Analysis
-
max time kernel
104s -
max time network
295s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
26/10/2024, 13:19
Behavioral task
behavioral1
Sample
MCTrafficer(2).exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
MCTrafficer(2).exe
Resource
win10v2004-20241007-en
General
-
Target
MCTrafficer(2).exe
-
Size
106.6MB
-
MD5
ae7098e0e4f760df07a1d9b160f66061
-
SHA1
48f464321387ddb7aee621fe5784cee16d36d4d8
-
SHA256
a44d4d8dee755988f280f95fd7b4b54952be4ea4a336d58c6a9c427deb0bb55f
-
SHA512
40839ff99d26fa3a6eb5adf4a346af51a187470bf97fa232ee67be234efa59b8715338c9c86cdc35e61663883539d2430cbdb693395a67acaddbee12706e4aad
-
SSDEEP
3145728:TKksmSkB05aw9A0MjMHVLthsOrC7VBZ0tOy6:ZsUi8bjM3h7RtV6
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2632 MCTrafficer(2).exe -
resource yara_rule behavioral1/files/0x0003000000020a4c-1251.dat upx behavioral1/memory/2632-1253-0x000007FEF5EA0000-0x000007FEF630E000-memory.dmp upx -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2136 chrome.exe 2136 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe Token: SeShutdownPrivilege 2136 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe 2136 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1936 wrote to memory of 2632 1936 MCTrafficer(2).exe 30 PID 1936 wrote to memory of 2632 1936 MCTrafficer(2).exe 30 PID 1936 wrote to memory of 2632 1936 MCTrafficer(2).exe 30 PID 2136 wrote to memory of 2588 2136 chrome.exe 33 PID 2136 wrote to memory of 2588 2136 chrome.exe 33 PID 2136 wrote to memory of 2588 2136 chrome.exe 33 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 1736 2136 chrome.exe 35 PID 2136 wrote to memory of 2272 2136 chrome.exe 36 PID 2136 wrote to memory of 2272 2136 chrome.exe 36 PID 2136 wrote to memory of 2272 2136 chrome.exe 36 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37 PID 2136 wrote to memory of 796 2136 chrome.exe 37
Processes
-
C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1936 -
C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"2⤵
- Loads dropped DLL
PID:2632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b29758,0x7fef6b29768,0x7fef6b297782⤵PID:2588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:22⤵PID:1736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:82⤵PID:2272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1528 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:82⤵PID:796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:12⤵PID:2252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:12⤵PID:844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1340 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:22⤵PID:2760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1404 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:12⤵PID:2884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:82⤵PID:2500
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3572 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:82⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:82⤵PID:1232
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:856
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD55553fb342673a00e7eac5cfab1389526
SHA189ac0c3209466beb3a5da7761caf62fac37b43f6
SHA2566022c6b313c31beba7ddce93495b42967bac93f26d1a42f6d830761aeb1e1673
SHA5122aed529109818b47cbce7a1e5950eebfa3e58c94ff07338ff157827f6d61d25f86276059c4c1b4e8ac6a4b96cb7dc9efcdea1d1dce0a6cd3d3fc110e77b0e543
-
Filesize
1KB
MD599f95be42adad83f544519784ec11d50
SHA168588d8116020d5c35c5e147b3f18ba2ca904840
SHA256796a4328dd356263447c819a00092cb6ea8f4af28750851cca9f487bc7b12f5e
SHA512c11fc2a63c8c00a3b42bee78c190797aefb7cc56846107420c348cd613135bbafa9419c6edc6ef009fc217c5b67609fbe60b9c0d0ab4005aab0fac8dcc06adc0
-
Filesize
5KB
MD5b98ab49cd022ff0d1bd4e53c9e4c46b3
SHA13be46fbc9579003e3d0d19d5375927b5999998fc
SHA256e293e051194dafcfdf405f2a3aabb3d4660a46ea8b351c63996a85c4e105b4c0
SHA5126a786e77d0f88a823092c9eadb8fb8a941c61c96d1b6f4c371c229b7bbc5a567faec22f7fc2bf35a0ff23a65658947bf178607f7f3e6c1960505169fdc7d6f05
-
Filesize
5KB
MD55ff3d8ec596f82c24324392e3527bf00
SHA167f79ae30d333f71cd704feaec8d32d366faa739
SHA2562a43ccf230e2b763e045bae1dd668a4b133472c746b96f388a5f3d0695e899ce
SHA512e523515c4b0a735cbc5b458ab6bc92e977c3f72b0da5f22c61e96b31d19d8de8d36eb283ba994a83233ecce571f597d8aeae481fc8fac064e7093d55479e0d0b
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
1.4MB
MD5701e2e5d0826f378a53dc5c83164c741
SHA162725dbee8546a7c9751679669c4aeb829bcb5a7
SHA2569db7ebafff20370df1ae6fc5ee98962e03fcfc02ec47abed28802191f6750dd2
SHA512df30dfba245a64f72bcf8c478d94a9902797493ce25f266fa04a0b67ad7887c8f9253404c0425285342ae771c8a44ae414887447f14d76c696f7902933367f1f