Resubmissions
11/10/2024, 17:38
241011-v7465svclb 110/10/2024, 17:56
241010-wjg75sydre 110/10/2024, 17:55
241010-whnnjaydnb 610/10/2024, 17:50
241010-we39tayclf 330/08/2024, 15:35
240830-s1k4ks1fpb 330/08/2024, 14:40
240830-r13g7ayhne 529/08/2024, 17:21
240829-vxgyvsvbql 329/08/2024, 17:21
240829-vwyj8asenc 528/08/2024, 16:19
240828-tsxyvaxenn 527/08/2024, 18:40
240827-xbb7laxcnk 3Analysis
-
max time kernel
1799s -
max time network
1685s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
23/08/2024, 18:33
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Endermanch/MalwareDatabase
Resource
win10-20240404-en
windows10-1703-x64
9 signatures
1800 seconds
General
-
Target
https://github.com/Endermanch/MalwareDatabase
Score
3/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133689151337089145" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 424 chrome.exe 424 chrome.exe 2472 chrome.exe 2472 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 424 chrome.exe 424 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe Token: SeShutdownPrivilege 424 chrome.exe Token: SeCreatePagefilePrivilege 424 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe 424 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 424 wrote to memory of 3928 424 chrome.exe 73 PID 424 wrote to memory of 3928 424 chrome.exe 73 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 2156 424 chrome.exe 75 PID 424 wrote to memory of 3476 424 chrome.exe 76 PID 424 wrote to memory of 3476 424 chrome.exe 76 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77 PID 424 wrote to memory of 4744 424 chrome.exe 77
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:424 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff3e309758,0x7fff3e309768,0x7fff3e3097782⤵PID:3928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=2156,i,15652118255185261793,107970771659684220,131072 /prefetch:22⤵PID:2156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=2156,i,15652118255185261793,107970771659684220,131072 /prefetch:82⤵PID:3476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1848 --field-trial-handle=2156,i,15652118255185261793,107970771659684220,131072 /prefetch:82⤵PID:4744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=2156,i,15652118255185261793,107970771659684220,131072 /prefetch:12⤵PID:2596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=2156,i,15652118255185261793,107970771659684220,131072 /prefetch:12⤵PID:4856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=2156,i,15652118255185261793,107970771659684220,131072 /prefetch:82⤵PID:4376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=2156,i,15652118255185261793,107970771659684220,131072 /prefetch:82⤵PID:1996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2652 --field-trial-handle=2156,i,15652118255185261793,107970771659684220,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2472
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2264
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5d61545c76e5cb471affcc5b0907b7c22
SHA160022000dd76ce96d12a49a0eda543c9647a6a29
SHA25668e809418c3527ae676f922dcb098188d7fff89191eb7462ab0e86998625816a
SHA512392652b889d00b526ea4e5e5465e7aec8a7a86e93f171bd4a0c8f02ff5ced5494de7ff298b8fb7ccedeb9356159613151d05144e3c41be86ea1c2120abaf09d3
-
Filesize
1KB
MD5ba250343c14c848f165ed76b7d3942e9
SHA100c2604f7a143c9c598f9935f82e5546d69e2233
SHA2565a5a1cbe0c44003d8fbc5a221d4410a4d146e5834045965fb8308467e9028334
SHA51266376478ea92ba269a39ebc1d960a955646a4846c4ec44134f6215693c570c81ba0274fcc2f8c03a3159c525956c203a963ec98fff3d392ffc52290744db8ad1
-
Filesize
1KB
MD5e53456ae952336685626205dc11ff7fd
SHA100f64814c897a35c5aa6c3cebec434ae3ab4d9ea
SHA256ec5d2b67533a1b9bd9da99cfe3177f8a9d3cac268844e39b61aef945a35bc2dc
SHA512bff436d793fe3c270d82403a4f43cf117240fe97cc98a4b5d777ecee25010da247f8e69fb2d947644b799b05a70733605611c1e41bf593664827c25a475dd56b
-
Filesize
6KB
MD5c45b3403bbc1263003883782cc1607f6
SHA1a41c35eaeac5bf103f95b2961a2d032ee1841355
SHA256a460ab28c0105f1f61ed43a139fc3d3b050b5032309f8e3634884b63d07161ea
SHA5127334dbba445d8cd396c92b4391010d24af4bc26f7094d2105d67fb72f67f9575149081f0c0d47ace1e907a3975a785e63b1f0d9d00733269c0cf215f2a1cd40b
-
Filesize
6KB
MD507948afa057d50de687d80e270a471c4
SHA11c346d3a85d406bbb76f7b9dc9feaaae5a5214d1
SHA256fad3e7ad4a098b22766db66ef7aa157c2ff8a2f75b63bffbe40e918f5498a710
SHA512f501f478bee6a7a63086bd8d19798390b6c58741d94409ea07fba358e873f8b912e4fc6268f93f2d26f4b8bed48a483193f2dd04adc610443b413175ba8fed1b
-
Filesize
6KB
MD5612b41ad687f93bd6f20a04a891afb90
SHA1978332c5566a648b3bd71b8715c860c4eba80693
SHA25646429e7a07394367006909b1aa4c8093c370af7da8dc677be584808b11a6e138
SHA512ddca21cf10ee514de2ec198c1f7b563827d8a25b1f817af91406668e5be5ed8059f90135c359f0052ead452e42334c0c6a6b619e68c8ceb8ebbb0c3b7b75fed1
-
Filesize
136KB
MD56f4ab0d20ea41abe3e80c791dcc2a93e
SHA19411d0fbbf1e6ca2d4c3c580fa9ceb130331fca4
SHA25642ada82fd892ea47f9ae00df04ac8871f191552faad66e8aaad301255db3e161
SHA5125db6376a90a6abf28586bd36d16aedd51e96908df5725c598bfc4c2ffcdcd94d76c435bbc71dbfbe80cd9a44567483203c994fb6bae82b0893719fa2c4c63c20
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd