Analysis

  • max time kernel
    299s
  • max time network
    289s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 06:11

General

  • Target

    http://g7ee5otfyict57k24vjujuqzi6pd7iwvnsry2mt3svsgwzn6o6iynsad.onion/2020/program_UTC+2.php

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://g7ee5otfyict57k24vjujuqzi6pd7iwvnsry2mt3svsgwzn6o6iynsad.onion/2020/program_UTC+2.php
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3813cc40,0x7fff3813cc4c,0x7fff3813cc58
      2⤵
        PID:1924
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,6792365309046933860,4152621160016169440,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1988 /prefetch:2
        2⤵
          PID:3100
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,6792365309046933860,4152621160016169440,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3
          2⤵
            PID:3016
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1680,i,6792365309046933860,4152621160016169440,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2280 /prefetch:8
            2⤵
              PID:4936
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,6792365309046933860,4152621160016169440,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3080 /prefetch:1
              2⤵
                PID:3304
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,6792365309046933860,4152621160016169440,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3260 /prefetch:1
                2⤵
                  PID:5060
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4360,i,6792365309046933860,4152621160016169440,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4596 /prefetch:8
                  2⤵
                    PID:2336
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4624,i,6792365309046933860,4152621160016169440,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4668 /prefetch:1
                    2⤵
                      PID:432
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4944,i,6792365309046933860,4152621160016169440,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4396 /prefetch:2
                      2⤵
                        PID:536
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5116,i,6792365309046933860,4152621160016169440,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:1
                        2⤵
                          PID:1580
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5320,i,6792365309046933860,4152621160016169440,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4368
                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                        1⤵
                          PID:1928
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                          1⤵
                            PID:4984

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                            Filesize

                            649B

                            MD5

                            d4d14a0e8194de6d830b4c538607074f

                            SHA1

                            24c5de8186f5924c9970d1e1dc0f905ca525b7f6

                            SHA256

                            1d7a31402842e479b9c22cee76700be446878111eb0bda59035420dbdb2fd3b7

                            SHA512

                            8a17bd5b24123c7ca7455389250d9d3ba8e76957c0005c389a2715a076d30b54c22dc60664e3ed9665f3b29867dc31c505683f2cb05f7b856e44b16388296530

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

                            Filesize

                            216B

                            MD5

                            9ed40c61cd5425cbd56c43d0ed56ad29

                            SHA1

                            c04b117dbbac1b9b98a6716a59b1bd34f232901e

                            SHA256

                            4f981e67ff128c4b7eb529d5435097afe98718ea11cf8a37b40dfce69b2b464c

                            SHA512

                            63cabfd0a39a50d6ae4a51f76ca2e28b0b711241271917371cca6356d34e4b7f6fae99fd65a8cc8ed0e88cd9231f9100ef22fa0d36419e1e16b3e96003c3345b

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                            Filesize

                            962B

                            MD5

                            1faf11805785a1b9afe15d41766de429

                            SHA1

                            dc068169d6d9705378c3966dd2e4922243a21e90

                            SHA256

                            e3a3d408d9392e2580716fa2797ecdbddbb446ed229522763d3aa89e5426d9c7

                            SHA512

                            104e1fcc13de44d57c8ae0b5237aa8bd49e058c037f74ca7950b7e111a9d1364bc176d100f82c2d48877926a92261a2bf9c6247d14011a8e9d033f505ed659c8

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                            Filesize

                            2B

                            MD5

                            d751713988987e9331980363e24189ce

                            SHA1

                            97d170e1550eee4afc0af065b78cda302a97674c

                            SHA256

                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                            SHA512

                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            96e787259a4aa8fc0bee06d97ab95f78

                            SHA1

                            b8a3eef276ff76656df008cfde9c56ae0f2b6a27

                            SHA256

                            09f69ac068911aee836f49eb997e12a037921c7ae613c1059a2299b6dfc5d02a

                            SHA512

                            1467ccfca145ef9547dcb5e56976d0c6899661cb2a9e7adca7b867557ff0afe4caa312b6ba690b6dc3c9dae3fe1beb0b4e3c02f64fc71faf1c52c87cf429d520

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            085b42fc142ab825010b7f7d0d2f6b21

                            SHA1

                            52dcbe1a55736a282797470eb155fcff39f3470d

                            SHA256

                            7e8ea2f9586fc10e9a5d609a627b7b08100f3ff0386d990ab9f06abaa54868dd

                            SHA512

                            bbc68a7bf5fa53ab14acf4a5eb4cf78236108366525aaf2f6b53b2aa4d0a8a4020d87b82c3f8c6c95af4fb12d4d61252e939367acc552a096731d8406821c200

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            676e1f2fda53313e1abdcd3cd233e8c6

                            SHA1

                            5a5e27c673cecfa839b2f325e7ef1cf227cf8218

                            SHA256

                            27c7f7e25db7dcd99d029ceed8bda69217a1443473d9b186be33c5b8d1a59ab7

                            SHA512

                            7cf5b7ed5822a165c04eb32a69ad528b1a37199288ab2e562730fed7d059f51ab0baa05c26210f342205535b88687bf53de4fed32b060fef8bfa8c845afbc1ba

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            08328b51a39da1052cf15668a5e9e5c1

                            SHA1

                            f1f714e999bdd601364714c67749e66b7bdf8cc5

                            SHA256

                            d2b472616c98cbf5d2c3fb437a17e3fdf72e0622561457788b98a4ab2895e68d

                            SHA512

                            a46edc1bf0da02f4ae5a0f2e3d3ca77c2e099598dfbac8494cd1f199a4f7f46e7d2a97783c4405ccbc9d889c37d91360a168b0e32083f236aa916adbf4abe444

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            ee9dc4354ac4404b0ab64ee2f603d6a7

                            SHA1

                            6880a6b19a1a2fca2dce4a6a2d651212319469b3

                            SHA256

                            f1a684086d96e561d6200d8e161b289144fe634ee57ea95bdb8ff5092041acc4

                            SHA512

                            00f3b540beda0734b163ecbdfa1d80882e20fa3481f1950440a7e95521cefd14983fcddbfb536d0eacd2d1cfd9887eb2a9573f47aed5b3ffcbdbddc23551b43a

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            5bf02ead648fa190d7bea5111a32441c

                            SHA1

                            03d92845a28f6bfacf1788910f1c6b43e9154177

                            SHA256

                            d27941aa606d58532e31678fb4b853b14a79f5f78e970d444fe9f3ba388d0380

                            SHA512

                            4232592280f7e8a0222cd862686b6d7da04d2da748e9d617270f3e4f7ebdac3e71fc0a34e674955dc2ed35c0f436bd0af3134357ebd0019d6496f58d37752dfb

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            a3f826e246b953c66145e1c8f4f25f0d

                            SHA1

                            7e2445a09f9a7063c52135b9cc6be4af20d538c7

                            SHA256

                            8fccb3f4570aae4376922062a247f1fc0fbca3a6b71d8c58fd4fa57cc45607e0

                            SHA512

                            2b6dddd06d495082c82443f7d5d5976004b7032312f05b178ead6e61961d92bd559e2cb7347a5acf46bb469f303ac7bac99825179c8cdc364e4d1b4610cfd2b8

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            4fcb64df2d28e5b1996bc09ae4110297

                            SHA1

                            499507dda2f2ea2b9439f8b14846b53838ada9d4

                            SHA256

                            741f3b6b82ef27da16c4d8c9330a07230cb04469620dd2352b7939068e1ea239

                            SHA512

                            5d7cf4b35f20385335eadc7638255b9786b0ae0c54a8a1035b48e4e5b1ad38d647cc45e0dc6b016f7d30702db6815054c8390247ac945ea5875725910a6b5d85

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            96ce6078a1c0c14e3289d0e789b9fd5d

                            SHA1

                            1e45b39d99a2af8b405ab7906188721897d901e6

                            SHA256

                            ce9b513a4a2df0de75355fa6d38b7e4e8dd4503c56def93e31eee31061b687ad

                            SHA512

                            8ea903042855296c155a41d0cc463951840e4aaf822fdad10dfbcaf8a6eb995b45d91448bdbd924081d093298cf93333f836e7c5513e4eeb775ac33d51fab4f7

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            633014e515ddedfefe095819a6793545

                            SHA1

                            c1411818b4a0250f16588010a8fe3359eca0d791

                            SHA256

                            ed673b46acfea66d9152a566588feefd7d86ce8d6702f6c30f6a5374329d7aa7

                            SHA512

                            6ed5fb9ed669fbe751370745f8fd9354bb2f39cfa7fa947175940cd1de077060cc3512e7ab7ea86a326580b155e11fbb21ddd72f921bd1f243c34a679a82fb09

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            ea7c5ad6d328378a42da3102235bf82f

                            SHA1

                            ff12be3a54c0da3089a4f9aa184399d2c2304f06

                            SHA256

                            97a9e2be4b4481078326ad9a3cb06cff79496c188b0e9aafd8694b6e3d90a32b

                            SHA512

                            79e62db674a270d3006e82676e11da647d709531d8dc32e428ebad22836572ea61a38081c32094c2ba12a2346609243b608b049d0d3d1b614dfa3f78966b17de

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            96323f177ad158c4a6bf410831631229

                            SHA1

                            041df1b9cebf451c670df1d32c1dd20bf0060d0b

                            SHA256

                            b9cd3c2241437d893dbb8a8ef5066d3512692e83eecaf337c3ee983ecee131a3

                            SHA512

                            d7a8ec384ba877465c6720ba6b9bee5a2f1f41c9f0a4eca661f1e943870e638445e8b498541ab7625f9e35a8e293b64dc62fe5514e750df0aa2f75e5b94c4188

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            72e54d848c867da3f6aa4b196d337336

                            SHA1

                            c761052ed424a1ee5789d5002582c1119d81470c

                            SHA256

                            275882159f1e2107d0f73fa4466c1a59268edcac3fc6ac52395ce2bc16b1030a

                            SHA512

                            9da413457807497e351746f2776746a6ed9cd8bce83dd85152675b34625e87e0f07a80f0bb6b6a58fb40fd23ae850f2e2781f0ec5bd93b8a62c05c658c56c180

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                            Filesize

                            9KB

                            MD5

                            4dc78f448d4bb129084b7726a6b40e4e

                            SHA1

                            01547717f22fb7a5628e96ac3b7ffef864f6ca77

                            SHA256

                            e9cde48e3411dafd8c62afb20c7487b80ebed301e75b8ff22561cf51fa365dcb

                            SHA512

                            45afccf0fcab9ec303299750e9cc8dccab66ac12beeb714a23c6b3a0ce4da69bd899383a4e4cecec6393871ac103e77a9b013d394026c1294af037e924a4ff42

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            99KB

                            MD5

                            ec78fa74b4bdceab185310b3d9d3ecdd

                            SHA1

                            bc24a07c9c152b6da01b9b6fe3ca6505b499de6a

                            SHA256

                            aed51d53d4388f025772963b86c99ba07ebc7765b3c3bb5e7933110dfbb84314

                            SHA512

                            b3ce872396d3a4f2683cfe8038aab84ceb047b076c54d1c8834b5ca66620a013bc5e6d9dd4f1a011bd7172f5c158ef837c7c7fa4e32281fd2d9659d73d9c150f

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            99KB

                            MD5

                            512d113db9b804f5dc55062a54b6cbcf

                            SHA1

                            f2b8bb00993ca623b84865925494945a0b161c22

                            SHA256

                            55db74de8418966e99e77702612f9fb8e07d140a71bfc812ecbe550ac5e31238

                            SHA512

                            6fc99015873b8407d34b84bde5d8b79d416226c206df7acaceddc390c15af7db161b9da267c6d8a8a73147d052549fac3b8742a21b03a45a93f0a1d720a0e65f

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                            Filesize

                            99KB

                            MD5

                            a339b0700d9e502cb8eed09170128c29

                            SHA1

                            41b3c7c2db9544baff88b152c79b7fa09aa693cb

                            SHA256

                            6eae2b5b877e801dbc56a2d979d3dec4b1a21467b24d73a8dd743dbcccfde2cc

                            SHA512

                            f0688b75fc17f938b58851e3b2ef5ee36a774205d38a7bfdb1166633779df661400e740d7f1569e49585db63cc4fa4b41831638f51152c4d26d1e268d3e02d67