Analysis

  • max time kernel
    65s
  • max time network
    65s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    17-09-2024 17:12

General

  • Target

    https://fperez.archive.us-east-1.oortech.com/yorez/altd?signatu

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://fperez.archive.us-east-1.oortech.com/yorez/altd?signatu
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb163dcc40,0x7ffb163dcc4c,0x7ffb163dcc58
      2⤵
        PID:4124
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,10392718619711231391,5908222612418398446,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1780 /prefetch:2
        2⤵
          PID:3756
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,10392718619711231391,5908222612418398446,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:3
          2⤵
            PID:4232
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,10392718619711231391,5908222612418398446,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2256 /prefetch:8
            2⤵
              PID:1788
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,10392718619711231391,5908222612418398446,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
              2⤵
                PID:2372
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,10392718619711231391,5908222612418398446,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
                2⤵
                  PID:1600
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4604,i,10392718619711231391,5908222612418398446,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:8
                  2⤵
                    PID:3520
                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                  1⤵
                    PID:2612
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                    1⤵
                      PID:3936
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --field-trial-handle=2616,i,15554696853514343836,10056627555468107043,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:8
                      1⤵
                        PID:2912

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                        Filesize

                        649B

                        MD5

                        3e1aee6bb6e03a35b0c228e978e5002f

                        SHA1

                        197eda629001a05de36a9b175cdd7a599f9bbfbd

                        SHA256

                        d73e06311d5c5258e0f0fd4cda6cd2ddc9cdc0964a521a307761ce93ef09dca8

                        SHA512

                        a229f60a3bc1d55f3c4970d4f2576426035596de33ad8e6960eb4d20bba8b076a668bb80c39b9be592151ce6e692f9460b1c8a80f01f149f7333c00790265fa9

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        240B

                        MD5

                        56386a8ecd4942837e2bd9bed742f96e

                        SHA1

                        8a818979eb65a733d463517d890ebee6a42a0f56

                        SHA256

                        febd231e5f0def84e60a6d4adb02b0fa07a9d4cbb70e77235ac2a8e098690450

                        SHA512

                        5f8b483c5acf8b3727405cb34c7a08dafb7889afce417efd59a6eab8fab3260f12f77cceca3cae422c54dfe0c18dab836e11473e977a84b42668e5f961d28d0f

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                        Filesize

                        2B

                        MD5

                        d751713988987e9331980363e24189ce

                        SHA1

                        97d170e1550eee4afc0af065b78cda302a97674c

                        SHA256

                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                        SHA512

                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        35954ce062695548fac8296e76024b8e

                        SHA1

                        be7f3eb82836b0e099ff2fc249c87d68287cc122

                        SHA256

                        4b8c4d4b185de6320cca280727c3709da923c025f548687bc6691389dab03ae9

                        SHA512

                        ea84912fe61ac32276fa96eb4927f82380b5d538debbd9810c2dc46c8e2022345d600701cb2329cb40f7c38bb4714975b01d3820d9ba8c19de1f4553b13811d0

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        c9b853ab9175f6a4680433f63ca5dd64

                        SHA1

                        ab1193e92f691555623d8fc9dd108350b37bbf50

                        SHA256

                        1365511d4d0269421f7ae70b0f1163e3f4758c9b2311dc5a972adf71bc3dde9c

                        SHA512

                        a05183d170fc29b93f6f8f1f728e5d759f6e680a5e5e10f319059934093cd4d57570354556d811cd1a2596a5b9bb59d45347edfe290a841c575c7a79d740d987

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        1KB

                        MD5

                        0d6fbe2f02dcc0cf4f7c4eaac2ea58a4

                        SHA1

                        7ae538b29294f5b73d78f6b2d392ca8866c09101

                        SHA256

                        19fd62495502d4609ff6587b8419ec68e644f1ef2d07a9246840c64378fffd2c

                        SHA512

                        afc934047f063013b11b347eb25f29f739ae41690e4350e1b3d4fe8994eb03d01a0305a7d6f13c5154b886315536d49658afb7e27e30c39b4b7454f859a9a405

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        82ed3c22eeddecb06cf66874fc842c46

                        SHA1

                        26c42843318c306f3b5bfbafaeb2c2662b6b9c1b

                        SHA256

                        9603248073672e4d198eb28ac49e43580975eac2fb9285fcca882e742e99c53b

                        SHA512

                        84c3c00bfa74a7a1d98b8081eb26c67b9318d8cfd9145b107c7991d240099bbb70bdf43d2bb0153ef75326e54cd381aaa03cc5861a53acd0fa0ad45fb3cc8271

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        f50d8d705645b18a5a4de273820dd68d

                        SHA1

                        7767f42238dc1305a41e3f9fb6b576a83fa062a9

                        SHA256

                        a711e8eb3a5168f1ec702a0c97136f28d87a7e2269a82c89b4ae261f672cd1c5

                        SHA512

                        61b0e41a53962411e36b49566b97bbecf61ebad02bf655e06841362ef94d673a6be742dbee0b0fb8e9f0dd45e3320ed35bce90e9d55932dd69fd1f518a128066

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        b3981d2a324fe6c565a316e15a868217

                        SHA1

                        65dc7148e3d78613fcb704aefadc5eded1a36def

                        SHA256

                        2b08c355a9e54d580fbb47a40a062b8cc8bb9204cb0c2d427bff5dac599e5998

                        SHA512

                        5a2d2b3cdb6047f5bbba8ccdf07320b5c685cf8c771182d0b5cd23f8112119891035bab799298b49f34756ef5c69723c851f8ead75cfd1f44877a6e900165c14

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        e2eadc6475621bd3d45cba1c70bef0be

                        SHA1

                        9efabe1efe61ae0d50ddb6a71e81d47df913b01b

                        SHA256

                        32cbe21015313e8c1666dca52846a0f92b0f3b20e788b5783e23282a21b8f0eb

                        SHA512

                        00fa4b12ba8bda68ce43f1ffc5caea8cc4e4c23532c0b3b39b5acd29b5b560faa60df3f99fe999fb66c8ee8dbace8e7ad561c1f09504471bd6155ff0d90af99a

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        195KB

                        MD5

                        f3ea4b81e447f068fecbfcf6d5d507c6

                        SHA1

                        02f8f9a91ea88547a0ed7a40e5b3e9254aa92ebc

                        SHA256

                        8835f8de65bb03541cf38e3957743176e08a906ccc69eb57ede2b2be55627e95

                        SHA512

                        5b78e3ed6d0752da572f1aae67b6d9ff50e510f37032e7dc2caf281e7d256a82ded2c6c950e3916e57fe2a069402e1f13b0166be8ab425dcd9108130ecfeb0c9

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        195KB

                        MD5

                        a5691ca5aa6cf901cb1706ce6fc8ec86

                        SHA1

                        23cf755fe5973e7fa6a01ac9f8edae7aba739bfe

                        SHA256

                        45899f6fcc63dd8b5d7338f80afbd28959e9dbb161671cb2a85064f22b69fd80

                        SHA512

                        3a9171f638bd3fbd816ff344eb617bcfb1f54f9f4f9f28a17d374d8a5712bdfd2be45b5b1454e035399b5c677acc472d73fc77634965f786fa355032d6a35204

                      • \??\pipe\crashpad_856_DIEGPZEJMONUFYUE

                        MD5

                        d41d8cd98f00b204e9800998ecf8427e

                        SHA1

                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                        SHA256

                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                        SHA512

                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e