Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2024, 21:32

General

  • Target

    $PROGRAMFILES/Dokan/DokanLibrary/sample/mirror/mirror.exe

  • Size

    33KB

  • MD5

    6acbc945f2d080370369e635b0dbf34e

  • SHA1

    94ced85b00dd5c35b8c0089f8f55168fb9236856

  • SHA256

    9fb18147d2d0fbe0ca4380b046ec4c8b4e9c768563496f55af3f7ab030e11b08

  • SHA512

    cf0b7d7ce7ccd21165e64eef7dac607870fbf9a9ca77789befb81b19554c6a8715f3941cede865427a92208db14fbed8eda6bfa826cb73024c73b2e52bc76793

  • SSDEEP

    384:tzTNGajG5cxPcazjBb7IRRFg0yk/+pK7lq9pehABt7OCnYPLDHxF6A:tzJj1xEaeRF2kAxP1tCCGmA

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\sample\mirror\mirror.exe
    "C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Dokan\DokanLibrary\sample\mirror\mirror.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4804
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4216
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeaae3cc40,0x7ffeaae3cc4c,0x7ffeaae3cc58
      2⤵
        PID:3420
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:2
        2⤵
          PID:112
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:3
          2⤵
            PID:1840
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:8
            2⤵
              PID:2020
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
              2⤵
                PID:4020
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
                2⤵
                  PID:916
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3704,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:1
                  2⤵
                    PID:2992
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:8
                    2⤵
                      PID:4504
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8
                      2⤵
                        PID:2016
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4388,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:8
                        2⤵
                          PID:1188
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8
                          2⤵
                            PID:2692
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5168,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:1
                            2⤵
                              PID:232
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:8
                              2⤵
                                PID:3088
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:8
                                2⤵
                                  PID:2760
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5204,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5476 /prefetch:8
                                  2⤵
                                    PID:3652
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5464,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5452 /prefetch:8
                                    2⤵
                                      PID:2704
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5556,i,18070705579693006872,14751315974878417339,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5460 /prefetch:2
                                      2⤵
                                        PID:5112
                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                      1⤵
                                        PID:220
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                        1⤵
                                          PID:4488

                                        Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                Filesize

                                                649B

                                                MD5

                                                13410596120b90a034d38d535ec0aba2

                                                SHA1

                                                641e2f49456046a68556de1bec3ffd5d49484657

                                                SHA256

                                                feb81cf0841a53db18bd45bcfbf2bfc01c635a1cca218e7c5dc5bae3e16065e3

                                                SHA512

                                                7227f667dff9990b402f79fcc4d35a847cf4a69d5c3ee286d5dd2855164800d933917499c57864417af26e0674e6e98a59fe059fbed39cc49cba368f34f3d37f

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

                                                Filesize

                                                215KB

                                                MD5

                                                e579aca9a74ae76669750d8879e16bf3

                                                SHA1

                                                0b8f462b46ec2b2dbaa728bea79d611411bae752

                                                SHA256

                                                6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

                                                SHA512

                                                df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

                                                Filesize

                                                851B

                                                MD5

                                                07ffbe5f24ca348723ff8c6c488abfb8

                                                SHA1

                                                6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                SHA256

                                                6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                SHA512

                                                7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

                                                Filesize

                                                854B

                                                MD5

                                                4ec1df2da46182103d2ffc3b92d20ca5

                                                SHA1

                                                fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                SHA256

                                                6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                SHA512

                                                939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                Filesize

                                                2B

                                                MD5

                                                d751713988987e9331980363e24189ce

                                                SHA1

                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                SHA256

                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                SHA512

                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                354B

                                                MD5

                                                035a4b79d3efed97f6e08e7816c238bb

                                                SHA1

                                                692b97fe6a44da0cf18faf4c90cac50bb1f40699

                                                SHA256

                                                6ab97b8f81d25447b32d066b5548c92d8741c33d65e5635cc3746219bf887000

                                                SHA512

                                                7ac604eadaaa53348f4827da8766853150a1b05fb1b80e4ffcc46b348341e84b92ca66a5ad03e6717fb0201a4acf5f78861286a066ffbfebef509f5126c2427c

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                9KB

                                                MD5

                                                99555fb6baf9fc19c0372999f99f1759

                                                SHA1

                                                e26822adebdc7b07276533b70702bf6537758f29

                                                SHA256

                                                7b55e88323cba4c0506e239a81c85a0696d0cf46e7f0959ef362cb9223da34e0

                                                SHA512

                                                b2ebc3408cc2856874ad8914131dbce1098aeb1f96a0d367d3d9ed9cd0b01c0e13e573789a8f2921f6c6a6d3187980cf91b1137129695fb090d2cbfac280e905

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                9KB

                                                MD5

                                                5e663ede4575dea4b86fc461e383f742

                                                SHA1

                                                dcce24a5b221e13c36da66061285975c4b67c3c3

                                                SHA256

                                                c7addff64fbf421060ce0a6c8d90d1ddc968891f1d73cd929514509efc66d6c0

                                                SHA512

                                                68aaf44481fa169f352213fe7767dd22e0995020d46f715b306fe81449ecbedfa0dd1f931bfce3c479cbf8ac004ff9bfb5dcd5948ecae50f968f9cd4d1137b28

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                9KB

                                                MD5

                                                90509acab01a211a2077f8f86fce6bbe

                                                SHA1

                                                f8bbabb0efca4f08dfb11393d45dce68b7fce194

                                                SHA256

                                                c7ce7f9aa8c5b04469bba82235061d64169e9c1589ada2f00fdc34cb0f473067

                                                SHA512

                                                cdf104615ff81c557e6d9ca3013f70350929c1bda5089f6da95a31a6bbc7361807af6d95452c5fdcb5158e84b84aeafe29140d3fb163e9d41c71df2d4c030644

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                Filesize

                                                15KB

                                                MD5

                                                02df381b4bacfcdce7be8fa8df9a3f78

                                                SHA1

                                                40d28d0335670920334130980ba927dbda498340

                                                SHA256

                                                cad7f5c1a04adc9cedd1a205bc2648732ca11f614a6fbc284b0cfff87d284140

                                                SHA512

                                                0e623cdda5baa7421f3abec8bafd8035c496f257422615831bdec82657c7e43fff753f914a027cd74ef3a3c5df887101a12c3cf143587fe835cf569307eaa5d2

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                Filesize

                                                72B

                                                MD5

                                                597dcbf87ac45c66545609bfa90d14e3

                                                SHA1

                                                bd0a507c410daf3a34375e2c0888a53a8d4393b0

                                                SHA256

                                                c4a4dcfd31724e7ae55c2f7b5375e7bbdcf0f390b4f8a14211e0c12be2c2535a

                                                SHA512

                                                468e259ee2010ad8c0d5da44d2547c8d7c33d93c3542ad7f91ec606f7a2c25794a8a503ccac27e5d24044c698c24a6364d6f2078237d49ddfa6e5228f4c810f4

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                232KB

                                                MD5

                                                cb0894e5509d76b4baf8560e74cb34ee

                                                SHA1

                                                d54ad4a6cf381141d38bfe75cf66b1e83b386d45

                                                SHA256

                                                b74e92fa23159df1b2272df1ce8152602d2138613fd90060e11be7168ca7c144

                                                SHA512

                                                68e7852fbc112fa7fdb07a78fbdc6134bafda17c87a72e8d775c421d76398e7c7b0bf6c3805afdc43a67eee535bb65b06cd6ee9bc755a82abeb2ff357db4a813

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                232KB

                                                MD5

                                                b1e3de3a9f3b8cb2ca36c56a84d483cb

                                                SHA1

                                                9f09141941b3cc015c9039dccf42763dff85d446

                                                SHA256

                                                0f6e9176f2cb73094766b57e4fa188920cf66294f6a80ec7ab4c9dfd288171ca

                                                SHA512

                                                dddf75e4fea1d0965a2817f632032ac8c3122c4e7bdbfc77d59a2f254569548735fb27d7655b220ad7028814f2ef62ad4853988bc0a2503a63789b5afa4e9b06

                                              • C:\Users\Admin\AppData\Local\Temp\scoped_dir4216_816449490\4707dd69-375f-4b39-b282-bc2b2d5d7d85.tmp

                                                Filesize

                                                132KB

                                                MD5

                                                da75bb05d10acc967eecaac040d3d733

                                                SHA1

                                                95c08e067df713af8992db113f7e9aec84f17181

                                                SHA256

                                                33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

                                                SHA512

                                                56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

                                              • C:\Users\Admin\AppData\Local\Temp\scoped_dir4216_816449490\CRX_INSTALL\_locales\en_CA\messages.json

                                                Filesize

                                                711B

                                                MD5

                                                558659936250e03cc14b60ebf648aa09

                                                SHA1

                                                32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                SHA256

                                                2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                SHA512

                                                1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727