Analysis

  • max time kernel
    2668s
  • max time network
    2675s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    31-08-2024 11:10

General

  • Target

    https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1.5

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1.5
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65b9758,0x7fef65b9768,0x7fef65b9778
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3068
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:2
      2⤵
        PID:2868
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
        2⤵
          PID:2656
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
          2⤵
            PID:2660
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2232 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:1
            2⤵
              PID:2740
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:1
              2⤵
                PID:1928
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1536 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:2
                2⤵
                  PID:584
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                  2⤵
                    PID:2156
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                    2⤵
                      PID:984
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                      2⤵
                        PID:2448
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                        2⤵
                          PID:316
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                          2⤵
                            PID:2804
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                            2⤵
                              PID:1716
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                              2⤵
                                PID:1684
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                                2⤵
                                  PID:2784
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                                  2⤵
                                    PID:1700
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                                    2⤵
                                      PID:624
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                                      2⤵
                                        PID:1724
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                                        2⤵
                                          PID:2852
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                                          2⤵
                                            PID:540
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1304,i,10675278606916085096,11751805625291921205,131072 /prefetch:8
                                            2⤵
                                              PID:2824
                                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                            1⤵
                                              PID:2688

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                              Filesize

                                              342B

                                              MD5

                                              4ac517a0881406b985fd09e5c30346a4

                                              SHA1

                                              e34d7435912702933b115fe176f260ae90a85770

                                              SHA256

                                              ef29a7c0149e042e1f54794c7524253872f426a986b7519a5e6f8263b907a86c

                                              SHA512

                                              06396066a5d84b318930f473cc7ed6ed072b0869cef374d8a78e37ec68947225090262e990c948cdb7083b7ff64ac4f249d5232dae8364d87b66f9fe74621f03

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3ecaeeb7-5649-47f3-9c2c-62c43db81773.tmp

                                              Filesize

                                              6KB

                                              MD5

                                              d1ac5652b55ec9bdb10c36d7a77f3678

                                              SHA1

                                              3cbb35c6010ea02819b65211f3cbcaa6b7f881e5

                                              SHA256

                                              e4900c1e6d6e8f951e2e1b28753911a4213e8e5fc0dbc28ed4263df0edd28dcb

                                              SHA512

                                              6a9273ad79e8e1ebd0a02ead2162a1b124626fa915b68a7d83202fb290a6d8b46da2e6aff5080266d4782b8095f87f3337db0969a44afecd557231e56bebc7cb

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

                                              Filesize

                                              44KB

                                              MD5

                                              c39d4a7cd8ade20b62cc43a3ca680337

                                              SHA1

                                              bd70524df1b23224d52214b66f34b8f872f2d82b

                                              SHA256

                                              906b3dfb9bb79bb7b833e0e1526881fb7179e991664441203dbf4d87b5ce0a66

                                              SHA512

                                              76337f9af9d120376a29417e0b78157fdc8662e27c57848c3bb1e59f6123a63584831b1e01c57d1660343b194188d59e80ab54794182c2703d3cdb25412554dc

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

                                              Filesize

                                              264KB

                                              MD5

                                              2aa1b6d867209e79e89e7cd8af9328ad

                                              SHA1

                                              8db1d86b23561dd33aaf67c6237c822eccfe45a7

                                              SHA256

                                              b4500f3edcaf48469a56aaddbf406b4ffca832c908ea2cab1e07a9e89f0ac565

                                              SHA512

                                              50657d8a5d6f58c5a8b0dfa967f5a3dc282c07d07d671ad55882a1932a40491d8556a46c63eefde7922a5a28cd4d757c42cee0fdd1c364b6c5a75fe8797f6aa1

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

                                              Filesize

                                              1.0MB

                                              MD5

                                              dd71635973412881dbd23333d8264670

                                              SHA1

                                              7c6bdcbda88bea3d5c51a6d2acebd79e1d0def82

                                              SHA256

                                              3d1af608edee3e81f6519429c789505e976baa22f876d8c65a191cdb84c14e97

                                              SHA512

                                              a1ea7b68d549cb3fbf656c432a73a039e6d2f1420d11583588471252a5f3a06803a23793c7c49ed367324e08135fdd3d9cbf5240ee0c0b1516c4e63ebbf09d5c

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

                                              Filesize

                                              4.0MB

                                              MD5

                                              74cf701cbb600bb593fbd842d2eb587b

                                              SHA1

                                              7c808108ddb41db79a932256b0e7ebaf487703cf

                                              SHA256

                                              017638e731e0e08cbee8f6f43ca71d7067550fe1a7829d1e2ffa8a3646b12ee4

                                              SHA512

                                              19bce1490032e0073a2a894bd5237e333c20c1144a06ab60c77ccc9eacef24ab18235c1a644589dada7a01505e2f04151b9a0b92473beeb0562e397f891fc8f6

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

                                              Filesize

                                              16B

                                              MD5

                                              aefd77f47fb84fae5ea194496b44c67a

                                              SHA1

                                              dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                              SHA256

                                              4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                              SHA512

                                              b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                              Filesize

                                              264KB

                                              MD5

                                              f50f89a0a91564d0b8a211f8921aa7de

                                              SHA1

                                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                                              SHA256

                                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                              SHA512

                                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                              Filesize

                                              1KB

                                              MD5

                                              e6bd7af68219e10ddf00b012729d5106

                                              SHA1

                                              dc553c62cf948510becec44d6191f1f899c07a4a

                                              SHA256

                                              7ee899d024ffadfe7c6c4a75417cf1704672fcd3fe8900a3a298eb23baf8995c

                                              SHA512

                                              d74d9c8bffd84a15dfd6bf15314f209b7a272dc05205acf3224f0b58b2b9d1a54e2d6ccd7c0cb1c147ddb76896a1f933f9a32c4c87b291e7a8c31db7b2b91cc3

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

                                              Filesize

                                              36KB

                                              MD5

                                              0f447cbea39ac588dde11a0a62adfa2e

                                              SHA1

                                              aa8e838937d9175dd70ac6e077a028e4d0d99e51

                                              SHA256

                                              d86f69c2f36a06353c52ce1d32483ba77324f7b88aaf7b69abd9896252ee49e5

                                              SHA512

                                              2c2f008f36dd8726f660fc7abb05b3922f7f51f1de8d19acb72f8dc69d68f48f727d6ba1fa7eb49e9709041f127abe209c628095fbaa4a74fd1cf02abcc952c4

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              5KB

                                              MD5

                                              92391238d5b7d4ced463eb6bb7f37248

                                              SHA1

                                              a43f952b78ed26793c6c0f86634c4fcc16546da3

                                              SHA256

                                              f8a09a8ceba611962c9b23b64d9bbeb2766f8c6992344d9d7f3e303bc1fabf84

                                              SHA512

                                              e7cfd5e17e4bed106698c2da34f4160f82efc0526bbafd58c6351e91e49d976cd3551af236b41cf37833a06371e16978d6e8676074f732b4a96aa25341404572

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                              Filesize

                                              5KB

                                              MD5

                                              c4778c465ecada6db30d4c205b590d38

                                              SHA1

                                              688673e273068347278a4f546271e62c2d90d1a2

                                              SHA256

                                              0464bebb0895cd29b57c048152f0cb502385f05a23d58ce3781e1c45b5a8ee37

                                              SHA512

                                              58c2f7ed9c1841926f722d0a19793da4e786377278ff840a22846f7560c83fd3cd8e8a5f31ae3fa8c9d2a74ea07e4f4258c1ee10bf1333c19f5e2ec79c7d6829

                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

                                              Filesize

                                              16B

                                              MD5

                                              18e723571b00fb1694a3bad6c78e4054

                                              SHA1

                                              afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                              SHA256

                                              8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                              SHA512

                                              43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                            • C:\Users\Admin\AppData\Local\Temp\Cab912A.tmp

                                              Filesize

                                              70KB

                                              MD5

                                              49aebf8cbd62d92ac215b2923fb1b9f5

                                              SHA1

                                              1723be06719828dda65ad804298d0431f6aff976

                                              SHA256

                                              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                              SHA512

                                              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                            • C:\Users\Admin\AppData\Local\Temp\Tar914C.tmp

                                              Filesize

                                              181KB

                                              MD5

                                              4ea6026cf93ec6338144661bf1202cd1

                                              SHA1

                                              a1dec9044f750ad887935a01430bf49322fbdcb7

                                              SHA256

                                              8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                              SHA512

                                              6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b