Analysis
-
max time kernel
702s -
max time network
1695s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
19/08/2024, 20:00
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://youareanidiot.cc
Resource
win7-20240729-en
windows7-x64
General
-
Target
http://youareanidiot.cc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: SeShutdownPrivilege 3032 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe Token: 33 1284 chrome.exe Token: SeIncBasePriorityPrivilege 1284 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe 3032 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3032 wrote to memory of 3028 3032 chrome.exe 30 PID 3032 wrote to memory of 3028 3032 chrome.exe 30 PID 3032 wrote to memory of 3028 3032 chrome.exe 30 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2276 3032 chrome.exe 32 PID 3032 wrote to memory of 2708 3032 chrome.exe 33 PID 3032 wrote to memory of 2708 3032 chrome.exe 33 PID 3032 wrote to memory of 2708 3032 chrome.exe 33 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34 PID 3032 wrote to memory of 2616 3032 chrome.exe 34
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://youareanidiot.cc1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef78e9758,0x7fef78e9768,0x7fef78e97782⤵PID:3028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1360,i,414819775293242263,14575839044642757980,131072 /prefetch:22⤵PID:2276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1360,i,414819775293242263,14575839044642757980,131072 /prefetch:82⤵PID:2708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1360,i,414819775293242263,14575839044642757980,131072 /prefetch:82⤵PID:2616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2208 --field-trial-handle=1360,i,414819775293242263,14575839044642757980,131072 /prefetch:12⤵PID:1968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2236 --field-trial-handle=1360,i,414819775293242263,14575839044642757980,131072 /prefetch:12⤵PID:2972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3212 --field-trial-handle=1360,i,414819775293242263,14575839044642757980,131072 /prefetch:12⤵PID:1072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3352 --field-trial-handle=1360,i,414819775293242263,14575839044642757980,131072 /prefetch:22⤵PID:2336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2328 --field-trial-handle=1360,i,414819775293242263,14575839044642757980,131072 /prefetch:82⤵
- Suspicious use of AdjustPrivilegeToken
PID:1284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 --field-trial-handle=1360,i,414819775293242263,14575839044642757980,131072 /prefetch:82⤵PID:1928
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:852
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD54af14b992d16a9097ddb4009c70b96b9
SHA12606b4a060c324c2048ea8d54374d4f2402886eb
SHA2566ed45c34d54bb5f6e8b2a14aeb78406c243ca3d5eecd7a00089957e8c98dc7ce
SHA5123d7642f60e8a54040b80872747cd6f37017c77ad3ec3f4370fe5641f8a0b76ffbf59f6592f9851d35ee192789b525e2e20d9cabb4c52f00cc08ea3bd94fa8987
-
Filesize
202KB
MD59901c48297a339c554e405b4fefe7407
SHA15182e80bd6d4bb6bb1b7f0752849fe09e4aa330e
SHA2569a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2
SHA512b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
1KB
MD5217c137932a1fa59f4b3df4c9e6b4675
SHA17d56b1b315706926064969a7e07c55bf1b5e05c0
SHA256acc5dbbac30a013067a78ec8ecca1015177ebcad2916f0461675b3526e3e20a6
SHA51227ace373f3648683dd4cb5c01c26dcd469acd946614223caae9777d97e11f1eed79bb07519a6063e2ec17cb33ab67fca172980d5a61f0a0867ba7cd6539ed7ec
-
Filesize
6KB
MD5cc2bcec216fd96a9c5a7f087359f5595
SHA111be73898093a6eaa47fcac195790e02f1e1cc57
SHA2564ce4dd9135b7a2dcd1d1e694ae04504ede768ac05c345d0c5636a2221481b011
SHA512813017ddfd011a95230840d483119ecff08473c5a18483174d536476788fc9ba919272e1f18e6333c286669ea6502249ebfd3466653041ed5e4517e49d17a178
-
Filesize
6KB
MD527ed06c1c23a718b471265239591f1bc
SHA175bb3f4a9a17c6ec06ed803d1233ce6ee24de552
SHA25649a32e028c6da438cf33365e64844013e6da499366ba5e452bb724391aa12f2c
SHA512916789503ef7198ee540cd18ae3bed50ef46c5fe312494710d99945558110552cc9a0c7099ffce745952950985bc19c4bb609d2cfc8e06fd902bbb2a77ba63db
-
Filesize
6KB
MD5d1b4d4d1e5b9c4b70136e26f2cb54023
SHA151f80f107bb4ec3a30444c4412776dc731ff4100
SHA256916af223b5ce5b6bdbe45579afe02bb1c7db04f6759cdf2f1ec58a296c8a6f5b
SHA512ad300a2f9495b1873103b9e2db49f5da18b466580a6d31736d448c93b374cadd62bd9db06123155c47a1d6492d6f0fd3d163bd3b929cbdc5a985950881ec8333
-
Filesize
6KB
MD5f0c990239006f9ff89bf866b6597a151
SHA1f8aa3db263abfd34d6302952d8c3fd9715ad64f8
SHA2560b062d71bd2a1e20b3ec8459075cb4b0becea6be5456ccca28a090d4ea4c4558
SHA5124c2a388a2440614b7535e073d9c9b969bec492a92d36c799b9b52c53611faacb1570e27bc1192304e552cfc5d06d81c4cc27e1ffdefa4f91dda4c7b3fc87ad50
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
161KB
MD5b2f35ec4edad635732b73b1e42fd30b9
SHA187dae67e90b55037c4f514df0c288969c080669c
SHA256fa511a4954ffb8f7db8a86547d9ec4b76de9cf10571c67953cb4435b0544c014
SHA512006fae1c389e3c4efb3722a70d0bad4ba44c229fad9828074f5675ee4993fd497b64f8f1bc69805fa249d8a62fd5a83970003c6e0cc31da49a3e13e56b508e38
-
Filesize
161KB
MD53fe7170a84e00bb2d1fcb623f185b049
SHA1af937a0702b4ab8060e6da8de567ae3813622659
SHA256113ff1e719c6480b993faa97f52fbf8f7adc67c645570b6d900d813bab9edb24
SHA512dbcd29207906e8139b577b1353f31d8fc053650f80118e8f72de1b4851f55a4e5fb257438ecc24fff7f512df75297d40a976b9f11b757cafa38005087b31cdab
-
Filesize
161KB
MD5221664c2c769ae5715ec0c0c13b79e5f
SHA108f4487ba78b3c1a616c6d1bdc350937f7ea5164
SHA256bba9e7c98c3a180db718c1fc46c66ed8f2a2b87ee5449d7fb60bcde39948af08
SHA5126a2ffe8d9ba889622f3d602d93d588a3fc430e740d4450336924d9dd30def87912814d33d11b1e6602689955a8c118c566f574833e98fbc37f800b9095c7fb26