Analysis

  • max time kernel
    76s
  • max time network
    77s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19-09-2024 11:29

General

  • Target

    https://nnp.s3.fr-par.scw.cloud/nn.html?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=SCWVFW44R03VR0XR1KGB%2F20240918%2Ffr-par%2Fs3%2Faws4_request&X-Amz-Date=20240918T130706Z&X-Amz-Expires=553974&X-Amz-Signature=3e9b851f66e14ba2f1c6adcd60e9cb6503478ff78fcd3afc671aa4d21b6513d3&X-Amz-SignedHeaders=host&x-id=GetObject#[email protected]

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nnp.s3.fr-par.scw.cloud/nn.html?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=SCWVFW44R03VR0XR1KGB%2F20240918%2Ffr-par%2Fs3%2Faws4_request&X-Amz-Date=20240918T130706Z&X-Amz-Expires=553974&X-Amz-Signature=3e9b851f66e14ba2f1c6adcd60e9cb6503478ff78fcd3afc671aa4d21b6513d3&X-Amz-SignedHeaders=host&x-id=GetObject#[email protected]
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:668
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe42c6cc40,0x7ffe42c6cc4c,0x7ffe42c6cc58
      2⤵
        PID:4924
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,5913032031678713535,17292694514814498453,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1700 /prefetch:2
        2⤵
          PID:3728
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,5913032031678713535,17292694514814498453,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2108 /prefetch:3
          2⤵
            PID:1624
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,5913032031678713535,17292694514814498453,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:8
            2⤵
              PID:3340
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,5913032031678713535,17292694514814498453,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3104 /prefetch:1
              2⤵
                PID:1268
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,5913032031678713535,17292694514814498453,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
                2⤵
                  PID:3364
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4324,i,5913032031678713535,17292694514814498453,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3520 /prefetch:1
                  2⤵
                    PID:1900
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4560,i,5913032031678713535,17292694514814498453,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4724 /prefetch:8
                    2⤵
                      PID:4184
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4328,i,5913032031678713535,17292694514814498453,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4364 /prefetch:8
                      2⤵
                        PID:3248
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,5913032031678713535,17292694514814498453,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:8
                        2⤵
                          PID:332
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3324,i,5913032031678713535,17292694514814498453,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3244 /prefetch:1
                          2⤵
                            PID:3856
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3312,i,5913032031678713535,17292694514814498453,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4784 /prefetch:1
                            2⤵
                              PID:4136
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5060,i,5913032031678713535,17292694514814498453,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5016 /prefetch:1
                              2⤵
                                PID:4636
                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                              1⤵
                                PID:3632
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                1⤵
                                  PID:3924

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                  Filesize

                                  649B

                                  MD5

                                  05f7a8e7d6748fe3b77d48d096212542

                                  SHA1

                                  d482e22233f84ca758b591a5c2626731d97549d2

                                  SHA256

                                  70cfc32e9b52b53334365fbfe69cbd6795f26c3c43ab48fb62c17aaf7339ecf9

                                  SHA512

                                  bf9e27e077362e571c9a40286c796dd702efaf4ad137a012e350b37afbe3e9e8e35620bd4f64b109c9dd32d2ed7aec32638304592c093b2e4e28fd85eab26991

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  240B

                                  MD5

                                  48dbfdd6ede4068e7d8ea5bfba4aa48e

                                  SHA1

                                  1b48ecbdf89ee3bd860ae2d8579df19d4e01a1ff

                                  SHA256

                                  78eb4b8b66376c35033303ae9c5162c32f3b9ab7f4bd43615ed98b9e494e0be2

                                  SHA512

                                  64537bfffa91c60331e4d384511c86649e6aa67efedb451328d38385210563b4fcb1bf73933f4ee7a5c4163e1fbdf3fcfb55d8123454faf07dc555f1c6eff2e6

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                  Filesize

                                  4KB

                                  MD5

                                  3b9bf83b7b08a6334636c33861336b16

                                  SHA1

                                  cfca8719725a3f5d7f507e5c6a5db59ce9cd54a9

                                  SHA256

                                  82d1097efcf0b1dd8932d39702c5a4a1dd3984ad9671bf8e4c12c6da2c05779a

                                  SHA512

                                  3e3e39e7159b68e6b90a0b581ce7bb6a7745b01568e35dcab877743ada1546e2695fce73cd56bcd0c8989489a6511afc200b54c826a58c90d8b4aa29865cedcc

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                  Filesize

                                  2B

                                  MD5

                                  d751713988987e9331980363e24189ce

                                  SHA1

                                  97d170e1550eee4afc0af065b78cda302a97674c

                                  SHA256

                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                  SHA512

                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  3KB

                                  MD5

                                  8caf22be4982948d7b2218600b474069

                                  SHA1

                                  f37271dde99ab35fffb38bef0734c33f3f1aaa71

                                  SHA256

                                  01cb9f50e7f3491cff73621bbb63065913d9eb770f83686e6866484a3246a7b5

                                  SHA512

                                  658cc6ab2c426d52734ea74cb7d656d232b33408b919a9045b19bfd828a16439a13c11962f86e44d21197c78992a8b2807f7981694abb695f3aa425673395270

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  039eb991885e5760e6dc04c58ef18459

                                  SHA1

                                  697d122fdb8478a57e290fc1cb43a1d53bd4c876

                                  SHA256

                                  583c64e8f0c1413e14eafa282c2325ac4e255a3b95596c8f427d40a92056900e

                                  SHA512

                                  3784ec7210125a4379ba09866ae82d2669c31c7121542600aadc189b67e915bb5401c8e9c9828c7f8396e4bbb56556ade49d2899230ec258db32f76c32b2ba03

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  9KB

                                  MD5

                                  c2eef0c665fbd788fd2c1e81795e6385

                                  SHA1

                                  40bd2d75b202bfbd0b2be2492ffc619e7f4e8fb9

                                  SHA256

                                  9bfa5302c0cd9926c5dbb00b012c7915010f260a04cd8d7a43cde911a61331b5

                                  SHA512

                                  305b6fdb725344fa4950aa1c395a37e6c719a6c5ec89e66b3f6e886859f9da30d55b487bb19244695347c0e64d26db382f05e1db457a943ab5e3b7d267c49d0a

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  9KB

                                  MD5

                                  af7da6480af3c3bab163cef91be5d7d5

                                  SHA1

                                  5f42119576389d87538657201bda93743e209da7

                                  SHA256

                                  e161aac2f752d7420a49c65e833a65c883d58f32f8e4b41689664f5dba91067c

                                  SHA512

                                  e331ba60512d65a34a810cb14de7136a0e177201bd9eedeef8653ae576a92aaf7382da9d978488552556ae7a54a96463d66e9847117a22f68ef0ff16db414206

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  10KB

                                  MD5

                                  b732334c8495fcc163fcd87693dd7495

                                  SHA1

                                  737df86bd1d0d0803a02c987d014baa7761969a1

                                  SHA256

                                  0439649a82021b8bfbd7b91dc37f15c69f6767796241868bfe0dfeeff1c71521

                                  SHA512

                                  ea967c7dfacf3a239ab403622e6e913b10ac5e7c3fb72f5c6d36d3ed1c6f4fb969e4119e4b11f72c04d1b4fce581f6fa27c7c8d704f63fec1906c82d626a8681

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  9KB

                                  MD5

                                  e4d1e501ed5e763a2923e35805ba0784

                                  SHA1

                                  ae4658ca7d3eb93a8cb3ddb0aae075f617cc291d

                                  SHA256

                                  d6f551bddd386103600c0c0be9c7263d7acc8caa370da35ff9b0403ec5bfe1bd

                                  SHA512

                                  a0d38e0cfec27b65954fcf6ba4abe160427ab30fdfd0d4b566a0d801e1f9d5842b23d1bee69ebdf84f75fae96c904b1e6a66372d46ac5f972404869e569ccce5

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  9KB

                                  MD5

                                  68ee499fb5b73ec827be64b79f4b8bfb

                                  SHA1

                                  85d12909ce3b43798468d2fe5602894c91265134

                                  SHA256

                                  dedd94c4ad14a2ff36a954a97e1df54f58746d863ade700c509387672762e4ae

                                  SHA512

                                  3e7e932d2ed6a61b2bcad406a9e297612951c1a7ed0474f533d2031b5733e3ed8aaecb9cea62e461a9441f9bd8466d3b3f4569a6a7786e13b25939e833555d46

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  196KB

                                  MD5

                                  571c9a3e7445ae5dcb71054dc7098919

                                  SHA1

                                  2ffd8a1b0e7a15d1a255d9f8ee4b10b2010f01b3

                                  SHA256

                                  384c50df84ab209d7b8aed42cf8dc6d7bb85bb37f027a3d57cb0875413cb3e54

                                  SHA512

                                  81b95b609eff2ecc90c7dfa237116a91631b5f539c2849db90df7f080d175ab5d622d5ad79ffb1bb82b3ab612f0ffa86cc47938760d3db0f989cc3699b5925a1

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  226KB

                                  MD5

                                  01f61572134cb9a667e3b550ff870daa

                                  SHA1

                                  31469fca948ba551c4b6ff9418dccea5d21fe77a

                                  SHA256

                                  9c119b4770a709dd4256c1e68ede323fdb89f7508332c515244a170be26485a4

                                  SHA512

                                  515c9ba6ba0686bc7d37c28b305728fa4e2d21878582767be510dc6df14dbc0f8ab08ae6a35a2054e35f9b9e194683cfcaf3eb06ab8d928c90d0e2f6142b324a

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  197KB

                                  MD5

                                  5c34e27e34c103f08553c8569491deeb

                                  SHA1

                                  e9db87d71bc8bb3eba7cfb5765c54fa57f52ca37

                                  SHA256

                                  39e50771856798a1e1bee5b7b5c085d154f0b782bc172e64cdb3727d2ecc2658

                                  SHA512

                                  214f56b3ec91437b372f565fcbccc073c2687a07f75661e9432843a48947df2fd118df3a4cea9c7307244521ab3f96e8a24c93c226b43a67f6eaa14e3c0a8ff9

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  197KB

                                  MD5

                                  a65f73b574a796366576bc1c872f759e

                                  SHA1

                                  7cfe1a98a364e9a596604c425b2626ce4ebebac6

                                  SHA256

                                  8d12f85d1796ffe6f4500c156118a7620fc261858961fc2bd0dc8f314bf62aa2

                                  SHA512

                                  13d89f4b1aa6d4ade388e3d130b36933388c366ef1948f1843ad4e3557e5ada4ab55ec481e9918519831fe5f84fbf3dadee44859ea949134cf86e7452ab49149