Analysis
-
max time kernel
110s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 09:51
Static task
static1
Behavioral task
behavioral1
Sample
Sad_Satan.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Sad_Satan.exe
Resource
win10v2004-20240802-en
General
-
Target
Sad_Satan.exe
-
Size
17.8MB
-
MD5
5dbd283e1d8176875fad9e1ac55c3d8f
-
SHA1
69b9f9f76edfd0313cf742b061f22dc44dbbb22f
-
SHA256
44906b6e9015742a43e3cf30beef51642d7e6349d02a86ce12464d8b5639973b
-
SHA512
e6454bd17d0d4a14a9198073e62b5755964aa9e556e20363247c6dadfeca99c10a61935f12ad4e8f5af53843ad0f9fde719f01b52340406006fcce40f7a4444c
-
SSDEEP
196608:I+ADG4avxHZqHO+40SALDQC+Yl3Q7pzlxN9myPRmhFe/qGqQ:ILDG4cxHZf+4eQC+K3Q7pzRp2k/qGP
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1448 chrome.exe 1448 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe Token: SeShutdownPrivilege 1448 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe 1448 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1448 wrote to memory of 3064 1448 chrome.exe 31 PID 1448 wrote to memory of 3064 1448 chrome.exe 31 PID 1448 wrote to memory of 3064 1448 chrome.exe 31 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2872 1448 chrome.exe 33 PID 1448 wrote to memory of 2632 1448 chrome.exe 34 PID 1448 wrote to memory of 2632 1448 chrome.exe 34 PID 1448 wrote to memory of 2632 1448 chrome.exe 34 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35 PID 1448 wrote to memory of 1924 1448 chrome.exe 35
Processes
-
C:\Users\Admin\AppData\Local\Temp\Sad_Satan.exe"C:\Users\Admin\AppData\Local\Temp\Sad_Satan.exe"1⤵PID:2584
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1448 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef79e9758,0x7fef79e9768,0x7fef79e97782⤵PID:3064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1384,i,844207708877450685,15755215148446458142,131072 /prefetch:22⤵PID:2872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1384,i,844207708877450685,15755215148446458142,131072 /prefetch:82⤵PID:2632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1384,i,844207708877450685,15755215148446458142,131072 /prefetch:82⤵PID:1924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1384,i,844207708877450685,15755215148446458142,131072 /prefetch:12⤵PID:2748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1384,i,844207708877450685,15755215148446458142,131072 /prefetch:12⤵PID:2184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1708 --field-trial-handle=1384,i,844207708877450685,15755215148446458142,131072 /prefetch:22⤵PID:2504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1528 --field-trial-handle=1384,i,844207708877450685,15755215148446458142,131072 /prefetch:12⤵PID:2412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1384,i,844207708877450685,15755215148446458142,131072 /prefetch:82⤵PID:2596
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level2⤵PID:776
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f557688,0x13f557698,0x13f5576a83⤵PID:1796
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3732 --field-trial-handle=1384,i,844207708877450685,15755215148446458142,131072 /prefetch:12⤵PID:1540
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2320
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
212KB
MD52257803a7e34c3abd90ec6d41fd76a5a
SHA1f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540
-
Filesize
168B
MD53fb45cef0ebb11c8f01860190a19782f
SHA1c3e0cbcceab410779c14d7b0685f2e83b9b829a2
SHA2561d5d23207677b22b7efe632334608d3d771ba5289b2978d9db6c744de429965d
SHA512d5191c21934213ad02df67ea9fff2975c969a28cb46b9c0939076aefbcdf4afea834af0b7509637bd9328b1f1535c0a29556a649f73bdd71d36b747f23a306b0
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
1KB
MD586be2d488aa1b62bc8d146fadf747e6c
SHA1f6b81e04fc05fbde84df1c54e6590dffcd540ad7
SHA2568f5e45c08bfbc6c5a31bcc6bbb012aadeb9ab412ea7c7afe32d822e669529a74
SHA512826880b40e023f8ad8dce81013b1776430054ee43a51974c0b3c8c176067edab7e98615a934f1e403f9f1f6499454bdaf7ce973177c89964b5be1abffaa3ecbc
-
Filesize
5KB
MD5dcdcffe9f8948a992404de63c54d5ccb
SHA1c831771ac9ae69fd9f58532c4b2ce10f4118fe15
SHA256a8cd6b0bb969429930b792b0c8b7f71119175bde6a0210701b388e43660f07ec
SHA51202acd692e0fa28e2c2eeb2653ca25b1c04c4ddec5d0909ca4bb996e57c0d9163a2f382b7aee3ceb54dce75e138af36530c1d2f5b6dc29005f5808d72edc754b9
-
Filesize
5KB
MD5b1c5a7ab2a4699e0b1c8457627fd6afd
SHA12c80be89a411dbd349267bf67be79082b9af3496
SHA256582f29ded039b47c260ac87a2d6cc825b0fde4c73386cb453df1ae4c83d791cf
SHA5121f64227231de260a20ced37e7e64b44e7e390a59fe48d3e9ef0dbcf7e1920e142e2345628029208e87377349ec9a2f1bd3159072653997f1d682f491b47d3cbd
-
Filesize
6KB
MD567828bcf264d16c1d5837c3b35cc444a
SHA1caea9b8b7bcddad525f53aae3d28a2de28482f44
SHA256718f877d1df43800da406c08bf6967baabad2a85ac344f1b5969211c8f9eec95
SHA5124d38780cbf2bf7997f8945a722a521bc37dc4020f6604bac3d80567cad520c33271f88625f7150fdba3cfbe1b2fa86251652268b4249e6ea8e341731b8853259
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58