8ee9f9af08c9c58408503c08604f1af166620267e9e09f800c05e3257b5c147b

Analysis

max time kernel
243s
max time network
315s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

102.9MB
MD5

e5d776d0a738f622496507a407bd31a8
SHA1

379fc39a0b331b9892a886bef75b7d2f5f656816
SHA256

8ee9f9af08c9c58408503c08604f1af166620267e9e09f800c05e3257b5c147b
SHA512

46d427f5e8bc35d7ac1677add6e84461a12bd2fdb6b2398518341cba6c6f11c703d77c7490a5e2e23af258b2391ce831d130eda2170fc527081fcba549626877
SSDEEP

3145728:AnG2r7rS6xjKcBanL2qHO5iVAunGQbRe0zJcBVPZ2:vgnSWNaBHCin1XcBa

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
812	source_prepared.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: 33	2776	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2776	AUDIODG.EXE
Token: 33	2776	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2776	AUDIODG.EXE
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe
Token: SeShutdownPrivilege	1992	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe
1992	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 812	2452	source_prepared.exe	32
PID 2452 wrote to memory of 812	2452	source_prepared.exe	32
PID 2452 wrote to memory of 812	2452	source_prepared.exe	32
PID 1992 wrote to memory of 2164	1992	chrome.exe	34
PID 1992 wrote to memory of 2164	1992	chrome.exe	34
PID 1992 wrote to memory of 2164	1992	chrome.exe	34
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 2360	1992	chrome.exe	36
PID 1992 wrote to memory of 932	1992	chrome.exe	37
PID 1992 wrote to memory of 932	1992	chrome.exe	37
PID 1992 wrote to memory of 932	1992	chrome.exe	37
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38
PID 1992 wrote to memory of 2388	1992	chrome.exe	38

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2776

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Loads dropped DLL
  PID:812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65e9758,0x7fef65e9768,0x7fef65e9778
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1280,i,3345345677982535817,8267359088216283289,131072 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1280,i,3345345677982535817,8267359088216283289,131072 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1532 --field-trial-handle=1280,i,3345345677982535817,8267359088216283289,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1280,i,3345345677982535817,8267359088216283289,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1280,i,3345345677982535817,8267359088216283289,131072 /prefetch:1
  2⤵
  PID:592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1340 --field-trial-handle=1280,i,3345345677982535817,8267359088216283289,131072 /prefetch:2
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3208 --field-trial-handle=1280,i,3345345677982535817,8267359088216283289,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3464 --field-trial-handle=1280,i,3345345677982535817,8267359088216283289,131072 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2444 --field-trial-handle=1280,i,3345345677982535817,8267359088216283289,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=1280,i,3345345677982535817,8267359088216283289,131072 /prefetch:8
  2⤵
  PID:1172

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6f52707b-5e4b-4f9c-8ef0-5b6240d4aed4.tmp

Filesize
5KB

MD5
803f2f8dfa3e6bfabd7b310bbed8c7b4

SHA1
5feb33326bd384b9ce7341e8bffee7bd1b0559a2

SHA256
1833fdaaab309151b27c4ea975fb3c0e3b2a5554f44991b51485cd52a5de0105

SHA512
268547f49ce5a937ec568e016b95ebcd812a158a027dab2d64f6cfad1754ab874bd120050528e471730aa92e5d7a0cf22e5ee96d130654a2079e9b51ce5ab32e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
72KB

MD5
eefb3b7038040a2b45001d9b00e3614c

SHA1
64f409fcd8dba116aa15366783133833ea2e29e1

SHA256
d6def6ae11d1cf9bc2c244af00ffe3c6161263c26212e4009c613a02c8a9ea76

SHA512
d463a84948b07ac2b1c51f471e21e592f84b249f6a0f58853f3e38a357068b8a6e9d33de1146e187bee9c586bbb3525b7397f2f1b4f2a2c66d784e50385bc121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
106KB

MD5
d1464ae78096f332a41a1b299dbc3653

SHA1
9ac07f6fffc033de9e2c8a5f38578bbb81cacd7a

SHA256
129cc38dee4cb5493176532c2ffe1ef44f670ba48a14fa8a845b48e3e6bc9fbc

SHA512
e76627113afe29c295be41ce4ad92b0639eb88c2c54ec71ade9889637aaa4db91b38d6c9c2a9c356993a76221f308c33ab3fa71bf14787c8e38d2d2a34ece3c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
884066d19f94b8e21477e8bd028accdc

SHA1
66a51fd51a2d28d93a113c9fd508175e5c4810b0

SHA256
971739597b55b8f051bcf83777576ba1a972200f48fa3c45011ac98f6b52738d

SHA512
8502f8d4078fdb80ea340561fc4d03998595bb9960520052e21841c63cf9ded6e0112725b988ad5236c139da4024bae182095bae2e3548f069cffef7f7a13aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
974e8a438e5da61d57bba90e1b4512e7

SHA1
bedf9bee95d29a0476c2684e805aed5381684fbd

SHA256
35cd644cd51a3389f04a60e2944cbb3f1364eb9090710c75cfd131d4d5c4ca5c

SHA512
e765ee15988bf438c6c8c23b13f227dbbc47fd3db06b114ae823babc9ba80d44be804ff58f6f4e2de10610824f1e26a49b27e33e511cb272a58c63a7774f3345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e3d3faf023db20af4e9663d81ab0df96

SHA1
691b6ec5ae7c67bb87f476168b4ee1dec64590f2

SHA256
aa14cc2148607302f5602b5cd0fd6de96de4b62104cedd4d34fbfcc14ee727bc

SHA512
4296c6b10156c3e8b21990e638a5b636ab77c626db607ef15f0f07a77a919c5da4bff3647a890c1a0b1665f24effb0d0b3f5124a1f64cccffedf04f5ef0b53e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1f8bfc3f19cf4ebed99b865ca40d1434

SHA1
0b00c7cce726c3872097fc0612b4c1deab39b7e7

SHA256
47fb38c13037d786d6f7a3317ea16733948b0d1fe7bf7abc4537d3a6532d9a43

SHA512
30690bcc499ff97d35c8fb5e81756b461e33b4955e2d2c4b2fd012b13e045daea63a2ec579ee30eae76ca006709105bd8ccd4775132c1ab60d46e8a4f23207b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24522\python312.dll

Filesize
6.6MB

MD5
b243d61f4248909bc721674d70a633de

SHA1
1d2fb44b29c4ac3cfd5a7437038a0c541fce82fc

SHA256
93488fa7e631cc0a2bd808b9eee8617280ee9b6ff499ab424a1a1cbf24d77dc7

SHA512
10460c443c7b9a6d7e39ad6e2421b8ca4d8329f1c4a0ff5b71ce73352d2e9438d45f7d59edb13ce30fad3b4f260bd843f4d9b48522d448310d43e0988e075fcb

Download Submit