvC9ZcnTGyeAgeJPMQJeEG+JW7nj2PCvBy+3aC2:rPGPBhDkPCMTGoNhMQwEzJI3+

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684376945968930"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
912	chrome.exe
912	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
912	chrome.exe
912	chrome.exe
912	chrome.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe
Token: SeShutdownPrivilege	912	chrome.exe
Token: SeCreatePagefilePrivilege	912	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe
912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 4828	912	chrome.exe	101
PID 912 wrote to memory of 4828	912	chrome.exe	101
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 1828	912	chrome.exe	102
PID 912 wrote to memory of 2328	912	chrome.exe	103
PID 912 wrote to memory of 2328	912	chrome.exe	103
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104
PID 912 wrote to memory of 3476	912	chrome.exe	104

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\MHDDoS-main.zip
1⤵
PID:2436

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe6b0acc40,0x7ffe6b0acc4c,0x7ffe6b0acc58
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,15442126389707683546,10800772017981387632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,15442126389707683546,10800772017981387632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,15442126389707683546,10800772017981387632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,15442126389707683546,10800772017981387632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,15442126389707683546,10800772017981387632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,15442126389707683546,10800772017981387632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,15442126389707683546,10800772017981387632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,15442126389707683546,10800772017981387632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:2200

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f0abc76c814a1b9a3369062101d072fa

SHA1
b1edaa289d23a8f29aab07e2d2609616615cb733

SHA256
bfc3ea4002bc64de26edad8881063d3e10fa15731d262611563463384c2ddaf7

SHA512
e7704cbb1c5661c68c340fbb3d8b5b2658904eb4859e9f0e78440f7f86823191b14fea75d0a15836c926c2d4bb58443e05a17f0ca1f756a80f73bdc78856337a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3ed87425503eead0fab21bb831fba7be

SHA1
8a3dd7a6b619f5d1769ab21a0a0c4abff6d1dfd8

SHA256
8141a976d358259ab3a310ed4e324480737f06e86836d7eabf6955dd76b58098

SHA512
d3a50a6069bcaf325ba70edd0f7d2f6e7a44a08c90560b6ded5e67af7b5a34e8808db0d15a2e2bc2f57f44245ad2c469791e104c2050805e1a3c9aa483655d02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
06a1e6723457a859afedfc3c886ee3bc

SHA1
eb264d2671d4229ed934472088192cf1284e0d55

SHA256
198498b6d8e253c0df9fcfb549e0ee1289f61df3c5a1d0abc293e290979e2c29

SHA512
92900c965c5a86ff9a7e6a7ae8e9f72eb320512a020b765a0eb652215ee3e507586f838591e8b52a899607c4da369a2c9473c8e1129f5bbf100b065129cda3b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7332b4543edca9613dbb2fd1809f336a

SHA1
1aa403e04d07247628640467d1a73c1c62614a0b

SHA256
0585bf474a12b4a07003a7b5125d87dd108b4a2946f29879236d5ab4651ca732

SHA512
d21d63b4c3193c20f6b585698c1352bfe06836c8131cea52fae8f5c9345af1e8b958fd0b64659f97ff310c723720302f5621264828b3567c85c57cce035e94bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d4c5e1647dc0d4b572ef8c4f8d015d36

SHA1
b49949a1b7ec78046b34a2b323e1d323be072e4c

SHA256
f1422a9a9fd5bc6dccf835f882cebbdde39185cd91a4d58db05f36dff27f01ae

SHA512
0e5d96d6956a66e0b0b2972b26cbad7a21d65c2e5140574a7f8675ddb407b8103f02116855473f055482a6e539f6308434374259484747b720551d66c76f3f85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
f09e33861591cf68b9624fc5a7a9ee81

SHA1
2bbe61ead5e9513dd47de10427a06acc94600693

SHA256
59c58678388848de3e6daf5306005edeb78d0878a2d584e40b1d24c64b988cc8

SHA512
c26c8d1e3b322a5ef11349f0f04aec86fdf9fe49d0ca754455cf1b54a1a5c4a64c5ec8e6bff10a38e6a70d05b10bbfd3ff59584c8c87bb2ff184bc8f43c59d77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
75201ff2ccb3b549810e9adbbd16a84c

SHA1
3596e023a96ec89fce1a8d7b620d54af226d0f1d

SHA256
823bd5f20d60e31218caaf72df578c362e50d57f9a16d08b337f5be98913d94d

SHA512
95da297cb127eb5dafa9c6a730e380c539e60d4f000f2cea80a79a19b36c106c23752c1a2a5679088dde9ffe78dbaa3ace6df5b1f0e7f9081ad8114e7b492ba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit