Resubmissions

25-08-2024 17:56

240825-wh97jaybmr 10

23-08-2024 18:11

240823-wsq7ea1bnq 8

23-08-2024 14:55

240823-saj4latark 3

23-08-2024 13:32

240823-qtft6swhma 8

Analysis

  • max time kernel
    209s
  • max time network
    210s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23-08-2024 18:11

General

  • Target

    https://www.bebepaidika.gr/wp-includes/blocks/fold4e45874.7z

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.bebepaidika.gr/wp-includes/blocks/fold4e45874.7z
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:860
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc85b19758,0x7ffc85b19768,0x7ffc85b19778
      2⤵
        PID:5104
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:2
        2⤵
          PID:920
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:8
          2⤵
            PID:4640
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:8
            2⤵
              PID:3156
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:1
              2⤵
                PID:1244
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:1
                2⤵
                  PID:1504
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:8
                  2⤵
                    PID:1120
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:8
                    2⤵
                      PID:2976
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:8
                      2⤵
                        PID:1040
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3188 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3044
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1524 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:1
                        2⤵
                          PID:3392
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5440 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:1
                          2⤵
                            PID:5012
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5604 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:1
                            2⤵
                              PID:2544
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6120 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:1
                              2⤵
                                PID:3340
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4436 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:1
                                2⤵
                                  PID:440
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5628 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:1
                                  2⤵
                                    PID:5052
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5688 --field-trial-handle=1812,i,2533018253863103365,3944337762576374853,131072 /prefetch:1
                                    2⤵
                                      PID:1896
                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                    1⤵
                                      PID:2800

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

                                      Filesize

                                      212KB

                                      MD5

                                      2257803a7e34c3abd90ec6d41fd76a5a

                                      SHA1

                                      f7a32e6635d8513f74bd225f55d867ea56ae4803

                                      SHA256

                                      af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

                                      SHA512

                                      e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      168B

                                      MD5

                                      ce1dc807f3e7c847ce9b11103c8a1d9f

                                      SHA1

                                      82eadc93987dfb8bc76f78a74c64904794562e66

                                      SHA256

                                      032bb2f901cb57b0802e79e855a479423fe26cb73c4331225c26b2efd79f2b87

                                      SHA512

                                      d2b2f40582fe00459a42c0df7e91f2f5956c9144bce5a6b93a412da1fede9e5b3693975433ede9cde853ca6769de3ff26c98a955c84411f6bce7fec8a590fd81

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      168B

                                      MD5

                                      3f195db3553b3a1e2b4f71b070a44128

                                      SHA1

                                      b025b3e950a0a7c58a244102d18ea8a3e328fb4d

                                      SHA256

                                      66474cac74b3ffa36243daf6c59a13353b54980f5ab32ea89693c9d6ec2b8954

                                      SHA512

                                      076749979bff3de98fbddfc786525e672deba2e912b76eefa3c38083bf48ea1a89ff8de6a2060fdf6b570b1fb0beaa9a04e5cdc0e69de50cd7a6a34091de3cb6

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      560B

                                      MD5

                                      e47aeb06a585d16e62fd5ff5a017b068

                                      SHA1

                                      3a3aa85cfa4b582fe733ab863b4a29c244691d7c

                                      SHA256

                                      3a8ebcbb07732a1b495f061f93a3ee3af3bafa0908d025192d48e9aaace2b92c

                                      SHA512

                                      a22d79adce03f6f79d017303785c9392c3412805edbe976e742f3489e9a55fcdda34dfa29c3e589f1177a6236120096fc879fac4fba6329826d052d3a7c4cade

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      1KB

                                      MD5

                                      0b947c9afdd84b8dfce6c995cc3ca751

                                      SHA1

                                      3b48ea8ffd55f358307056e5d4a0ba0479bdb1d1

                                      SHA256

                                      acb594ec75c7de6b0d0afe6d6e763d5b83b2fcb18741a1bc643b713cd455c5c0

                                      SHA512

                                      92017692fa757bc99f55cb6328c03b3974c9dda9bee4d410f2645808392474e4f7e2f6bcb938cf0caf543b9009eef859ea442326d7b4557acd4077fe5c3c80fc

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      371B

                                      MD5

                                      11ad607c33a0a5ccf173252d0c5438ce

                                      SHA1

                                      c8fc42ad9273f73ecb8301d50fa638c820ab3a3f

                                      SHA256

                                      2f234a9fd2876c1560bb944ee9d5d2d2a755c423468428e6d7892aaa32b9d1d3

                                      SHA512

                                      3fca3fd2e1e6ec29e93a7ce5ec20f141faf56d471d0d396b302591f8f4b9d87b7f295d385a258286a8b22afb93053b7d2a96d8eeb9ffe61afff3563d7a8d03c2

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      4e56f4db0e574cd2a4f72219fba40952

                                      SHA1

                                      2e47754ca2e9d2247c30b7ee326955fb85f63de0

                                      SHA256

                                      893876ba96b1c709371e07e28539265175ee06b4a3505fb9ff3223f5e4c13b62

                                      SHA512

                                      498929e4e5ac80bbd7938b0eb41d30d4a514865c2ffdce43940b5587a37416bc57145faf1ea92056922e177a55134dbbd9642381d4f87b95defdbd2bf545172b

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      88e3042c6a61be4c9db852a6315b56a9

                                      SHA1

                                      b3a86436b53061a5641565014bae766f0a1dc31c

                                      SHA256

                                      6bc93c86bf506bbaf428ad96d8249338550cf627f50162961e6ba8d82a140cdd

                                      SHA512

                                      a9e4903d45159638861dd9532f3495a65c5179daecce54e4dc4de729e376d1eb0c99a895992714658f6b7c62981153f045a647232720551495ced19da92937da

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      d398b600f0c51ac6c10cf8f0016b3352

                                      SHA1

                                      a529b869c504b1de5b3345415e383201d60d2d68

                                      SHA256

                                      fd41a3015f307f24dab16ffcb05479e490bbcf44dd4dde0b742de990363a41a3

                                      SHA512

                                      05c3949f36c6bc007fdde603cb8bc21690bcbee3b23a759cc4e22b150bf6acef65527b168013e505ab542ecf12faa2cbe6104062fe25e98e5cdfc392248723f0

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      5a4d5a4332ede6d1a31785e9a38cd23f

                                      SHA1

                                      5834b4ab81467966951dc2e7dc7d1de534dc5bb6

                                      SHA256

                                      0ff796a836c54467baf1036b9953fbfe57d5da648c1d58e8716b26d0ea7e58f8

                                      SHA512

                                      af33e4a109a98a7d255720bbc8e3549b02d1e4c150fc0ef786dcadd8611f17851808c92b83304f713a3d01b572f7147f8633d07d93104a55ddcdded2d09668ff

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      136KB

                                      MD5

                                      5ddef8cb2694b70d324e4e2ffb076583

                                      SHA1

                                      30839bdaf5d9e3f200bae4b76cd9e8e7eb341674

                                      SHA256

                                      6c3c41e63a09be46be176cf16bad5775b83de2774b5db326a5081f649ea100cc

                                      SHA512

                                      f81b8717762d1ddd3353ca5783bfd539fbd87b67df3d4f372549efed494453f341d9e003f946eab48ae1fb477c246fedee3bba969517f28b4147d0efc82c2a32

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      136KB

                                      MD5

                                      fa2e5affe4f28cf4007a3b94f6d00740

                                      SHA1

                                      9354915fb978cf957d302e58d0d0fb3b48222531

                                      SHA256

                                      072b1b645ff2bc48e006e9e96c1e03351236a115e1da43de8e5b5452214280a7

                                      SHA512

                                      7dd3d299f9727c1736782ba68745e7813051c0d2b8b6acd95c73cc74aad4c9791a16e0cdd567e07c676312a47a4a84705b242c832f57d7a4c68df9dfd02ce912

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                      Filesize

                                      2B

                                      MD5

                                      99914b932bd37a50b983c5e7c90ae93b

                                      SHA1

                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                      SHA256

                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                      SHA512

                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                    • C:\Users\Admin\Downloads\fold4e45874.7z.crdownload

                                      Filesize

                                      10.1MB

                                      MD5

                                      91a10340f5272b9fef0c62516aae14a3

                                      SHA1

                                      c142a9354460cc3ddf509f5ddd773fd6abc68f4d

                                      SHA256

                                      f5415bad17e2ca2f9d2f05b1f1fd5f107302f377a9c9add6b1eed7e813716593

                                      SHA512

                                      1f8ef75fe94353ea5e4ae8e026132c2ca946f592e79ebc445d4cb1a3897780f364507ec7ac656981fa041868ea7dc6c4ec0e3f6c5256b2e4cb7af465eb04ba8d

                                    • \??\pipe\crashpad_860_PEEMPVYIHSQOUEPO

                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e