Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 09:51

General

  • Target

    Sad_Satan.exe

  • Size

    17.8MB

  • MD5

    5dbd283e1d8176875fad9e1ac55c3d8f

  • SHA1

    69b9f9f76edfd0313cf742b061f22dc44dbbb22f

  • SHA256

    44906b6e9015742a43e3cf30beef51642d7e6349d02a86ce12464d8b5639973b

  • SHA512

    e6454bd17d0d4a14a9198073e62b5755964aa9e556e20363247c6dadfeca99c10a61935f12ad4e8f5af53843ad0f9fde719f01b52340406006fcce40f7a4444c

  • SSDEEP

    196608:I+ADG4avxHZqHO+40SALDQC+Yl3Q7pzlxN9myPRmhFe/qGqQ:ILDG4cxHZf+4eQC+K3Q7pzRp2k/qGP

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Sad_Satan.exe
    "C:\Users\Admin\AppData\Local\Temp\Sad_Satan.exe"
    1⤵
      PID:4056
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4596
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8097acc40,0x7ff8097acc4c,0x7ff8097acc58
        2⤵
          PID:1284
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,1097973094533492106,4284023907991050337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1944 /prefetch:2
          2⤵
            PID:4696
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,1097973094533492106,4284023907991050337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
            2⤵
              PID:3992
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,1097973094533492106,4284023907991050337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2400 /prefetch:8
              2⤵
                PID:3220
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,1097973094533492106,4284023907991050337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
                2⤵
                  PID:1996
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3352,i,1097973094533492106,4284023907991050337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3420 /prefetch:1
                  2⤵
                    PID:3160
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,1097973094533492106,4284023907991050337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:1
                    2⤵
                      PID:1208
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,1097973094533492106,4284023907991050337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4872 /prefetch:8
                      2⤵
                        PID:4112
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4384,i,1097973094533492106,4284023907991050337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8
                        2⤵
                          PID:4440
                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
                          2⤵
                          • Drops file in Program Files directory
                          PID:3028
                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x204,0x208,0x214,0x274,0x20c,0x7ff7aa4a4698,0x7ff7aa4a46a4,0x7ff7aa4a46b0
                            3⤵
                            • Drops file in Program Files directory
                            PID:4756
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5136,i,1097973094533492106,4284023907991050337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5180 /prefetch:1
                          2⤵
                            PID:864
                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                          1⤵
                            PID:1120
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                            1⤵
                              PID:1464
                            • C:\Windows\System32\rundll32.exe
                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                              1⤵
                                PID:1060

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9e20e325-e87d-4f4e-9cd7-c40255d428b1.tmp

                                Filesize

                                9KB

                                MD5

                                757e7fde34d5dd4d15ae162cf3ece95d

                                SHA1

                                c5d486abea87496abb8f4173edc092fd6b691dcb

                                SHA256

                                589eab8f05d3e7945feec47191a24592802134f02f319c0c4d02118cbd174cd4

                                SHA512

                                56175a933b8bd48b9fa11c2ae11c795a251a8c8b1bcff9efa4d58ffa942f6515b2a2ae31b3e3ffa2ded343f9dfd5898039c5a662238e19827328de91652dc3c0

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                Filesize

                                649B

                                MD5

                                90bb35e0007660f05bff9bff38d72ca4

                                SHA1

                                2581e854a03a11d62a687844b65e30436769dbac

                                SHA256

                                f0450596b27e7d4313b903ca9d92e91e0e139b8c9c0105a5b6cba0653544e669

                                SHA512

                                d84ff99895e5aa7e1714910fa5d39759f9c4e0747b6da25036a51df47f047cd8646d4b522338fd2eed261177002c7be89757355b65e51491a2bb7edadb3339fa

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                Filesize

                                212KB

                                MD5

                                2257803a7e34c3abd90ec6d41fd76a5a

                                SHA1

                                f7a32e6635d8513f74bd225f55d867ea56ae4803

                                SHA256

                                af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

                                SHA512

                                e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                216B

                                MD5

                                825e8631943eb5b9dbce91910401b45b

                                SHA1

                                0d9787eb26ac384bb605025f258342a4fc69c63e

                                SHA256

                                af8b80d9788fa217dbda2f51865b098259a9971f6a43c0fe081577e1f5e2682f

                                SHA512

                                028adea324d047eca06cfbcb8e95f373cce5ac89204146a882ae944a88f3b716afc6b34d5b82dc55b86ff927bd0f0149249e03f88df89f68b2e17353a9185795

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                2KB

                                MD5

                                d91b991bfe1eff542fd83c673adae4bb

                                SHA1

                                e212469200562925067ee9b726c5e943c53c4303

                                SHA256

                                3ed092b1a57343b0101b16a64f3a2fdb9ef2c770f54cd0091b2e0492def9f117

                                SHA512

                                40d1cf598e8dde5c47a7194680c46f1c329c8b7bb2de619cbc0e44a1238a493a3fc762abb3da4a3d350644f813999831a5d6e9590ac6446bcaa9b0bbc50ff74d

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                Filesize

                                2B

                                MD5

                                d751713988987e9331980363e24189ce

                                SHA1

                                97d170e1550eee4afc0af065b78cda302a97674c

                                SHA256

                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                SHA512

                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                356B

                                MD5

                                17013ee86699123aa48b8f3a3dcd0751

                                SHA1

                                c410d1a11e309d308558f94a5094c018961216d8

                                SHA256

                                b4af819854697fb6756b378a087c4970b4be9273019bdffded685ae3b6050434

                                SHA512

                                ac885fa73257a74b091532eba52ef8d76e977a0f14b99377ca7fad34f546cd19b5b097efb2a6eaa0b970cff31667352c9fd90a90ab0de35c1faf32f0571890e0

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                7d96e3b7bd34378d2f3a47e93f024657

                                SHA1

                                be010ad536fded23e792447628111d8b540604a9

                                SHA256

                                ecb9b7ec8664555191fc50359a91f2bfdfc57cdd86776acffbb2aeaf00edbdbd

                                SHA512

                                de1f81c12fb9c11e823a8acaf8fab3a5472cf0bbbc76b45d8a655dd37165460394e74dc572827d43b7591a9a7fabfdf92d66fa3c261e4edbe1d0cde9de67ad95

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                e8b66e01b3cca38062d29c327652ddc0

                                SHA1

                                05b90274f3eecfc2cec1e625f31f7780252ce76d

                                SHA256

                                ffc7490b5089902eee96d1f1289fcf42d96b499b39d70463d620c679845b9b02

                                SHA512

                                81e1897f057ec6a4389c4da2231821b137607d793a09987c4c29392b869f4f41e19de0f3e15a6cebf7539a299677546f0f549b0d3481d3795d79d2a31f4f8de4

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                cbcb9dcda94cd53437f83078ce1a0ee6

                                SHA1

                                2247ef341837dc7bfa32105c42ac66c2330b1097

                                SHA256

                                206af0832508a7e7080e27265925038e192286e294c739d3200d7a314381ee47

                                SHA512

                                3ec440f3550591640f9b4ab8e3b9f3b3454cd1e88ae850b9dcefada21b617a05559e26930fa5f9b5f38c19d1fe27d990db98c73a382aa63fdc75111670f0eb22

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                9b0e2ef9ff1f2adeb8cba8006f7fb75c

                                SHA1

                                5fdb77c631cd185c083f86bc50c76a5c4cc4724f

                                SHA256

                                9311d77c6fd573248d09b21d92388a0fedad870a5d7b99423c05b30f70297895

                                SHA512

                                cc4c64cb450b81b7177e7c549a617e6a8f5c1ebc16fb222e7d16cbcc5795b6320ce6ef8d62b05fc8cf1ca2ee0a5ef21db957234ec2d935a78eec5b89351c1570

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                c3953ac3f846a47b73134f03d0158b42

                                SHA1

                                0fc241dde6f3fcd1587a25a064496b91b51126ff

                                SHA256

                                751fe19e69c3b5a21cc3de01e243a7dc6f8a4b2935f743395be5a22aa3b9de53

                                SHA512

                                4c064ebb93b701fa99503d893c846e6de0e1b7eeed85c63921af10f4edf8ff541c78f75daf3a67c7b3b4e07cbe46d4483674d70b4261a054cb8369cfe2c06234

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                Filesize

                                15KB

                                MD5

                                e3a9cda2973e05bafd93f4bae983f691

                                SHA1

                                5761e8b5d26e06b97da34b1671463aa80ba4f428

                                SHA256

                                fe24d79ad13a8bf3991e3c9e7d89776f6556affc78829e7128ca2048d3e4ce0f

                                SHA512

                                3028ce04af59a5306393ee60c2e7f5c08dff1034617100842f258efe95e2dca2287e8177da5501517d4fbf8a2abb149f279214caa375f5626256990cf0ca2001

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                198KB

                                MD5

                                367c36c134b710368a0836b9a8c6776c

                                SHA1

                                0cbc2e48a01eb5e4de81d13502c4ce459c706cc1

                                SHA256

                                c24eb12c01467690b04e42bca8651c6f38b8012ebfdbe9666911c353c70aaab3

                                SHA512

                                373f79bbf71b30d4b1e9063580c957c9bebde21052f8a6f7fc941221057b24a5cc263f01dcfd465c3360ea1263e2e2cd6f6f8c345f57121f22d08f23754b7d09

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                198KB

                                MD5

                                67d59f6283e2c989442c2553015e8d02

                                SHA1

                                8016bd669b90869097ac42b1d22a15dfd005ac19

                                SHA256

                                0ee4ff654da49778f00e672ef5ffd0819d77cdd2678cbbf668c21861a42ecbdd

                                SHA512

                                7607177333803d008399aef4d479aadb996ec9d17fe971b783cee5912ca091cf7e4a4b857533e6a29de1b3e3b68a442aeddc23bcb905339b608db57a20eba7d0