Analysis
-
max time kernel
94s -
max time network
97s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
25-10-2024 07:48
General
-
Target
NaughtyGame.exe
-
Size
61KB
-
MD5
c4b8324b5144e4c5aaf54fd2edf7ff35
-
SHA1
a5ea5afe5c05408a7f9f3a06ab318048194f978e
-
SHA256
e854a9a2a3055687b6b404c41a548e56747d58318725db61618852ecea0a1e6c
-
SHA512
06244aee8ac78ca77f0185490054e5b19cbb0e50cb093e0cfcb940440d69d57951b5f981a1042aa8ea81e9dc48f8b8c71b58cd5441fbcb37a68ee8fc932528cd
-
SSDEEP
768:tKsMqCXfVcWlzM9ZkiANIUsLYLDwUzc80gmq3oP/oD7:tKse1M9ZkiAPPr/0O8/oP
Malware Config
Signatures
-
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
-
Renames multiple (79) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops desktop.ini file(s) 5 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 23 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NaughtyGame.exe"C:\Users\Admin\AppData\Local\Temp\NaughtyGame.exe"1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic csproduct get uuid3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd4e829758,0x7ffd4e829768,0x7ffd4e8297782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4492 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3620 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level2⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff60f677688,0x7ff60f677698,0x7ff60f6776a83⤵
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4832 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3188 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3044 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5648 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5640 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4948 --field-trial-handle=1756,i,15632654057841874556,1042895501102933783,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2841⤵
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
538B
MD5edd8b0a24bece9437c4db7bee1fe80d6
SHA1c174ec8608ae2c65583de48f8ae06a4d60062406
SHA256b0a929850b50942d10fffcda79a8481a61fa75c84062642caf5874cbc42b7d76
SHA512f0ac3d94bc79244a985cf27e5d17fc15d27e8692bd31778a57616be839ea5b279958f610e991f62f125e00278b7bf69ddc9649ca641ce35a63e85cb5d5402750
-
Filesize
2KB
MD580fafd03671c4d22098843f8ddfbc326
SHA123db7828b056b09487e137251cf5c52965cbf42f
SHA2567ae94ab2e344e4839b3e5a11677e4c1db7d042241edde528d2984460ae541ae1
SHA51261f4816883b6356d73eb837f3d4ee140acd1a288ca3ece372385f3f251f0d789cf5488965971d43d1eff890d6b307270f9efc13fdf1d142cc8a834ae68d418b5
-
Filesize
371B
MD58b3cfffe4208ae1055e7c5bd886d821a
SHA1a2828457a86911e32360c8b581e6906f0f0e24d3
SHA25697790ab541841b0288a8df0102311dfc4f60b6539f78ab7b741e663d9a4485c3
SHA512e1e763b2b247e616498b957b8e918583c98e0a22925c9084daa5571039836386a81eb24ce1551bba237fb854600ae6eb48874cdd9538138b3cfaa77530b43fc1
-
Filesize
5KB
MD547e9b2df6631402edf42c0b39689df4f
SHA117f1ccc09de069ca7597add4c662957a698e6f05
SHA2564f69f4c6540ebb2d8501bb65571d2d3e1d32e9ab656730e38d42de26077baade
SHA512b08f7bc6e194dfae0662d4ad936456e95a619293f48227bd2165cbc83754b0ab0557285d14da2cd122f81ad1530bc555cef9c611637f0d20be834197d23fd7b9
-
Filesize
7KB
MD504b7bf0868440a1bb0d10e45282fb9fc
SHA146a4929723f3a6a42d6c69dc34c85f8b93a39f4c
SHA25632e74ee78cfd4d40a0b969ce6ac0dcca38ed67d931f6f2e9a1f15694924631e5
SHA5128e7ae94e5cebd8ddf519b8ceded2e4927d529fb8868e0b18346dfd032554591d61bb9f172016ab6f6138c10fafbc566c3e544272da804086215657911c340de6
-
Filesize
12KB
MD596cc85ed13a80e09789d597220b09d00
SHA1a49940f5207065ea3a7c21fb4ad521eac930685a
SHA256fbc9646334b3c6330bedf136d3d0763331b0d80475dae5ce30b2547dd2cf1ea1
SHA512b450d163bafde110058ccdd24c142b39a093ae0128290979caae0f1c78e0e81a4c185707a359b776d2521158b679a562182a15b71ec81b7186ce40f1df348fe3
-
Filesize
120B
MD5ad62c20effcfd1fde371b67eb7dda702
SHA1e043041c027e744be5055f2862c3bbf85121aa31
SHA2567465e81e812a68e522d9bf80645dea7aa90011617741f149d43704a420b2f05f
SHA51220cf68a081ba44c3a86090d9451608d5598b45584617c68c713ea991e5fc4467e5a202aeab19546c94bb5bbeb63c0114d9f04fdc0249bb57315e4aeb35b7ebb1
-
Filesize
186B
MD53ccd30341214a19cf2eed237dec8cf1c
SHA102eb1d04e1a1fcbb7223783fb8d3e9b3150dc302
SHA256cf7b15b755559687740ea7a0eb26dc7160299b50a395f46cd6d36e4cb42f6902
SHA51282e34efc98d6ef7f1005fb4ce1798a9e1269f17256a17d21d7ca4a6565a153f9c2cd2b9bec25100463512c9f0d882a153536199018b9753c605d03f0dc8cc00e
-
Filesize
312KB
MD5dc9f45cfaaf25b9cb68bc79473a0316c
SHA19fa087c6dfba5156ab5721b3cc49c49c9b9d7eba
SHA256bf604cc12803e69df83488a79a3495f09ba8460f6c4d42d5e45e75a44099abb1
SHA5127b81472febcc8e52683282a45b479ff92a5d909aa16e679c6a7906a3e93a36b83c335f340ad2f53da9793588fbc6bb1f9c338297da8d73e3783aebb304262199
-
Filesize
102KB
MD56e39ea7b5d8e766854693c8934a37990
SHA12c87d1e065321ec42d39bcb575824a7424a7fbb4
SHA25674354b3d167659be8e1648c9c3a1f30bc1b1a1c463678ec5ffe7a3e8395391a4
SHA512031cfb04e92815da2a529ede2c862c3ceb4ea5d331e2fabd7e6e2cb928d7f8561d89c3a61810a0803e0af3d8f385796700dc5411d8584fd21fef9d353b4eb245
-
Filesize
93KB
MD55f390b60e83dcfc7c1a42c35cc6193dc
SHA11149534ef235c0eed4e933fcf8aab1c89a4c868c
SHA2565a7230a8ad7b402541ef37790487964bbb0a276f59c8cd2b6420b80b0e0c94dc
SHA512a8debca10d0726b93171e0cd9a7d4a0b0385d3d8b3f9338d54897eb269bc9a86de3d76369ec3caa2a6de5279ebdfab6cf1974b8bd7a55f63322244457d4d3543
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
4KB
-
Filesize
40KB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
584KB
-
Filesize
5.0MB
-
Filesize
88KB