Resubmissions

18/08/2024, 15:27

240818-sv7emazfjd 8

18/08/2024, 15:20

240818-sraaqazdjf 8

Analysis

  • max time kernel
    299s
  • max time network
    272s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 15:21

General

  • Target

    http://google.com

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:952
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff96f57cc40,0x7ff96f57cc4c,0x7ff96f57cc58
      2⤵
        PID:4336
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,4357292699144859351,12288226016004493192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1816 /prefetch:2
        2⤵
          PID:4600
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,4357292699144859351,12288226016004493192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
          2⤵
            PID:3620
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,4357292699144859351,12288226016004493192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:8
            2⤵
              PID:2336
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3040,i,4357292699144859351,12288226016004493192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3080 /prefetch:1
              2⤵
                PID:3764
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,4357292699144859351,12288226016004493192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
                2⤵
                  PID:2100
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3752,i,4357292699144859351,12288226016004493192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3052 /prefetch:1
                  2⤵
                    PID:4164
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3384,i,4357292699144859351,12288226016004493192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3348 /prefetch:8
                    2⤵
                      PID:4928
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4896,i,4357292699144859351,12288226016004493192,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=208 /prefetch:8
                      2⤵
                      • Drops file in System32 directory
                      • Suspicious behavior: EnumeratesProcesses
                      PID:980
                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                    1⤵
                      PID:5084
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                      1⤵
                        PID:468

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                              Filesize

                              649B

                              MD5

                              82c18f211201816004016f2b4bf06486

                              SHA1

                              0d637ad2caf6d282427ed5cab2118020399480b6

                              SHA256

                              3ee93b81f192cdf6d7d496fc21d3aab36f8ccc83fae2f77e5c4b136234795337

                              SHA512

                              2aba74104a0b383c71dc88fc84f0156dc129e7256d67165a419ea1edbda20ae6c7a1e694fc4a5eb34d9b8af2c63b7d43ab2ee3e8b1971590650f172678dde208

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                              Filesize

                              209KB

                              MD5

                              3e552d017d45f8fd93b94cfc86f842f2

                              SHA1

                              dbeebe83854328e2575ff67259e3fb6704b17a47

                              SHA256

                              27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

                              SHA512

                              e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              192B

                              MD5

                              0bbc7680ec423a47a58f75fff27e6c39

                              SHA1

                              ed2a53047613b4f4f5705b30d834e6818aa24af0

                              SHA256

                              35f2986970aba10cddfa393123abff58a01d9c1382cfcedf9cc37b0389751af8

                              SHA512

                              537c566e3d061f3bf08e8f4a6c8561d1f71b6280e3c8055fa2179ac5527d33daf008cfba4c848b7afff7738f86e4c5b428c0ce5ab11b9a860a63669fa028785b

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              fccecb3f47a49f5ae82088fadd3eb0d4

                              SHA1

                              9f3430a1e7d62f6d3fc9675c2e5c8be66356523e

                              SHA256

                              6c0d4824431ce045a61b1873a3602bcb2897c2b8450dcee03180ff82f2e52377

                              SHA512

                              6275a372d928f91505a361e2eaafb704282d17670bf04d56ff529fbac7a77b260d464fc72876e02fbe45108bca948030c9c95775bc9ad5c415f2f6e39f33d049

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              6272c9bf1cb77e61c950d094caa73ade

                              SHA1

                              3de6aa984f346b03d67e87f6773088409c5255f3

                              SHA256

                              b72da448e81c655e771e30a41f1206b1b0e542f3026171fffdedcf93bc8c1cce

                              SHA512

                              657f9384cb779b8f66176def3716cb9ff2b2e55feb1ae48bd995d8e20e05fc354950c1537a9d7403e1266bd72247bf05a10eef83f462ccc6e333a26de7e56eda

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              2KB

                              MD5

                              2a51d18111e61a960550d466deaeb4d6

                              SHA1

                              d78ad47987620739395f439da166fc7c8b297a2b

                              SHA256

                              53453d7a7e129b5a8f3d962be8bbac491c684753d422f55ec8a78572c750cd21

                              SHA512

                              4b1b627287568f587150acef97171055506f7227ff4564d05334cc993eb709c71f5f76f6455b990e1d6274c4dc36f52ed83f279f0804503ca34fda2e957d20ed

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              a6508007f4cf64b4c7e0e062542b7540

                              SHA1

                              dd7536171bd0c754c3f0429692ea72390090eb64

                              SHA256

                              1d6435b97eb8c45b9cbc40ac93752f73c1c8decd7a00f87029647b63d20c0de6

                              SHA512

                              b6ddddaaa57b84fcb87c5f06501f10fb5fee2be35e2e6f39bc75e947b888ad2135be723f89f9f1f2171907cf125fe95ebdd3d23fe608ae33e043ea1ee63acd22

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              d6951b4ca9b2265ea9f4e714362c5744

                              SHA1

                              beb98106a8420541f9e2600448deb0c08d1a2e78

                              SHA256

                              5551cc28ae4dcb35c1ac7a63c9cc0b8871b42a019fff25570a794ae789cb22d1

                              SHA512

                              3646e581d57f28169afac4da6878f4880626f57df178f81230b48ff866e45c265677a0440b8cbc6f60a09c62dfebdf9a68ec5cc88bd5a24ce308c5510c50e892

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              2481c78399add5ef14647f888ea60650

                              SHA1

                              5686966bf626c9f913767040d58eb4c0fd936d05

                              SHA256

                              8be83ebe60d8a0caaff3e75842c6fb3b4cc91a7084c57cc63671b1796e3815cc

                              SHA512

                              1f0b5ced76badd7dc6d0562f02f19e3f69dd98a5dec59aa9a7ec8ae8349daaa0077521bb2542ace0558d0496ad13bf9e68b30c4d01400627cdc5f86ef283d156

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              881c931ccdd76b01cbbd72153f24dfe6

                              SHA1

                              56b9cabec50f725a5dccc461a07abb865ca11f63

                              SHA256

                              8075cc64db339f2c065c9a63b7aa5d364059c71dbf5cb80def265ddc454c62d2

                              SHA512

                              35339c049032b513458714fd2d9a7a26b92ec1a02ab1d26ea6b729a22426ad081c818be842e4720b892f35de7cde63b28e0250c5c477ce585eab3574d3ed7eb3

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              0238d6be9292ae65994900c2dce910f7

                              SHA1

                              82c84d9bc3833c37fea0481eedcc8775c260792e

                              SHA256

                              f83266029532e69a63102746447a69ceb998c3ea4dfa2e9cddc4f5f7300077d9

                              SHA512

                              17160ab76019f7fd03b62a00c2cbcd90671caf7c9bc21160f09be012b3c3e48e28fe3117d886f9aa938914c73955620b3a99ef51b736e7cf9e3bdcbc81a74760

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              d5beac60b6f70bd16005bac6ab435425

                              SHA1

                              df8c5cc39f1a0da3b87cdee226d1f3b6f484e4b9

                              SHA256

                              9f5faebad5317efd0f1689927e7e469d849f0ee4260375c5dbb5e15781d3ee1e

                              SHA512

                              b2bea48d211998bad00e57e4df2f53fc8a11fae391eb515e3c9c0aa36940fafc31549f054c04f1348fe035014b2679f6421e8314c91045bb3685fad781f15b19

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              ec74a75ff7db217b757ebd0b5c1607cc

                              SHA1

                              4682e0389fc4eda0cd046296d1c077f59d8ac443

                              SHA256

                              62e7cbf5c1795a40811207c074fbc2ce321fa98951a96432a9b95f090ced658d

                              SHA512

                              40b1a39326f6e10ae06192e0ac9a52e27d7db400dccb98c9ad818a03d45717aa911fcc3ca52816c63c251ecb02d80018ca78ff4bda23573dd95b791975516384

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              07199ff486b83453c64b808fcfd60721

                              SHA1

                              022a9acecfa8eb116d1bf2312db1c2274c5f6c19

                              SHA256

                              80b7c81297aa814c2cb7a32c8bcc6a6cb43c99f4d982495654cf678c91cad39b

                              SHA512

                              ac2386c0c1d3e2a31068941a2afece23d2eb50434e786aba8de50088beaefc5d985c0b524a6515cc5a8a2e95ae7bf054a1e5944da91f4eb13b5332cf057a1b0b

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              7296275275eece765cff23ef8bc848a8

                              SHA1

                              09b7c87f2a0c540916240f7f5ae16ab9802e0541

                              SHA256

                              c442b9060cd23f841835736a7c49aea584383a0604c5abf94bba7b212130aff0

                              SHA512

                              f147bc1676187eac44d32ab7eaf0d68a8e21d27f8a26e63f6a0e56634e42638de3617df37fcbdbfa6deeba7975cf8455a96583086e6b2c0f5fdf60ad6b0c9935

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              9ad6cb4b003b9b1d00eb356289441917

                              SHA1

                              55a22a764db6fe0a7d66ecf8e84277604ffa891c

                              SHA256

                              ef1dba93f7269491bb1720ff52c49e0a78650c6ab4b7c862269f7c46185a1986

                              SHA512

                              a6ce7889c4c62fe8715d7146e26f8dfc2f68f138a8804e75a73db142f96ac4798d5c8d82320eb1212c50cc40c45b69e91194ea57b4c90e3170edf338fd181294

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              5225a846b2691b19b7d9e010a736c01d

                              SHA1

                              c89956fae8e9b72d1d3488a048489cb40083ea0d

                              SHA256

                              6d3d708a6bc4a3003700b0baf58ed7a6354fc62fb3063389061fb7332f1f70aa

                              SHA512

                              d7ccbfb1fa4059e2d2f225601ed6f0621b19462af2172939afa0ee0bbee1a47b4b87690ede280a918fe01f77748ac2570b12165667c6127ba72ed79d83e844b7

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              99KB

                              MD5

                              9ee1a8b4db4f467526be46fd6bc264ec

                              SHA1

                              02c2e8e5bae63e1e4b1e1f7161da3e7852018913

                              SHA256

                              70edffbdb3da96dc5bd962c9ee84ff4f92ae1dd096849c76413e476a84a405d9

                              SHA512

                              f5d3d813efa2a11043e060bf4dd4d00c93788fb604edea245db346ed712aa7021d8ed00add95f9d54f6e0fe50053f398e05bbf28b52fb7bd3fa41e2bf2b193e7

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              99KB

                              MD5

                              a20f51c32ddfeff5d0a78657dcc8d02c

                              SHA1

                              288bef88c5dcd51476193a2002f9d81ed7483684

                              SHA256

                              0b257e3e990ea0554a4f9a1b0a80a84d62cbdaeabdbb0fb68b5aecabfdb7b3f4

                              SHA512

                              7edbd849b24e12e0f763e43de9ba79fc4c96613dfee953450fd65c168b8eadc1f34f8dce4a135f3a04ba6d2a94963b69ef191a25f7244c63521109302abba618