Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 01:22

General

  • Target

    79060030273a20808526d3486f8054437f471f5e279636c734d07b90d47d94e1.exe

  • Size

    896KB

  • MD5

    b32594aa4f3ed532f916af2d8f12da40

  • SHA1

    6d83460a333fe54d0e188b67bd4ce53f4e6acef1

  • SHA256

    79060030273a20808526d3486f8054437f471f5e279636c734d07b90d47d94e1

  • SHA512

    4ac47f9c3da75831fc7d24362d020dbd84168adcd4a027f5caa69f8f30924bb768ed4c7127075c6f3de8b3b7a23fb2f362aacc2bf3a1541569dcd1ce4d704c59

  • SSDEEP

    12288:hqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgagTh:hqDEvCTbMWu7rQYlBQcBiT6rprG8a4h

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79060030273a20808526d3486f8054437f471f5e279636c734d07b90d47d94e1.exe
    "C:\Users\Admin\AppData\Local\Temp\79060030273a20808526d3486f8054437f471f5e279636c734d07b90d47d94e1.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:548
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --app="https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-features=CrashRecovery
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1732
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff53efcc40,0x7fff53efcc4c,0x7fff53efcc58
        3⤵
          PID:1276
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,17172108797068395036,10702374226555892328,262144 --disable-features=CrashRecovery --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2004 /prefetch:2
          3⤵
            PID:1208
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1876,i,17172108797068395036,10702374226555892328,262144 --disable-features=CrashRecovery --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2028 /prefetch:3
            3⤵
              PID:4504
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,17172108797068395036,10702374226555892328,262144 --disable-features=CrashRecovery --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1600 /prefetch:8
              3⤵
                PID:4256
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,17172108797068395036,10702374226555892328,262144 --disable-features=CrashRecovery --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3124 /prefetch:1
                3⤵
                  PID:2892
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,17172108797068395036,10702374226555892328,262144 --disable-features=CrashRecovery --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3168 /prefetch:1
                  3⤵
                    PID:4432
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4660,i,17172108797068395036,10702374226555892328,262144 --disable-features=CrashRecovery --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4672 /prefetch:8
                    3⤵
                      PID:4168
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,17172108797068395036,10702374226555892328,262144 --disable-features=CrashRecovery --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4836 /prefetch:8
                      3⤵
                        PID:2740
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4920,i,17172108797068395036,10702374226555892328,262144 --disable-features=CrashRecovery --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=724 /prefetch:8
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2700
                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                    1⤵
                      PID:2336
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                      1⤵
                        PID:4592

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                        Filesize

                        649B

                        MD5

                        c9623932a992213fb9053e7e6769f0e7

                        SHA1

                        c89dae26cfb5d6ce9b79a2650387a724bfbbbc96

                        SHA256

                        181e9b2fe1e85e484b3a7f203217a76d252e9b463fc9b07ede4c4d75ff69ae90

                        SHA512

                        a185a7d11647f79fad0630212cb25124b50c2d2f5b4a9e2cc3d5d7343639b8599624225171f41ec7a9d5dd6ff2dd62751048418f7108cb1cf579876d897dd330

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        264B

                        MD5

                        383c3853006b54173d546bf406492c8a

                        SHA1

                        55cee8ba8eed96cdb547f794e73c5da9a4ac8343

                        SHA256

                        0cc344187ddac344df1945665fb7404e7904fc563958c712b3f5f1bfdf2e393c

                        SHA512

                        cf5fdaf753c3d7ed678c039cfffa40b433fada0ef6213666f374afee7ebf170af9ad9732e4f9321b7e77f9154e4601f709e7db76f3d331316d0d2a3d2f314625

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        3KB

                        MD5

                        e227342186c2b7f4b820d9b7034c4637

                        SHA1

                        4bd7622a0e876a5daece35547b4da2991f5c29cf

                        SHA256

                        bee0b4078d0f94a566d0cd89d7787e85bd05486658f1725b4d571315f8ff31a7

                        SHA512

                        635f384b0c626916daaabf248b8da2d9418ae6d433eb854f8908a8046e8cd59fa0c44db35041b6cf1e03098ee42ad6dd67e495bf7ca6a67dc9d0b23e58b4bd0c

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        2KB

                        MD5

                        dcea04c0237325121a01324629911ee3

                        SHA1

                        a8e18cdbb4214dc24a72a93bcdebf9d264616ccf

                        SHA256

                        92e6dd652f80df49b37daab37426e1362ae1dc5172dcbce6d6c1ba9c330e0065

                        SHA512

                        fb96dc98b7a12af57d735aff7135fa23c107e4185e186100596c2ca0a36c20a21d73bbb4a352814c647658ec6bca0e72d5b1eaf4c0241c3433d39da2f36565d8

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                        Filesize

                        2B

                        MD5

                        d751713988987e9331980363e24189ce

                        SHA1

                        97d170e1550eee4afc0af065b78cda302a97674c

                        SHA256

                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                        SHA512

                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        857B

                        MD5

                        2a8fdfb17672ac9f00d36a3a92017dd2

                        SHA1

                        611fed8acbaf7523a2f48e6ac36f663642118e2a

                        SHA256

                        8678ac21bf4e214df9d7064d6b253696aa0a188988d487d60a734b50ba42319d

                        SHA512

                        7f1afb0e5c55087ba29edc067b251b35afbdeb202cc143b32863227eff779380c58e3bab87b79741e65cb49401ada7f181de9ec38628cbb1f2f4ecce5fa45417

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        7e082a0733c77878c1f23486fe0dd026

                        SHA1

                        e6d2553587515420c6c5d556c808729efbc5924c

                        SHA256

                        02c643d266c7a202d80e9187d3a7f403c2c6a247738aea4a891a36233cdb0a7d

                        SHA512

                        c4bc24001a31ac1763c7237a455fe5ca8f9f9f563b03c1a4c53a84186ec9f5935a75608020c70de35ca33d261aa330e665976f64af8efc9cdd7812f490bdc997

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        64e5acd8ba17c64d49eb6f23b1445db1

                        SHA1

                        2ba688544c8ae9da5302afd4e894c62df307e7bb

                        SHA256

                        58dafa7d95e5e76f765401829cdb8714757572e6b256f835e58fd13aaaa8f265

                        SHA512

                        b981fdf84c3042e71a067f72f7e10d253cbe51d8411c28b93a1d907dc70de34708c552bc3342e9f129fb4711baae616813c1e067a0830099cb6bc61ef480e712

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        924f2224a0b96d67cd6a0c73183e1eb5

                        SHA1

                        b26c80aa8dd6ded94d8ae669fc555d79f43b6a58

                        SHA256

                        feb50623d0695b5592ad871478d4563b1b5c56bf73dc209da8bd10a3f1f72142

                        SHA512

                        d74d53fa796d6346fe167fcad9ef1e25d7023b869739c79d8c97db1a5b58b6407c36f0f3c06b560cf86fbd7dbd1b918fd9f5bc1e8923ab05b4107b2e854de1c6

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        1e68b722d8558ed099ccb9e938214754

                        SHA1

                        df410135942464cb9136d420e0366d18f4847e07

                        SHA256

                        34cbb44cd57aeb9fd35ce1df6656c8bacc66dc23188a02586ef3207c0681d499

                        SHA512

                        c47cf07092b3e666774c6465e00b0daf47baee7a895e825167c5a8aec657f8d816b02986fd72d7d1f2249742fba8fe05c4a3dcc6e529d43e01ffc28d5e8f7197

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        9KB

                        MD5

                        186310e6c1c1a50df8d8954a21c04b6f

                        SHA1

                        647ffa2a600bed337ffe5e6ceaa81d649f2651af

                        SHA256

                        8584d5a8cae0d890db06e7eeae19a55b39230e77a5a44d5626c85d275fdb0640

                        SHA512

                        831f000f975d8a6fc52d73bd8aaff66e45fc2b88408e9edbf08282e36fe2369115dceba6e4ffd25cf77ef4dd47a710362d2c419d00aa9e924b267a9c1c0c7e2a

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        10KB

                        MD5

                        8f8630076d72b1b8c3699dfa04edfaf4

                        SHA1

                        1694aa5b5895fdebe79e0cc43c455306939f956f

                        SHA256

                        3481c9fea5add36359b47bd142c16ad679b5d49ce1de4c4b69a8551eb7bb4445

                        SHA512

                        a7c99ac8c71cc1d20b0c50d53c6c952afbb7509467c90e8e58b0ee4021c929a7a837bad55af3959bd809f0931cb7b7fd9ed82f7c542d8fbaae68a8c35e9f8091

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                        Filesize

                        15KB

                        MD5

                        399d5fa941ca5323dfd7108a49a90c1d

                        SHA1

                        1c0325fa52b77572ff48c76cda43102b2dd2196b

                        SHA256

                        3d7ff67f2e154eb0bc16ba80fbd1b0ae2c93f8a0bf154f3387e6a69943bbe1f2

                        SHA512

                        e84c110c19e1b87267c6590a9edfe55aa9f2103fc6aa6c0adf9e5d15a337ccd89ee7cf86924a54c9f965b3c7cb80a9eb761851ab07b81f71fabb9a3852a2ed55

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        211KB

                        MD5

                        49636a5b29cce017f2cd6435e216bf10

                        SHA1

                        21638c51bc9ee7f4d6b88c71f4401cee3a8c037f

                        SHA256

                        c0bbbeb4577511b06e36bfab6b1aa4152c762e7af1f6079b59cc4866c867ca5d

                        SHA512

                        31510db410c0beb901cb650a8d419e0c1b6a232b38f1ba6bcc5102c08a94152e17dc8d6e0e3566a580f871017c1fbeca5e46dd14fcc9457e5beed2a2c59341dc

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        211KB

                        MD5

                        b850c68772bc60deb21434f11370a5a4

                        SHA1

                        25cc651d2deda7f8b42454a4c541ed89014c40e9

                        SHA256

                        23319c79a72b406d8defca59767ef333e13cdd4384580d259a4982cb45cafac1

                        SHA512

                        f7bce6bb3b743265ab4ea84ea42f82b1b978ce5dfa2e7f1731400fdb362ac964e53eec34d4c08b20ba0f7311b935416ec48feff37ec414484e6497b052a9d312