Analysis

  • max time kernel
    2699s
  • max time network
    2698s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    31-08-2024 15:03

General

  • Target

    https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1.5

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1.5
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4144
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcb6319758,0x7ffcb6319768,0x7ffcb6319778
      2⤵
        PID:1164
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1844,i,6298252603088431215,1147342605977007526,131072 /prefetch:2
        2⤵
          PID:1540
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1844,i,6298252603088431215,1147342605977007526,131072 /prefetch:8
          2⤵
            PID:988
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1844,i,6298252603088431215,1147342605977007526,131072 /prefetch:8
            2⤵
              PID:4388
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1844,i,6298252603088431215,1147342605977007526,131072 /prefetch:1
              2⤵
                PID:2540
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1844,i,6298252603088431215,1147342605977007526,131072 /prefetch:1
                2⤵
                  PID:4240
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1844,i,6298252603088431215,1147342605977007526,131072 /prefetch:8
                  2⤵
                    PID:4936
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1844,i,6298252603088431215,1147342605977007526,131072 /prefetch:8
                    2⤵
                      PID:3400
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4352 --field-trial-handle=1844,i,6298252603088431215,1147342605977007526,131072 /prefetch:2
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2920
                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                    1⤵
                      PID:3092

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                      Filesize

                      72B

                      MD5

                      e51ff8bd5fbeca3a7117469eaef9573e

                      SHA1

                      938a788366bf107a0f79c7d611bdacc228894536

                      SHA256

                      4d105caa1a73bcf73ac5c03312172cbfb742d45fa9859718544ee3387f506f27

                      SHA512

                      8bb743377443b49522924fa4365d4c34df3defa56b42a969c1a7c7a7cce20179081631cb5bbcd019200aa2f4d161e0ba688c511c0bf7975992d5f95d12b995c5

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                      Filesize

                      96B

                      MD5

                      98c989872136901ce89252796ae077a9

                      SHA1

                      41fc6a52e9cc00498c96624a08ee2cb2cf8b91e1

                      SHA256

                      ca704362255d3a2cbce7080dc5a3a5157792a9d990a42d2b7f02e8fb2589f88a

                      SHA512

                      f278aee93bfda29f79445219c7bb7bc7c192016e5e44e470c3fa733eaa93f01b1c9e96bd0a0334d63448d83be319e72f82579d4d056b6e2b21a8f19c0c6a264e

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      1018B

                      MD5

                      68527a973cb23c804e670dee880f4a93

                      SHA1

                      a7173a4d9ab3ffafedfdaa98dd1ae524bff9bfc9

                      SHA256

                      a3a0db8ab2e37ec04fde37a0d6bb59a66acb4fd8d76132c5becae51d8f31feca

                      SHA512

                      f1ad571637e83f77edbca93c0a58647abdf4adae00a8b74432127f6174510186ba357e1bf9fde4a65c86fa6614d65e58174fbfab7a2b6db772f083cb04d45789

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      1KB

                      MD5

                      096ee0daedce6b5e9f89fcd39cf5eeb1

                      SHA1

                      72d1d41ff38b31c82fb9a5e4c72ab3c0ce37b5af

                      SHA256

                      ce22f2468307d5d8aedf489648064e25e339907d6b05481e0e82b6ba231bbf33

                      SHA512

                      9b0b5d7edaf02c1cdf359971428106e608301eb97a03cc948a9366a26fcfc68bd64c9b73be2dcc5ef78dfd3337b98652bb8d3605265c35d4e22d87de5f0ee798

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      1KB

                      MD5

                      733777643e0509a7630c15b0222ccfda

                      SHA1

                      9101f4460cc400473b6cc24aa58ce7e2ba8f6b70

                      SHA256

                      b36f8d75df792db76aa23cdc4c0a1f3ac364bd6b7024a889b5bd94ed3122da17

                      SHA512

                      fe136217d3897d71ba6419cfe9fef82a873b0845b7adc4a7f972e6ca49cbcf7462366c48474d5d7f8873653b89d87fa14b4215b1f54916ac4e64a1e8a7b06873

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      5KB

                      MD5

                      f76c4a518f0fa00c8cccfb00cac5f7f7

                      SHA1

                      c9460ce74e85568c1b4e0eb799b083c71a84dfcd

                      SHA256

                      0e4c76dab8ef17a27e2c7ec19fa9aae67a2f27ed9104984d94a86ec07c8ef524

                      SHA512

                      5131021bb4dff8837180f6f080e306466aca5a9b7fb54e28ee47b0a29a6176705bdc86396521c934da847c29bacbc4cfdb790f25be07b26fa935772e7d42dfcb

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      6KB

                      MD5

                      f339b3006037d007d00e131efab907f1

                      SHA1

                      26f65f194996aa8450039237ad0fcb3b6270ef8b

                      SHA256

                      8e256e2e917813819598f368067ae36c909ea80f14a65a71c5d7eb385ca1976c

                      SHA512

                      9cb6d70f965a25618e63da7dc192d79e8c15e29b4c82096fd5e6af186c12c916e9a43e4e95b3238b7a582c80d51b6b8694fe99f7bd4791c96709b95bcdc89c74

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      6KB

                      MD5

                      6391326e4c36871bb9a4a9e6faeee37a

                      SHA1

                      0301fbdc8c925998fed755c03c9acd2eae3b6ba1

                      SHA256

                      743ac99e4a4081aec201b0f99854d2bc87d2b9174ab452e1a0f326bfdf907bac

                      SHA512

                      baff9ebe7835bfe365b8ffce3e4957e100fc64f6e0090e3936e1083bbb943b5aaa8b23d3becd0745abe7b290d427babee609a8534eb8ffec6d4601d4a37c4cc2

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      136KB

                      MD5

                      462b8fea47a4f8301e0d5add09a93355

                      SHA1

                      efee717874787a918bdcc507971e8b7a575563c2

                      SHA256

                      b3742c11dd9dfa95b9f630f84308d86b41eeff5578d504f51b6a75c5ac28b8d5

                      SHA512

                      9bec442bcf7414f6f5e07fc04667babbdfa176c6bfc75c93f3e23b32d103975238dc39fc7457a6fa2d24df699c8ed8c0d6e104f7633296babe9181a26d9ac004

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                      Filesize

                      2B

                      MD5

                      99914b932bd37a50b983c5e7c90ae93b

                      SHA1

                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                      SHA256

                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                      SHA512

                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd