Analysis
-
max time kernel
41s -
max time network
42s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
05-12-2024 23:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://drive.google.com/file/d/1IK2jVfdZecGDA24QQg4u50Umiw5xWxKk/view
Resource
win10v2004-20241007-en
General
-
Target
https://drive.google.com/file/d/1IK2jVfdZecGDA24QQg4u50Umiw5xWxKk/view
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 3 drive.google.com 6 drive.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133779158638577391" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{151B0586-31E6-485D-AA96-2E228E191C23} chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2204 chrome.exe 2204 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe Token: SeShutdownPrivilege 2204 chrome.exe Token: SeCreatePagefilePrivilege 2204 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe 2204 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2204 wrote to memory of 4824 2204 chrome.exe 82 PID 2204 wrote to memory of 4824 2204 chrome.exe 82 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 940 2204 chrome.exe 83 PID 2204 wrote to memory of 2224 2204 chrome.exe 84 PID 2204 wrote to memory of 2224 2204 chrome.exe 84 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85 PID 2204 wrote to memory of 3848 2204 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1IK2jVfdZecGDA24QQg4u50Umiw5xWxKk/view1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff80bd2cc40,0x7ff80bd2cc4c,0x7ff80bd2cc582⤵PID:4824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:22⤵PID:940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:32⤵PID:2224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2388 /prefetch:82⤵PID:3848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:12⤵PID:3408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:12⤵PID:2132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4696,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:2368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5188,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:82⤵PID:3300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5168,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Modifies registry class
PID:4552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5252,i,14174838985326058803,16559940334256800526,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5248 /prefetch:82⤵PID:1392
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3772
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4572
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5d2aea022c88fac75a62247fa9ef898d0
SHA12863888f374471f96d8d7b4fb037a594d3bd3974
SHA256fac167603896104adf7a7e37051f082abb458ddf1e87878650da66abde764007
SHA512a06a4e7adf3e9b0f101a02480fc0254fca034a08720d17946b89bb2eb94046cbaf8a8e448dbcd5a5f52cabcd9d40b8eb8bfbc18b7ab57bf6a1d95c2c15a6c32b
-
Filesize
384B
MD59ace6e1ca1094af4508c1304a77f3b8d
SHA135ecbfc56fa370a8dd977892d9aebd01a39eb000
SHA256566319bd3e852cc55e07c0ec2369f0a6a87b350e32bef4d8bb5c4b04683a69bb
SHA5125fa23f99af0b7f39b13023c4da79e585eb5677879291683e695a9fed221dfbfa69735d1140cf8e5ee2d36b6b28f8c9c7297f6a0eb2fefd93d4065094575d0263
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5ebf63531b36a86b1e8b3eaa2f646738b
SHA1a1be8e153c72c463f8210d338dd99bae2a2ae4ee
SHA2560ad8172af1138ca0c3d36dda1d9dd91005672f6309e462c4d3d32b9664348721
SHA512df3972c0e0d4c1cd3c3eabf4e7e0a02f5c606e443995f3cb579449bd4eadbe9281e84e85af3d7a428d3f445f8088cb42614c23183edd79847c4dc56aa1fdbbab
-
Filesize
9KB
MD5f792ceae4b94de708bd5c6fd4acd70a2
SHA1294cb6683cfd28c4da59e985287628827d5274ba
SHA25616d234708445e8fed7162af5f163eef86272bc7ec1bc6d4c174c439e024f9086
SHA512d1ebf2e8811e75a61636332d0e27d105925b88638fe5e6c25939d4a511ec9149049401a42acbf9b3f93fdb1a4733532ca839e4a3c60094758d57c1238d1d7a7f
-
Filesize
9KB
MD5ea8361224c30ae04cbe72c208eb1c6d1
SHA1ba2885c339e98f22db7cbf19e6efa1605703cf0e
SHA2563bc04d72010f30177b850a7eb698313d89bf1fd366d0db11f971c40420c265d7
SHA512b38408fbbb472c7c447e57c214d3053d9ea9483f276ef914270e51531da210fb9305a88520135ded30dbb75da394c88d90480e5fba23ef2d84797ebe4face4db
-
Filesize
9KB
MD5b32e2213a85329204b69f1fdf1d36beb
SHA175b139a5d3172b0d27dda3e30f89c56dbc0f8e21
SHA256f8984d79ab151c093dc244d6c1d6e94dd168dbc7e9f682731419b7633b168083
SHA51222b2e1ce39bcba1f9240fc1168f885b8e30a8e34b2b4f2596f8ce33adff8cfc455be6fb88b459e949fe038002716389f2f47e6425263140e4c1e39811d7a422c
-
Filesize
116KB
MD53980763a4309251e02000280fd99c63d
SHA1355cb98255e3bc5cbd2f54ff492a786b46119dba
SHA25654cb9e271ed333a8b7477813e86bd9f3810c748b1c2f2d8a339b1fa3bbf69157
SHA5124420dfb072dc8caf940231e057e8e1210b19a183d38a1ec472e06a35b4c4dd0e54b800a5a49958a59459600bcccf7fef170330bee4f9899730273b42d0e09222
-
Filesize
116KB
MD5b0c77dc50a0a1e610eecee3387c54b7e
SHA175f35380fe5d9900371e9b901414ae92fc7841b1
SHA25640c0bc9dd61e29596353cfdfe2dd407846eb53bc05894b54e5333a2faeb36d88
SHA512bd92753b8f878c06b3d7572d8e672f110f3a89811aa6af9f4db692bf878a460c108f015fcd9e311ea2a51a0e0b999efb9824c1103f2b2016f4b886a00e1dd2be