7623a2671d712b7e06555134bc022d04ca40320536d318cd9e2def298b819b9b

Analysis

max time kernel
27s
max time network
152s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

896KB
MD5

9a7ab60c3dbe9ce509444cbad406e780
SHA1

98a3cb0741ef82e1a40c322876f469eb1c0e2464
SHA256

7623a2671d712b7e06555134bc022d04ca40320536d318cd9e2def298b819b9b
SHA512

0c6fc4f1c7418cce3716d4d6b7db71444ae44ea53121bf825509e77a86214d534a26d6f5b1563c3171211bc5439aa801e9f986cfb02ed49ff9acff1f734def50
SSDEEP

12288:DqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaCTc:DqDEvCTbMWu7rQYlBQcBiT6rprG8aic

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2716	file.exe
2112	chrome.exe
2112	chrome.exe

Suspicious use of AdjustPrivilegeToken 52 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
2716	file.exe
2716	file.exe
2716	file.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2716	file.exe
2716	file.exe
2716	file.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2112	2716	file.exe	30
PID 2716 wrote to memory of 2112	2716	file.exe	30
PID 2716 wrote to memory of 2112	2716	file.exe	30
PID 2716 wrote to memory of 2112	2716	file.exe	30
PID 2112 wrote to memory of 2792	2112	chrome.exe	31
PID 2112 wrote to memory of 2792	2112	chrome.exe	31
PID 2112 wrote to memory of 2792	2112	chrome.exe	31
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2576	2112	chrome.exe	33
PID 2112 wrote to memory of 2592	2112	chrome.exe	34
PID 2112 wrote to memory of 2592	2112	chrome.exe	34
PID 2112 wrote to memory of 2592	2112	chrome.exe	34
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35
PID 2112 wrote to memory of 2696	2112	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --app="https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-features=CrashRecovery
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2112
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7099758,0x7fef7099768,0x7fef7099778
    3⤵
    PID:2792
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1380,i,2759889080746818559,1871521938278577560,131072 --disable-features=CrashRecovery /prefetch:2
    3⤵
    PID:2576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1380,i,2759889080746818559,1871521938278577560,131072 --disable-features=CrashRecovery /prefetch:8
    3⤵
    PID:2592
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1380,i,2759889080746818559,1871521938278577560,131072 --disable-features=CrashRecovery /prefetch:8
    3⤵
    PID:2696
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1380,i,2759889080746818559,1871521938278577560,131072 --disable-features=CrashRecovery /prefetch:1
    3⤵
    PID:2544
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1380,i,2759889080746818559,1871521938278577560,131072 --disable-features=CrashRecovery /prefetch:1
    3⤵
    PID:2040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1572 --field-trial-handle=1380,i,2759889080746818559,1871521938278577560,131072 --disable-features=CrashRecovery /prefetch:2
    3⤵
    PID:2984
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1380,i,2759889080746818559,1871521938278577560,131072 --disable-features=CrashRecovery /prefetch:8
    3⤵
    PID:1712
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3672 --field-trial-handle=1380,i,2759889080746818559,1871521938278577560,131072 --disable-features=CrashRecovery /prefetch:1
    3⤵
    PID:976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7e57ca4b-51a1-4e6d-9e6b-486277b757bc.tmp

Filesize
5KB

MD5
62e92d7920d0f2f555da52d1cbc0a751

SHA1
969b60c4c5d76c944c55a3dbda319fa6a9a3fb7c

SHA256
15935672754c4341895707f66f4ba43bdd259f5ee3873a6f2a9d9bc8ca449a88

SHA512
3c4a6683de26222b64873c4252de11b3f15b529d2911c0b19d98705bc6ba83c73117fde722a1bee363294f41f6a76de82741adc822e3b6973d7d7b7f01e2c070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9f84a438aa0b9a4cc99a9895effce758

SHA1
2463428985e235c698d128010e5fe04c3ed6d9d8

SHA256
4c5f202c2962e971401a4c5ed0f21617a4008fba91a304a98cfcdb492645567c

SHA512
42eee55edfa3343839109f364f20cd33d151d80d771890e7cf97fc110735c4ff665b1fa99db5ea9be8b40afc38fd61eaada659641b05220b80b83ffff56b9e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
d50638cb8ef6c54a063b586b63977e0a

SHA1
868d96bd22251fe8e16e325bf346a47c19068cb6

SHA256
b28aa763ae1ffdf2e008544d930c6deb7c97da33194ff0299f378ac76726e7f3

SHA512
34d8ab673f7dab504c62c4fd946c5cb5eb1958128f02f986aa9aeb8909dd5f24450d948ebfd467dc5fbb3f1a6c0c88dde8c0bfd5e789fc84c1f81a904ccba601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
83b930df821013c3cf700813efcd7e4e

SHA1
7d67485ed795cbbbbeb9b83981fc03ae99f4d507

SHA256
16708ea77e8b66240db6867b0904b25b960d8d7e5763066c7414d7e070c66fcd

SHA512
e4128f661b8c9bf9a78298bf17904db1b485ebbe2ed97e812c6cc9d36adba0efceeda6663cbec40fea854359f255d75e3320fa4799f2d2ef49a6383ba7ad0cdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit