506456ec6cfe0caa11abc86ef91eee4bb350b82b8cac53e2ae5506ba0c4b06f9

Analysis

max time kernel
69s
max time network
197s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IMG_0984.webp
Size

93KB
MD5

c24181c2f3e511d78b02de9a2619ca6c
SHA1

7052bb703ea1be4d1beeb6746fa4d169adb3d244
SHA256

506456ec6cfe0caa11abc86ef91eee4bb350b82b8cac53e2ae5506ba0c4b06f9
SHA512

f387efbad6dc0ce0b52d28c4c1f84be611e9778589a668bb946563c7de937abba14417ddf70c1c7fa325f9473c32de192af5c94e81ea47630d3721387eb456d2
SSDEEP

1536:o22PHLpTcWDktrcgVAMPm1yTrWD98csxURb0zVnMpdDGpUDiR+t/cC6AM/aTvRIg:kLfQjVAqzWDUxDzypYUDiURcCdUoROiL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe
Token: SeShutdownPrivilege	1232	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe
1232	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 1232	1500	cmd.exe	31
PID 1500 wrote to memory of 1232	1500	cmd.exe	31
PID 1500 wrote to memory of 1232	1500	cmd.exe	31
PID 1232 wrote to memory of 1692	1232	chrome.exe	32
PID 1232 wrote to memory of 1692	1232	chrome.exe	32
PID 1232 wrote to memory of 1692	1232	chrome.exe	32
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2956	1232	chrome.exe	34
PID 1232 wrote to memory of 2712	1232	chrome.exe	35
PID 1232 wrote to memory of 2712	1232	chrome.exe	35
PID 1232 wrote to memory of 2712	1232	chrome.exe	35
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36
PID 1232 wrote to memory of 2704	1232	chrome.exe	36

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\IMG_0984.webp
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\IMG_0984.webp
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1232
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7099758,0x7fef7099768,0x7fef7099778
    3⤵
    PID:1692
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1264,i,8778361059253239788,13904435959085436631,131072 /prefetch:2
    3⤵
    PID:2956
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1560 --field-trial-handle=1264,i,8778361059253239788,13904435959085436631,131072 /prefetch:8
    3⤵
    PID:2712
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1264,i,8778361059253239788,13904435959085436631,131072 /prefetch:8
    3⤵
    PID:2704
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1264,i,8778361059253239788,13904435959085436631,131072 /prefetch:1
    3⤵
    PID:1764
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1264,i,8778361059253239788,13904435959085436631,131072 /prefetch:1
    3⤵
    PID:920
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1504 --field-trial-handle=1264,i,8778361059253239788,13904435959085436631,131072 /prefetch:2
    3⤵
    PID:2604
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 --field-trial-handle=1264,i,8778361059253239788,13904435959085436631,131072 /prefetch:8
    3⤵
    PID:2000
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=1264,i,8778361059253239788,13904435959085436631,131072 /prefetch:8
    3⤵
    PID:2192
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 --field-trial-handle=1264,i,8778361059253239788,13904435959085436631,131072 /prefetch:8
    3⤵
    PID:2456

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e4574721e93d71473e890ce00bf2ed91

SHA1
f7924d96ff361ec2f4062811cc4793358e5f089f

SHA256
b2976dd3ff0fa800052d59b4e61e83a5d7a623249ec0ab319526a2c444bc1ae1

SHA512
0aedcb6d4c7a359b100da55f334ff658721aab96fd05211ba4e30705fac1064142f9cf2b232d685030b40c54aadf6ac9d048b6b5bbe8cb91213d9b4bd6e8138d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d9f3c835fdfb236b9652b612124c903f

SHA1
438e72cbed7c9b46e9c3fc124cbdbd8193d0ac1f

SHA256
64e5e175b865fd8bdfbdb4f5dd5ea0d9b924141ddf51287ed72c009905c8c33e

SHA512
550508cd767ffa2613119225bb66e448e5ef8d09dea687a3bf3fe52277733551e0820befe16289da2cc6db86d939623960307c6ec2efa7124e3727b6f14c8e35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
91e7f2acf3e4b2be091acff0532625a7

SHA1
744f34693b0c0fb3c1d2c09f1d3876c5f6bf6e92

SHA256
ca6e331fd9102d5439d90ea1637af5a4f7683a5d8b1c16bdc218603af2b67cdf

SHA512
dd9c19eb9ffce5cf87e0d1019a381d395b31902e7194a27374c6911a5094c17dbe1cda349b2376d07d404ae154332eeb70cf4e05572a5420785ac8c6d19e241c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
373KB

MD5
8e90fe1ffc046cd56fc789fda2cc44b4

SHA1
927b9f7a280c51094c7da09a2f348dd645efc2f5

SHA256
b7af75814acfef4fb5ca3c49c1b554b06da3b60929e4491c0f556b4d8e76cc73

SHA512
48732dd63bdf75ede45d51682cbbecfc86326c33e42c99510fff846dad48cb0c95dcf70a8ec0d8b181b9c091ac5f71571abdff1c248c1212a82d51a7efefbf41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d07a9f56-3349-443e-ba07-2fa73f4b2bff.tmp

Filesize
356KB

MD5
0a8c8aec9ff4b05ecb7f1df32c0a2d09

SHA1
a7b4793ad6f74f7d35d4fa4fe263a568f9b78b24

SHA256
80b2c176d32e8327319867798b5c28a9cccfd0ff6e66acb98c577fb180c5ec33

SHA512
7dbe96af1ed806e11207f95c166fe31ec05d86500d094af8ec1dc966182b92aac9dbc3d4b52b7e5ecc2ef138d76f49221bc6d06bede0082cc92af8e5352716ac

Download Submit