Analysis

  • max time kernel
    56s
  • max time network
    49s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2024 18:25

General

  • Target

    https://drive.google.com/file/d/1091y5SvsF7k-4FdH_gtlHwx60IF0twlN/view?invite=CM-2jKUD&ts=67511cd3

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1091y5SvsF7k-4FdH_gtlHwx60IF0twlN/view?invite=CM-2jKUD&ts=67511cd3
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5052
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd9b0cc40,0x7ffcd9b0cc4c,0x7ffcd9b0cc58
      2⤵
        PID:544
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2008,i,7124787331455301580,17079094610519697251,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2004 /prefetch:2
        2⤵
          PID:1204
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1672,i,7124787331455301580,17079094610519697251,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
          2⤵
            PID:4908
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,7124787331455301580,17079094610519697251,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2296 /prefetch:8
            2⤵
              PID:4068
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,7124787331455301580,17079094610519697251,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
              2⤵
                PID:1176
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,7124787331455301580,17079094610519697251,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
                2⤵
                  PID:3868
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4640,i,7124787331455301580,17079094610519697251,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:8
                  2⤵
                    PID:4716
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4716,i,7124787331455301580,17079094610519697251,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:1
                    2⤵
                      PID:3344
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5040,i,7124787331455301580,17079094610519697251,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:1
                      2⤵
                        PID:4032
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5144,i,7124787331455301580,17079094610519697251,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:1
                        2⤵
                          PID:4116
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5372,i,7124787331455301580,17079094610519697251,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:1
                          2⤵
                            PID:4152
                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                          1⤵
                            PID:2684
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                            1⤵
                              PID:1308

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                              Filesize

                              40B

                              MD5

                              980ebd34ef8cdfa9900dba4fe367d2f7

                              SHA1

                              35955645e6324fce99a971a5a80ecae0fc21d971

                              SHA256

                              d5384308d29f2f9478f0d1354e9f94053300496f3b7cd2f88f5f8d00dbe1482e

                              SHA512

                              470cce060f4dcca34b26c8c3b2d3d4024c12fb4631ed8251e942e7e992149a422f30526b27f9f55c13d5d9581f022d3b18439893c6b0455180ae70c0fb24430a

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                              Filesize

                              649B

                              MD5

                              12b05347c584b869441e7579352fa14e

                              SHA1

                              9e8652b49ba62ba35a2360bc1cadf1e2ea848135

                              SHA256

                              4942c7511d65ce00f60795884c590121513252c49357f5a5564abe4e85e9aac7

                              SHA512

                              0d78cb8e8d729905c952044a333792a20fdc16d51881ba59151996695ae9560551ac62752ebd648bb3831a4be8b66a61c82f83a025d25ee4b6de47d2c3658691

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              480B

                              MD5

                              0558478e49b64588591a1847bb04aebb

                              SHA1

                              5b1a412ff0eb9319dd64fcafccd50c0f4501a53d

                              SHA256

                              90035148690a4eaefdf02ad7f0ead6b3462945c091b8df8e75fa014ee38a06f6

                              SHA512

                              eca1c83b50b194bc9c1e0594e838585f430ae40b40c070ff4211bbf225706cd1ebe17f4ed7886e04d95e77165e2dde82ef828a62a9345c748ad8336c6f941977

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6594b039-2ace-44c1-911a-2d3e187a8e1d.tmp

                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              859B

                              MD5

                              942eed01808f637fb2368944c5046cd2

                              SHA1

                              809c14eadc3793578b9e0a583ea0b173644382c5

                              SHA256

                              bee4983a7539ae359c219e9cdfeaa09751db5764cceb7176968e09a2b6411d6c

                              SHA512

                              a75e66f1f10226bdbac1ba3cf40a5f97da96684157ff33b574457d651f2e12faf08b7e6e9f180eaafcc23694316307ed5e94c27604c9653970e68c3679769834

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              859B

                              MD5

                              ab58fd259d2345b6b941676656d69552

                              SHA1

                              76d9fe990dbd2982c3c1c78a957e9acf2f283218

                              SHA256

                              4b4103e3b5b35997bdd54ab52176a1bfc925ad271fa7c2d8fc24df1a787f448b

                              SHA512

                              61e406475575709363bb037efdee0a0c8ff6a0cfa3dededee0033476d46e4e8b67e48524589bdb61a04ffa314280e906b0c8403123f5ab58c4551ef41dd56db7

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              1KB

                              MD5

                              7f4bcd3afa341391542560c1d2175592

                              SHA1

                              8faa297a151b8d3bdd80b7d89dca0dc78c495ab8

                              SHA256

                              cf20d4a43014fd0c626163452f6c9b140a339ad88c57feb3c33a07c373a40323

                              SHA512

                              b20555e15efc691607d6d7f918e0bae69a1438b5dfc3cd27ac89a80a0f5cc6511dbdebd44cce96d208a73145d2adc2c61e5e240655a23c7fdd8f9ecdafc185ce

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              1KB

                              MD5

                              b12ccb1aa3dd0294bd2fd20ac3b0ad25

                              SHA1

                              bcef42c9ceb6bf121307454faee35c14532e25cf

                              SHA256

                              b3f27b4c31cb62a74aa2bd22db25dbdd2b95a7dd857aa8200428220d078e9d1e

                              SHA512

                              3b090d89914b348d43899e5d6f23f0030abf76e7b5e21317d13b14edf73f30924a0778a017d5907e3445d711bbec405c8e4ef8fed4ab56f75a605f6b474178bd

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              580b486e14f4dc12302f9c438e7ca51c

                              SHA1

                              c79ed2ea6bb3d5dedadcdc71a1ba03cb22133809

                              SHA256

                              6c249eec005f7eaefa6f358233993537fa4ebe2399284832a88d172abd7ffc15

                              SHA512

                              c1329b359f257317243ccb05eeacf43a73cb7bb45739e1d8619ec282d143bfdbebfa43d65e48778ede414b233c0ba892cb72c2e02de372012356b196096526ed

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              10KB

                              MD5

                              c866543f18d4cad25b9f4943bc89e729

                              SHA1

                              3a6df17cb25684ec4b38c287d2b8bcb1b8da1295

                              SHA256

                              a639b16ca294361e1e375eee2d49802d3a31552624bcf81e7325c1c785988754

                              SHA512

                              b80eb65a184cdf95b7402f032d89b254eccc18312a1ae8b6c2cf8d67db8cc5ac758a4ade3f18b0f362000fef0630229b738b043ef9c22caa0023335311af2526

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              208614ef0ef4f1dff419ef07bb41678d

                              SHA1

                              65be4474de589d576a04df682796045c84428682

                              SHA256

                              548cbbc6fc910d4def62dfa24b3ed9a33224bb427b583bab895b0f5c5d45f47d

                              SHA512

                              be136bab6647ce74f48f5807f58b5107c1f803f9a72aea37869c03570041c9fa70746ef164d8003a296ec9be8b20596271dc2b6101d08244dc6af529ea75c870

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              10KB

                              MD5

                              2a98696d635d6bad048965f5374c4c85

                              SHA1

                              83c079aba433a04891d802164c95c729aa2e40a5

                              SHA256

                              60f9045fde984ac23afd39a5dddd594bb66401f1443946a12b640966456013c7

                              SHA512

                              df8d185a2944fbadd12fd5c82d1e74e2816266cbe0fa098f4fdd236ccbac6536c2875fa91718534bf3526ffacb722f8dca9f696572a299a95282f69c78fb0527

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              116KB

                              MD5

                              1dad73090884d552a71c302511e46cf0

                              SHA1

                              32caf06316452ff7c670db0ca3f0a391cd85f960

                              SHA256

                              074c5b21cf3865d0c1d85a9417ec665318c7454d84b71c4a2882e888aaed985e

                              SHA512

                              1da5451d182dc42ec5548cf611c1af996a35551c24427469a194d903114b320960a1c51e5c337efabf30929ac1c9b404b9657b0ae5e03ce4d7bbe4f903fcea53

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              116KB

                              MD5

                              ade6f4f10331de1925743753f4e03dcb

                              SHA1

                              0e0c585f3e69a1e7d9a0e9183460510d8fa1a5bb

                              SHA256

                              58b430c5d01e16d591f9d79b74b7972d7609af08cbf2f8325908f7d333cf09bd

                              SHA512

                              2cb53f7eb84d0831fa96daf4f304396a27502cee44e93f90c02a20653d7bff7c7c90c0167f17a65b1aaa46e067adf2b7d5ef97beacb78bf8fb6c1c0a7b6bab98

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              116KB

                              MD5

                              1a67f3ed570b0a08299462d2236381e2

                              SHA1

                              16a1dd3778954d60533191557de706f95542ccc3

                              SHA256

                              27721ac3e209db938a1a918ad98700be5bdb6574ce1513820b22d9f7be5b8563

                              SHA512

                              76fe5b2a7ca989516030d7cbff6cbfd5c3624aa1be3df8b4cd39c6de186a83e9013c086007a7ba76be870d6e8c298ebc4b1e86ff86c42db4734ecbec5d59e2a2