37f0dc9bd5aa0acc5ba291eab7b7f5b386e08e65a39be25446333e3978fede23

Analysis

max time kernel
265s
max time network
300s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

image-removebg-preview-removebg-preview-removebg-preview.png
Size

170KB
MD5

34da9125e528a0cfd33335fdc993dfaf
SHA1

855bdcf6ed11f67daa68e937772efe7c8c51eb5b
SHA256

37f0dc9bd5aa0acc5ba291eab7b7f5b386e08e65a39be25446333e3978fede23
SHA512

9c5c0aa9d625faa6e2a1dd7718316afe0313b536132143e3e5272bdbd5d0285e86ffaa0db10a182fae379bcd26fefc16895b587fb0334c314dfd39f917966753
SSDEEP

3072:CzMWh2X9KoeAdpzKwYofc/rNPLVMQuMGcJAz7yDoICddn5:kStKOhS5PJMQuMGrztJ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
620	rundll32.exe
620	rundll32.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 1248	1916	chrome.exe	31
PID 1916 wrote to memory of 1248	1916	chrome.exe	31
PID 1916 wrote to memory of 1248	1916	chrome.exe	31
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2464	1916	chrome.exe	33
PID 1916 wrote to memory of 2752	1916	chrome.exe	34
PID 1916 wrote to memory of 2752	1916	chrome.exe	34
PID 1916 wrote to memory of 2752	1916	chrome.exe	34
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35
PID 1916 wrote to memory of 2784	1916	chrome.exe	35

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\image-removebg-preview-removebg-preview-removebg-preview.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68e9758,0x7fef68e9768,0x7fef68e9778
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1356,i,8098888117817103014,11319610713053903904,131072 /prefetch:2
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1376 --field-trial-handle=1356,i,8098888117817103014,11319610713053903904,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1356,i,8098888117817103014,11319610713053903904,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1356,i,8098888117817103014,11319610713053903904,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1356,i,8098888117817103014,11319610713053903904,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1672 --field-trial-handle=1356,i,8098888117817103014,11319610713053903904,131072 /prefetch:2
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1292 --field-trial-handle=1356,i,8098888117817103014,11319610713053903904,131072 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 --field-trial-handle=1356,i,8098888117817103014,11319610713053903904,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3644 --field-trial-handle=1356,i,8098888117817103014,11319610713053903904,131072 /prefetch:1
  2⤵
  PID:1284

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c93fcb126d27c5cf8b27fa880e42d82a

SHA1
61e51bec942dd349cbaf24afd29df55afd71e8e1

SHA256
521b91107cdfa3ac3509d334aea0008ecccdee790be72772bb8c4d38e30fd72f

SHA512
d622ed617e5c6cb9b8753e977050a74e449107dddbb4701bdead01605d0000766709207969aebc8dbb8849a8ca35b640720c303adc50661066fda5833c60da8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d8d3aba004fdc9451aa369a5abed56cd

SHA1
409742e9fa8ae44837a710325a30fccad841aa70

SHA256
27fdc230c1f7bb760fff3bcff9b19964174269024472e62b302651f14fc91f81

SHA512
847afc21e84549104ccbffbe16d9f1e97c40855c8f5bdc85f0c69763d7f7d638ddb0cf8fb7b4084beca9d62819c0556a7060eb37603d5ec03c5041f1378eb3f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
562c0e753f94be5a15fb660c9bb63421

SHA1
8e18ebb67e746b41df90c21e5403bfee9601aadb

SHA256
814980c80c0116f24996dfdab96d3ec39b8089623043e39bca4b38b6de22b07e

SHA512
d1d839b3b981164d64ba5ad8351a4b320914869821ac7a6a6d0cc47ecc3e2abf2c11146cf4560014644458d25e4757ed869a0c307092fda3037c291b64977570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
079ac8fa75a6e4ccb06d7f0319426506

SHA1
56f48cf7202f80e69fc70f77d3e3a2d06c04385a

SHA256
2b136f027b8bcb169b935adaa8a6f10f4caffbe7507b4a2ca09703bf7141477b

SHA512
2963abe5611a0dd2b03f667c382b322fd41294890337feffd62c5e1a8c0b54dd874ecf5f9ee32bfcc9df1deb2eb0d6196b9129e0eaa2055e2f16dba38ca06bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d9d080201c5e3c04fdd2cf9a9217387b

SHA1
1a70e0b635223cb27d24f38e4ddc58f0b34270d8

SHA256
cfd3fcb12437d69ea8970e64352615fd8ff24b638364d568a10c7e8df54c1f76

SHA512
643073fb1f0a3547064a60d669928cb3515240f3e180f0eb39a2d7bdc7429042268df29e0261eec53c0047ebb7e7b9db4a95e14e3aece7f4d58b40ccce4ec30f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
de1bf76372696a51e3de29b6021cac8a

SHA1
9ed3842329113612522b134567c224720f5362cd

SHA256
7ea81611f437e79bd89de14c1d3a00a0a1ebdaf8797c4f7259d03c7360759c56

SHA512
7fef2d63b9e10f6567dff5c4f5d2ee41d5f7590c95e9abf9fc0f751cca111a6f90718d2a468710f34b4183379766a34919305cb55c2907b096a8e5848ec331e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
memory/620-0-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download