Analysis Overview
Threat Level: Known bad
The file https://7greenstore.com/kvvk was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-03 13:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-03 13:26
Reported
2024-12-03 13:28
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133777059823844937" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://7greenstore.com/kvvk
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe6434cc40,0x7ffe6434cc4c,0x7ffe6434cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,6773191972967028609,5247017618402571591,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,6773191972967028609,5247017618402571591,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2120 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,6773191972967028609,5247017618402571591,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2592 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,6773191972967028609,5247017618402571591,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,6773191972967028609,5247017618402571591,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,6773191972967028609,5247017618402571591,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4624,i,6773191972967028609,5247017618402571591,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5024,i,6773191972967028609,5247017618402571591,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4500,i,6773191972967028609,5247017618402571591,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7greenstore.com | udp |
| US | 172.67.221.217:443 | 7greenstore.com | tcp |
| US | 172.67.221.217:443 | 7greenstore.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 217.221.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.154.216.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.67.221.217:443 | 7greenstore.com | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 172.67.221.217:443 | 7greenstore.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3968_ZRZOXEFGXULOJZVV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 6320daab031bf56da20f7362cdf35588 |
| SHA1 | da2b1ecfc46560d6a72c6cbe14f14bb4180a699a |
| SHA256 | db408e63fe8807533c94cedfc951fa90df436a8e329ab51a329f79e64235efbd |
| SHA512 | eda5af16ecd5427e823b01081cc0bfb316e778bc16c7411b3a9d5386d3a915a89d84f759b7bd105421df85af9692ec96e86e77b25f9a378c86f5f72eb6899905 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 50660090843160668f1945464c0cad02 |
| SHA1 | 35c8503ae4d86648287cafd3dae02b3eec1a5a66 |
| SHA256 | b98b4291773c2dc1de97f4727b42451a8b287732e749a155d6cb0946ca876f6d |
| SHA512 | 9fb475f7e8ebd37f1f284b0ff10932d922313589526785a64fea35073feadc469dbc8693d7a347c1f3b24bdd0d09140908c2b0f4fe47ffca77544915369f4936 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b7cb928b18b33a77bd3f8fe738caa1d9 |
| SHA1 | 9d828d6508763b709251a79ff08f6bf80eaedbf4 |
| SHA256 | a0764134ea3e9a9405ec14d86710af95253544e5b7937ddbed52692c44524795 |
| SHA512 | 54af3bc685a366abf94c4c368d1c31b7f563f2a3205212fc538c1bd8f456b9daeaeea71dd481b65896c45358ce0d61e0523111931b99dffad3d3ede3bac68ba2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a050b7cebc211863ad9315977795a79 |
| SHA1 | 3bd19285e9afdbfbbf38fca3a4034b20538be941 |
| SHA256 | 22125ef9000a90ac194abfbf8e074612b6c1e02423ab9483b65d1e145ddbf33d |
| SHA512 | ef91d6e2cdf2e8ad0143bf369205806e4020805b47c786c11f293004fa174e05209ebe4a8449784b59b71109425815847f142e77665099dea2230b33b4f2186a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 75386125fb0320990c62a1462b29d408 |
| SHA1 | 1776ea16fd969a32bdc5589f8c1ab800c3a8a19c |
| SHA256 | 463409cd88d5fe1b9734e65dee41a81f7daf207255dc06f121601d8fb4c0cc8f |
| SHA512 | 2c832c6e5992056c084980f9d54bcea7ad8b6ea08fcf29b74d00b67ef7eb44210576b5b656adae39a079e59cb046d1404621951596fe7a43cedecda588144117 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 578288855e1dd983e1617c9761e4af4f |
| SHA1 | 928ba42997f32d5b2388af84f465776675b94e8e |
| SHA256 | 2e388c0deb5ef769c3afce218f4d043ed1926d06c30e5a17f5bd3c2aff86ebdd |
| SHA512 | 5fa4cbcff24aaf8ee5da1060416fcfdb32fa36cfca2fd4d9edc675719e70d021c23ed6cdaa0a46a196c4f4dfc3990996e291289bc52743ce40a0cc840c664231 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 38c9979a5fd4d9b7cd96d656cfc662b7 |
| SHA1 | dec365fae2e76c7fb7b02503a01bc602c3dcc990 |
| SHA256 | b612e07ee30f8a22db72551862c2d2c78a574d3a50a59613d00174ac47a1d3ad |
| SHA512 | 76c7b2c5fb7173c68a5435cad7cd3c4f6cd0a2241a501a1e780e17e4b4c01acde6fa2f1e887248927fb885abc98a97954bec6f733839eb495f47b0d92b7e844e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 021e2388b385cdd0050b7975abaefb99 |
| SHA1 | 74b29053467b0147cd2ada1864713f1f6bb8db67 |
| SHA256 | 3f6f806a25daf837f303d872c08f63c8a594b0528f216e004216ea1e0045da55 |
| SHA512 | a6b9508d8b1c64c787a04da47f0aacdd2f0e6782cd1fd1b8983c87a0777a64c53f788eb71ac84a216030cbb5c3e70a2ae21a25c2cb623477af3114d77dd4f9c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6eec06c12d77336c31bd7e483abf2e61 |
| SHA1 | 5d81b7552f62966324b041a91793ef88eb0bae1b |
| SHA256 | 09f2f600e3c1f085feb0fd262d1680d7ab03338e6ec71a7e34b6e3ea30c02073 |
| SHA512 | f04c4ad59599179cfb2fc089eb2bfcd06b7a0aa757e0ea27b96ce7c617263d1b4e2c9a3db1065ab792ea681fd49cb42f2161704c54b8f1944a175f2912564627 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b50f12b2a05542ddefac5c095383f400 |
| SHA1 | 9c44450903906821dc7c19c5bce66baac06cbdb7 |
| SHA256 | d25678950f20e751c5491b4dff67d84cf4b0d62b7d7aab896845f496423623aa |
| SHA512 | 9d2f7e8718b38083c0cfbc04a1173197bae8fd01b0b4c9fe1457556caed35bd9acf1512396b5cfda704470f48dc7ce8ffad30def567dd66470be515607673160 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cefe3144bef0dcbcdfcd8773a00d1ece |
| SHA1 | 90784cb46315935ea882c1cd2a077d511a0d3cc3 |
| SHA256 | 08f73c7adfb50a4fdfc8c6b9e2a57b25dde331f9b1bb1a28520e75e152d2461a |
| SHA512 | 35be416679edbdc89e2b8d3491054f52b2624ad3dc23338e4b388f23ad93ea9015cca5f9ddd6577433e1c7c3340133d614277ec1fac8115cc2ed5e4e0eab9478 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7224389faa410a9830de798c66860861 |
| SHA1 | 9c3379778c72b8f95645101e477ef0ec1c780b31 |
| SHA256 | 427d1acae57cf3a19746e1d1cc97dfadc693441b64bf7d2b52dc2d960f86fcc7 |
| SHA512 | 922e7ed8cca44ba09df7b61687b66cdfb450522ecb29c4d359f203ed223b97ca24fedce16b93e077cba705ea5eae0ef8c8cf784fc97844ff90900e2d42849895 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 170ee408935ca0aaff817cf6f72f6b95 |
| SHA1 | c47a687f05d468cc02e3fc8e82a539c15deee8ad |
| SHA256 | afb19b2657d3cbc3278eef5f49e43552eee9b5db176beb4795b433bd23c51197 |
| SHA512 | 56f6bd48e4fe3a20880718efcbe3bc91614a777578f785f713f2b14f99153bf6c8ce90bcaaf5f40da0032dbbba69546f95aadc4ffbca3c8ccd308758f2edc942 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 26f334213e9cef498c6d676e826fb6cb |
| SHA1 | 5ce5f6a82458853f0818bf6c9c8b06ddbb391ec8 |
| SHA256 | dc73fb1e5f456ec0b72e839336feb49ef322b8d12bea76e71e8c23448096dc85 |
| SHA512 | 8b9ea52622003e8f73dc53fa533dae9c2b7188465e401556e05b130916b52826c9b12abbc729d1f0d584cf1b9673e87819502366f03763a3d6526b10299f5bf9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 46da768f0db48a3f54633c23d7744ef2 |
| SHA1 | 0c373cf1cd217510732b1ad2b34c8f8712765936 |
| SHA256 | 9f1ea8e04099feebb1e7f8f83809ab13d9001c50f3bfac7e7d6c251061ad9894 |
| SHA512 | 744e925d14180e0d9dd2d8ce7a41afad94f1dffa9c5f7f6e29a1590527342a6c47ffd4e6e782a062987852249b57079ba1cef2e60fb099ce09a66ab1ce319615 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 00b818a705eddfadb268aea2138457eb |
| SHA1 | 796d00d1f0de3390f6e3b39e14ea9c5f9a29b24c |
| SHA256 | b2c8de46bb8a4056dd4a484cd87e2c56e548a28382fb428c283fc1099b622a45 |
| SHA512 | 4e0f3283b69c5c72807f6f0bbe1cc5809ced7ef6e1abdbf23798e2f28018b1d025ab88d15a51f403656b5633514720b9a35f379542f5c053619ee1ee3d77f034 |