Analysis
-
max time kernel
93s -
max time network
244s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
23-08-2024 06:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://gofirst.cn.com/
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
http://gofirst.cn.com/
Resource
win10-20240611-en
Behavioral task
behavioral3
Sample
http://gofirst.cn.com/
Resource
win10v2004-20240802-en
General
-
Target
http://gofirst.cn.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1496 chrome.exe 1496 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe Token: SeShutdownPrivilege 1496 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe 1496 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1496 wrote to memory of 2360 1496 chrome.exe 30 PID 1496 wrote to memory of 2360 1496 chrome.exe 30 PID 1496 wrote to memory of 2360 1496 chrome.exe 30 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 2924 1496 chrome.exe 32 PID 1496 wrote to memory of 1872 1496 chrome.exe 33 PID 1496 wrote to memory of 1872 1496 chrome.exe 33 PID 1496 wrote to memory of 1872 1496 chrome.exe 33 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34 PID 1496 wrote to memory of 2888 1496 chrome.exe 34
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://gofirst.cn.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1496 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8319758,0x7fef8319768,0x7fef83197782⤵PID:2360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1380,i,1137107694599097442,3126310834906103533,131072 /prefetch:22⤵PID:2924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1380,i,1137107694599097442,3126310834906103533,131072 /prefetch:82⤵PID:1872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1380,i,1137107694599097442,3126310834906103533,131072 /prefetch:82⤵PID:2888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1380,i,1137107694599097442,3126310834906103533,131072 /prefetch:12⤵PID:3064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1380,i,1137107694599097442,3126310834906103533,131072 /prefetch:12⤵PID:964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1736 --field-trial-handle=1380,i,1137107694599097442,3126310834906103533,131072 /prefetch:22⤵PID:708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 --field-trial-handle=1380,i,1137107694599097442,3126310834906103533,131072 /prefetch:82⤵PID:1344
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
6KB
MD501027c54cdb5998be8106939588d8bc0
SHA17c377b120de04bfa33bf5c6930a43ac86d6e489c
SHA25660566046a1983bca487006b6c095652a3b73a0bb3d15429cf2f0a242477cc415
SHA51255c5ea2dd8a4af4786c8f203d13f29b206830940a078fcf4ca89358e068fd020e59bd82f4536d610905678a180986f86a8822d4c5a9509e09d4fa26852eb7230
-
Filesize
5KB
MD573f2fd121b2d861b74c7f558808d1621
SHA131d1ae6e1cbd805cad70d1c64206d815096aab68
SHA2561db2197524782bf3d2b407855f49680e61506facda2885ba991bd82d5ef67e0a
SHA51284bdd138d1abb36044de402fcfa3d67ee52c58ec6fcfe87bd61cd3fad79ebaf73084e5a72062b8d7c1813ec243a5a9f111f0711d9b342d9d0afcd5e9584d98e5
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2