Analysis

  • max time kernel
    41s
  • max time network
    42s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2024 23:44

General

  • Target

    https://drive.google.com/file/d/1IK2jVfdZecGDA24QQg4u50Umiw5xWxKk/view

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1IK2jVfdZecGDA24QQg4u50Umiw5xWxKk/view
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff80bd2cc40,0x7ff80bd2cc4c,0x7ff80bd2cc58
      2⤵
        PID:4824
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2
        2⤵
          PID:940
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
            PID:2224
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2388 /prefetch:8
            2⤵
              PID:3848
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
              2⤵
                PID:3408
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
                2⤵
                  PID:2132
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4696,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:1
                  2⤵
                    PID:2368
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5188,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:8
                    2⤵
                      PID:3300
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5168,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:8
                      2⤵
                      • Modifies registry class
                      PID:4552
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5252,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5248 /prefetch:8
                      2⤵
                        PID:1392
                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                      1⤵
                        PID:3772
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                        1⤵
                          PID:4572

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                          Filesize

                          649B

                          MD5

                          d2aea022c88fac75a62247fa9ef898d0

                          SHA1

                          2863888f374471f96d8d7b4fb037a594d3bd3974

                          SHA256

                          fac167603896104adf7a7e37051f082abb458ddf1e87878650da66abde764007

                          SHA512

                          a06a4e7adf3e9b0f101a02480fc0254fca034a08720d17946b89bb2eb94046cbaf8a8e448dbcd5a5f52cabcd9d40b8eb8bfbc18b7ab57bf6a1d95c2c15a6c32b

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          384B

                          MD5

                          9ace6e1ca1094af4508c1304a77f3b8d

                          SHA1

                          35ecbfc56fa370a8dd977892d9aebd01a39eb000

                          SHA256

                          566319bd3e852cc55e07c0ec2369f0a6a87b350e32bef4d8bb5c4b04683a69bb

                          SHA512

                          5fa23f99af0b7f39b13023c4da79e585eb5677879291683e695a9fed221dfbfa69735d1140cf8e5ee2d36b6b28f8c9c7297f6a0eb2fefd93d4065094575d0263

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                          Filesize

                          2B

                          MD5

                          d751713988987e9331980363e24189ce

                          SHA1

                          97d170e1550eee4afc0af065b78cda302a97674c

                          SHA256

                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                          SHA512

                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          356B

                          MD5

                          ebf63531b36a86b1e8b3eaa2f646738b

                          SHA1

                          a1be8e153c72c463f8210d338dd99bae2a2ae4ee

                          SHA256

                          0ad8172af1138ca0c3d36dda1d9dd91005672f6309e462c4d3d32b9664348721

                          SHA512

                          df3972c0e0d4c1cd3c3eabf4e7e0a02f5c606e443995f3cb579449bd4eadbe9281e84e85af3d7a428d3f445f8088cb42614c23183edd79847c4dc56aa1fdbbab

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          f792ceae4b94de708bd5c6fd4acd70a2

                          SHA1

                          294cb6683cfd28c4da59e985287628827d5274ba

                          SHA256

                          16d234708445e8fed7162af5f163eef86272bc7ec1bc6d4c174c439e024f9086

                          SHA512

                          d1ebf2e8811e75a61636332d0e27d105925b88638fe5e6c25939d4a511ec9149049401a42acbf9b3f93fdb1a4733532ca839e4a3c60094758d57c1238d1d7a7f

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          ea8361224c30ae04cbe72c208eb1c6d1

                          SHA1

                          ba2885c339e98f22db7cbf19e6efa1605703cf0e

                          SHA256

                          3bc04d72010f30177b850a7eb698313d89bf1fd366d0db11f971c40420c265d7

                          SHA512

                          b38408fbbb472c7c447e57c214d3053d9ea9483f276ef914270e51531da210fb9305a88520135ded30dbb75da394c88d90480e5fba23ef2d84797ebe4face4db

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          b32e2213a85329204b69f1fdf1d36beb

                          SHA1

                          75b139a5d3172b0d27dda3e30f89c56dbc0f8e21

                          SHA256

                          f8984d79ab151c093dc244d6c1d6e94dd168dbc7e9f682731419b7633b168083

                          SHA512

                          22b2e1ce39bcba1f9240fc1168f885b8e30a8e34b2b4f2596f8ce33adff8cfc455be6fb88b459e949fe038002716389f2f47e6425263140e4c1e39811d7a422c

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          116KB

                          MD5

                          3980763a4309251e02000280fd99c63d

                          SHA1

                          355cb98255e3bc5cbd2f54ff492a786b46119dba

                          SHA256

                          54cb9e271ed333a8b7477813e86bd9f3810c748b1c2f2d8a339b1fa3bbf69157

                          SHA512

                          4420dfb072dc8caf940231e057e8e1210b19a183d38a1ec472e06a35b4c4dd0e54b800a5a49958a59459600bcccf7fef170330bee4f9899730273b42d0e09222

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          116KB

                          MD5

                          b0c77dc50a0a1e610eecee3387c54b7e

                          SHA1

                          75f35380fe5d9900371e9b901414ae92fc7841b1

                          SHA256

                          40c0bc9dd61e29596353cfdfe2dd407846eb53bc05894b54e5333a2faeb36d88

                          SHA512

                          bd92753b8f878c06b3d7572d8e672f110f3a89811aa6af9f4db692bf878a460c108f015fcd9e311ea2a51a0e0b999efb9824c1103f2b2016f4b886a00e1dd2be