20588faf8ac5387eeddc863aeb7b3c581379c160d0b86d2b5358cbeb5c225ab0

Analysis

max time kernel
31s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 08:24

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Shopkeepers-2.23.0 (1).jar
Size

1.8MB
MD5

4308c78b227817ed3fca0f8a529e7e17
SHA1

765720685f65cbe1d7b8102ba535302088acb9d8
SHA256

20588faf8ac5387eeddc863aeb7b3c581379c160d0b86d2b5358cbeb5c225ab0
SHA512

9eb01497785f6df530def2355a55f45dcedf3c17601a6a09403eb1d6c20f41badfa7e75636ffd4099aa1667e00f7e824476a1cfe3b186c54c16f8e8877336886
SSDEEP

49152:GQXEpXh6jz74B8Pbq2Os7DrTyKBPYbMYyYpy:GQXEpIr40Ws7DrdBPQM5

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133697390979063679"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 4512	1568	chrome.exe	95
PID 1568 wrote to memory of 4512	1568	chrome.exe	95
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1816	1568	chrome.exe	96
PID 1568 wrote to memory of 1868	1568	chrome.exe	97
PID 1568 wrote to memory of 1868	1568	chrome.exe	97
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98
PID 1568 wrote to memory of 4636	1568	chrome.exe	98

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\Shopkeepers-2.23.0 (1).jar"
1⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffabcc7cc40,0x7ffabcc7cc4c,0x7ffabcc7cc58
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2052,i,6034806606763976956,7411818950913483809,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,6034806606763976956,7411818950913483809,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2588 /prefetch:3
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,6034806606763976956,7411818950913483809,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,6034806606763976956,7411818950913483809,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,6034806606763976956,7411818950913483809,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,6034806606763976956,7411818950913483809,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4608,i,6034806606763976956,7411818950913483809,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,6034806606763976956,7411818950913483809,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4908,i,6034806606763976956,7411818950913483809,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:5108

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2660

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ecfff20346b76f82cecd3f6f42078609

SHA1
d2507044bca8bc53544582788b908a19b668fcf0

SHA256
01e3e926375346d7d3c60cbd1f8a6f51ae9e6fda9c5ac3e5ca3ec618a917c916

SHA512
fd25f3bc0ca853e6dbb2f0261d57a3fb8349754d3b217011be645bf06e481feba1e6d284f0775672f153d5ae1da38a715b538788b6c0262179c7e456986a93f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
b56ea64b3735bb15d6c71e3a25d0e3ac

SHA1
36d891bacb84312156566d96a3d4a0effb91f9d9

SHA256
1335ccf1b6ce52f710c379a1f53e9356dd31bdd946d682fc4c4bdb865b9f84d8

SHA512
347cbfc905c4470842e5d50944c0c659f5573fba799fdd9eab26165d40f67eca5a78d6d5c4c89d82ab1e91cab6e507d3f6a97b0affd7777f92ee963719556a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c277b218540646abd176e86d5008261

SHA1
fdf511d62d5044387b91cdf0acd8bfcd099040cb

SHA256
1b91f24d7fe6f583a0cdc5bcf00b751383ee73b3bd7fe8ecf02ba1492bce7cf3

SHA512
349e62a33bfa4b478c36e1e08dcbbfa38bb852f136bfdefeee1409f9101a9537f60af1d2b8cb9b7416361b7221254ef8d4a7f014d6779e9293cc55b7680468ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17bc5441c6c41bc6c35ba5ee32f2b0b5

SHA1
7b4ff79e234ec7570343534210afa03545694dc7

SHA256
adcdaa3b904e8da236bcd6ffa2302ed988ce025ac1ca6169661826b188bbfa1a

SHA512
9f06d954b2bf172584c63a95aa21a4832871ce4753fae084ee51ad61d0f4583c3018738ed790176542dcb2e463c309bb2f75f4ff200a4b36a84cc1dfa1aa0251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
7cc277eb973782134b40f707695045c0

SHA1
a6d2919c7e36a23a5d13012c157373e54d34d9e1

SHA256
326aecbc5c79a12a49e32ea1f0b39bfbee6528f34c1b8861dd274ed50aca382d

SHA512
0a196104ed9f28e05a5a7708b80b986ea9a4d4730df318d91b9d192912c3eab9bd5a7a0a73af1624bfae818d0d7364f8d67b665f1afa36a71a50fda531b238f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
a029f806f64e98e99a542f1de77399ca

SHA1
9c7c217ba22f9db4ed47d23a6a2a5ab6749345fb

SHA256
40ada0819ece42373834fd4b6bd7a653c164e0c3053ad12522e58f4492ce166d

SHA512
0a70f9615d82042fd32302a51e8ca2838800e6d65ab344b43774fc4074c332d3f808b0cd9879c13809a46b26f3904b0029030973b1ff2e4c8a6aebf4374aad9c

Download Submit
memory/3008-2-0x0000024FE9EA0000-0x0000024FEA110000-memory.dmp

Filesize
2.4MB

Download
memory/3008-11-0x0000024FE8620000-0x0000024FE8621000-memory.dmp

Filesize
4KB

Download
memory/3008-12-0x0000024FE9EA0000-0x0000024FEA110000-memory.dmp

Filesize
2.4MB

Download