Analysis

  • max time kernel
    88s
  • max time network
    88s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2024 21:28

General

  • Target

    https://link.edgepilot.com/s/3b095c08/ZyRgSnzc50mRg_8d-46dUQ?u=https://kingdompch.com/

Malware Config

Signatures

  • Detected potential entity reuse from brand PAYPAL.
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://link.edgepilot.com/s/3b095c08/ZyRgSnzc50mRg_8d-46dUQ?u=https://kingdompch.com/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcfcd8cc40,0x7ffcfcd8cc4c,0x7ffcfcd8cc58
      2⤵
        PID:3996
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,12030959798172349454,15977032310496519502,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1876 /prefetch:2
        2⤵
          PID:4020
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1972,i,12030959798172349454,15977032310496519502,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2144 /prefetch:3
          2⤵
            PID:784
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,12030959798172349454,15977032310496519502,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2540 /prefetch:8
            2⤵
              PID:1048
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,12030959798172349454,15977032310496519502,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
              2⤵
                PID:232
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,12030959798172349454,15977032310496519502,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
                2⤵
                  PID:4356
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,12030959798172349454,15977032310496519502,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4400 /prefetch:1
                  2⤵
                    PID:3904
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4964,i,12030959798172349454,15977032310496519502,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:1
                    2⤵
                      PID:632
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5172,i,12030959798172349454,15977032310496519502,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:8
                      2⤵
                        PID:5088
                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                      1⤵
                        PID:1352
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                        1⤵
                          PID:4364

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                          Filesize

                          649B

                          MD5

                          5578a1f28568de97e14e750895ec8a51

                          SHA1

                          211c7af8ea8658944d04784c55dd2fcf710b0f66

                          SHA256

                          46e810b04d582d1539a239358834eab8a54c5d1287330a092440d18fec3be366

                          SHA512

                          a411206cfa16db4830823d13b24006e1965ecfd47eec6dad5d573db23dad14e2fa720a61e49febebb295d746d1fd77293967b628409f76c7f8741d7dd9ecc7c8

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

                          Filesize

                          215KB

                          MD5

                          505e09c540405320839973335aaad8d3

                          SHA1

                          561984af748d012a17097f0217aed1cce9df9b5d

                          SHA256

                          73725bbd9a7e1963f9661d2ea919fde145bff986774535d28ba06b0265c6e5f8

                          SHA512

                          aaaead5b0d3a76d51618bfac3d9675fe9d70be5f9ab1c5a1945335712ec7dfdf6801674c4d8ebc88d8c5866d766d4ed9e7cecab5cfc7d7da07563a33fac7ad96

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          672B

                          MD5

                          0aa677583f6796cbd3c90329b34ede42

                          SHA1

                          e8ea52ec68f16519a9a96e3533fe52305bdb9374

                          SHA256

                          d3b767484d87d98fd33c200f6dedb147320fcd6930b829f4ec4cf01ff110b577

                          SHA512

                          252389f9ae66147bc4072466b765d577b46897defdd8264afe2bd740b007471c612b12501922bd72a6f0887a779c4db78d0a89a3436aca32742abfdd9c986bc9

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          4KB

                          MD5

                          b447f1401cf6d70ada2cdd0f4fcf6bdb

                          SHA1

                          081b5c3bddbedeb7b2010b1931fe8a77bf780e62

                          SHA256

                          378b7285a84a76db284666387a54143763c031a4077a85fe2ba3dc23270d8256

                          SHA512

                          a2cc3ec6d9c8e20e1c604504b9a92355b21b1ee6b2d697759d31b7fd7ac2b06aac2061edad9301495e96feca69dadea8c0c19aafc27217d9cf685db3722adc64

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                          Filesize

                          2B

                          MD5

                          d751713988987e9331980363e24189ce

                          SHA1

                          97d170e1550eee4afc0af065b78cda302a97674c

                          SHA256

                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                          SHA512

                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          1KB

                          MD5

                          0c62ad9503051a85700f0ba0855ad117

                          SHA1

                          eca295aa21b3f8ac3be1cf61f52a5dccf8a13495

                          SHA256

                          88bb97b1c63ce495279981e3ce5fa9f954a4a22ca8dbd17370ab9692acdb5dbc

                          SHA512

                          4f0d4350f5ca879e9216c315306d45c0982897386417a2b2527cfaa9ef336773ba1ea018f617f5f1c2c694f32228e8a4dae16bbdb3ad6d4bfb0a5dfe4499faa7

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          1KB

                          MD5

                          2a5d5ced8c13f9a0bd4cdf0a847f1dd9

                          SHA1

                          6eb4b3439aaffa87cd97023d2d89078290af57d9

                          SHA256

                          5a7cdb10160a9843fae0bc4466d1c34e463ef5cbab1a0c55c1f1182cd08d3ee7

                          SHA512

                          e5de47c611cd86c3ac1910cdf22f3ec98380703b17c58aa23ed81c66a8fbf2c977dffb878be6a6363419e4ee2657a095407ca41e35f2f73ab32d3aa73b586fc3

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          10KB

                          MD5

                          05c516b61da249bd79266dc9dbdf8c7c

                          SHA1

                          2e65797db95d656fd53d63b05985d093ba94a763

                          SHA256

                          9d9cf26573e6cbecc7261c019b3305bf341a89b556205e8a814a5eb63fa3cad8

                          SHA512

                          5fc6c73316d14296bd6073ae8b7dd51cfa1617ffcf76983b5a14ef9ba6110faa783fcf682a3a862dd5363920cdb14d6a4a6467e4b7398cc49346fad9b0e5237c

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          10KB

                          MD5

                          657facb2f031970991afa25402e2b52e

                          SHA1

                          90511c65c79c9dc8988ac66005e77328e5f83dda

                          SHA256

                          44ba3009a103574bb33d6de78989d54852930dc8e405bc8f5850a981602fb16a

                          SHA512

                          c801b3629140050bfde4680ccdfa0951dabb0931b45a92940bf29c36443b3ffbd48c1800461f0d448f357456ae378740282887f24802a4d7152cfb3bc2b0fec3

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          10KB

                          MD5

                          f8b3f51b8f84a361ce2c7e13cb33767b

                          SHA1

                          181f95546b9779791b607a4a8e636d06b384a86c

                          SHA256

                          c219feda9fdb03e857116cb76df37d0a1446c7bfab6e36d0272993c97ba73909

                          SHA512

                          c959b76f1aa2c159151b5a793ae5c9ed518a3bcc424a5665b1002d79c0dc62ba927c18d8120abe42060ecec5c3f2beba31f791382a58e782bc3a5c22b6c644b0

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          ca38e189de2e90846cb0b762000cafc9

                          SHA1

                          2468042bcd60258f6b98dd5ed70588b3afe20474

                          SHA256

                          7fa34c5c828c3bb369a3ce02c5e123db4cf376af94ca703332bcaed959901104

                          SHA512

                          95b21417396c891d041c75cb1845ea26df1e75b56cff3e15b653135811014d1c1e39166d58dcc8d6f843dcadcb99ce44b24f113d4943eb06a76eaec3fec6e533

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          10KB

                          MD5

                          d3c88c2495afa5f5801a440765fb8a36

                          SHA1

                          b2be2404a5441af294a48c35ab9e56285827fde5

                          SHA256

                          0eba5fd71de200d1d933cb6a1d122af63f46e77a7fbf4e3fb3e2971a79802ad0

                          SHA512

                          3c1ae9f87b90e29659c1bac69f7565033bdac56ab9646870990571d9d1bcd376c74cc1eeb035544128dfc836e4ba3aa942a5657bfe1dd46ec4a83b7675d4c3b0

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          49fa0b426a4226af9c1a996e51d9a28d

                          SHA1

                          a4722992035f5417c5b8cd786f75c2ee6a6b25e5

                          SHA256

                          01a4f6ea5782c87260caebc3ed430283747412686429a4942edb515d6f492a63

                          SHA512

                          9f47b087139008fbb2496cfdba26b683e187c780677945c13a695d5cbd68d8af14aa9b4ac88f4c15f47acc9dba51a9f33e6eb264172d89e11412ba22c82886e9

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          116KB

                          MD5

                          582f280de6f0165478ed7587a1b204c8

                          SHA1

                          0f79e79adc55eba54f0734f2369d6f5bddbfe370

                          SHA256

                          f4f1ad0944b2beae11891dcb85c4f66d5bc861e5c7271a51a64f22173cef7453

                          SHA512

                          454f0def9f453d5546771f985a433450da077aafb49d1994f74bef03ea216c3c1aedeaaa942c6e97453bc316406d7e402331470b880128bafee148fc2a171801

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          116KB

                          MD5

                          db5bc2f9238eb452d0a400f489b59153

                          SHA1

                          738b90f0534290a36e1cfc2b7578330ec69cd993

                          SHA256

                          015472cf51f08570c5480ab6d5d5d76949c9def9085c303a0cb72d8896ae05ce

                          SHA512

                          c203aa600a7ff351a87a4cbf2d0c4044b7aa239f68cc7741e957725087728344df85b1d8676d4104cf275ced70bda86b1c64b6264d82e07107859e12ed42c5aa