Analysis

  • max time kernel
    2699s
  • max time network
    2698s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    31-08-2024 15:05

General

  • Target

    https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1.5

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1.5
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa35589758,0x7ffa35589768,0x7ffa35589778
      2⤵
        PID:4780
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1844,i,1516280896458142792,4933607409543483267,131072 /prefetch:2
        2⤵
          PID:3540
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1844,i,1516280896458142792,4933607409543483267,131072 /prefetch:8
          2⤵
            PID:1352
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1844,i,1516280896458142792,4933607409543483267,131072 /prefetch:8
            2⤵
              PID:4404
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1844,i,1516280896458142792,4933607409543483267,131072 /prefetch:1
              2⤵
                PID:4980
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1844,i,1516280896458142792,4933607409543483267,131072 /prefetch:1
                2⤵
                  PID:2320
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1844,i,1516280896458142792,4933607409543483267,131072 /prefetch:8
                  2⤵
                    PID:5072
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1844,i,1516280896458142792,4933607409543483267,131072 /prefetch:8
                    2⤵
                      PID:1884
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 --field-trial-handle=1844,i,1516280896458142792,4933607409543483267,131072 /prefetch:2
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2684
                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                    1⤵
                      PID:1872

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                      Filesize

                      72B

                      MD5

                      a7bc5134fbe5313ec41b1059184fbf3c

                      SHA1

                      cf4dd948ff2791689a34bf6f2089b58b1f414a08

                      SHA256

                      ba0d17a7f7775192c537c823b1ecc8f866ef972f252cb90a66f2fb6e037c1961

                      SHA512

                      c3c62d1cdd6803a2eb6c882c4cdc7fd9e9ca7e04ee0f541121750e813a7a8f0b22893ad108247ae1ee9f226741b726c62b3fb5fed5ac45809e11bb8edce2b762

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                      Filesize

                      96B

                      MD5

                      19bc0ce9a8174aa0af13486f26722a04

                      SHA1

                      997f174739480755b89d21033cdbe01a0ec64be9

                      SHA256

                      e761fabe84d883377fea80cb9021997c6a647603c2f20090392b04cb86f8e7f9

                      SHA512

                      cdb67e882ace719a540042d874e619df8480622f58858b7ccf570179c4d872bd7723f840bb11aa49b97c88c998e4d9b99c585ea0b93392e4415fb0c1e002ca93

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      1KB

                      MD5

                      2509c4a5b44b0c24e91e3840bed6ab05

                      SHA1

                      d96428eaad5cadb19e140a0ae8f07cd5f93bfbd1

                      SHA256

                      9843e1f384375d8e6dbca90d4ec3e662a96ae69449d430281230fed1979b6f64

                      SHA512

                      9301dd78b6c29ee7b501bb59a91f16a0965a92f9663685c11d43eec687294bdce13b77b59779e1800f6e110f347e59a6f391bc6a8b7734b28599ebc2f89070ed

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      1018B

                      MD5

                      fd6de268deff29fcab7575dbb2aeb59c

                      SHA1

                      ad30da494ea1d2248d8825611d15fd7a62b752dc

                      SHA256

                      71b9630d9cbebefe352a4d69464c5a248a40d2f29e7a0d4edd8354f15d657f12

                      SHA512

                      964ba8ae8907ddd98e0bedc358a0359fd998850f73e1673d0ceafd3758ae76a238a8789d49c01b6928ca42a283893206b52e2c05c62eec1b4c9558a710924ba0

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      6KB

                      MD5

                      9867fc1b662ae23d0d32b7f2680e41c6

                      SHA1

                      d5cde6b887127763845b0c4cdc8c90da52f1f047

                      SHA256

                      f4e0e77475abbc0513e14af370d35110b0c1a66243c3bbd32eafcc088d420e2a

                      SHA512

                      e38be5785c1b9caa1db4cd91e2f2f619b88fab74ac35c4a243a54a0150f0f40ffbfb982b1e29b00571603e5f508646a0b26963834201cc9b09362d532f0b48ed

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      5KB

                      MD5

                      a05f2cca3ba7cc36e1c167b6f52ee5b2

                      SHA1

                      2e78cb07e29454f2ee6e0d3e23d6a847b189c687

                      SHA256

                      fcbce87e63f40dc392d20ba97b52f8410360e322141a11ed60c306192f98a692

                      SHA512

                      c3e93881ef2163271110f4d088b99ebcaa5003c40f25f31723184a4640f9ca08fe636c4693e4a5b5763c5e35ab508061ab3962eb0c269e1b45700bdc7a7553df

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      6KB

                      MD5

                      5529c199615310d8da0f02361a808551

                      SHA1

                      94c3d84390ab4f4a4b78d278509500ab52fb471f

                      SHA256

                      133f8a7d8c3885ea2bd8c3d31bf7bb469a379e4116a598c1ee06a74a104a2a2f

                      SHA512

                      47c08203a2d3477c089e3b270c8f9042dd5b8b111bdb1699b8638a233f8f8455c64a403753b3f11fd2f19fc4b2df764ab3c9d5186fbd9af5a1a19b8d4a76d1a4

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      136KB

                      MD5

                      b1d003ce2259ea7d897d9b1038a6995d

                      SHA1

                      9a9fb5e54a7c488413e3d9edc16f39ec7b94ab11

                      SHA256

                      c8cf8815b3ecd641913f76a4409b501aacbfb7e5e7ba3bd65c67faf05b689f20

                      SHA512

                      89bac2369476a0dfacb4413aeb0969340a974c3a5173ad7fc84ca27bc04ac8c52622dbdb39ba9a8ecc97c4c111ae3e6313f4663d22741c32faa76a44059b4ae8

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                      Filesize

                      2B

                      MD5

                      99914b932bd37a50b983c5e7c90ae93b

                      SHA1

                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                      SHA256

                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                      SHA512

                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd