Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-12-2024 04:40

General

  • Target

    IjefFE.html

  • Size

    7KB

  • MD5

    aa5d13590623abb5d3963a8af5dfb85d

  • SHA1

    8dcb62e75f970ac4f9f78e2558f335951b599774

  • SHA256

    4c6183029dcf2e4d604c473c2dfb4f72037b6a8f13d9183b0842fd201e422d7a

  • SHA512

    94899bfebc29d4d76c1a8d0e9b787ae50386a5e8718194791d27d86eb7e67e1b0e1a9b0a4e68031905c767419bd767b9d2666ac5ffd0a8dd87c0bf842ac7282b

  • SSDEEP

    96:CMq9SlLh2B3Zq36uWl/PtxyjttJQ8Maoah3vL5LaNclmnU1Eh2sS:T1lLhwJrPahtJxMaoah3vG12sS

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\IjefFE.html
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5012
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85290cc40,0x7ff85290cc4c,0x7ff85290cc58
      2⤵
        PID:1700
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,17464760835643112401,7276722037930825762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1848 /prefetch:2
        2⤵
          PID:2628
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1736,i,17464760835643112401,7276722037930825762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2036 /prefetch:3
          2⤵
            PID:3324
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,17464760835643112401,7276722037930825762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2232 /prefetch:8
            2⤵
              PID:4776
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,17464760835643112401,7276722037930825762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
              2⤵
                PID:2736
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,17464760835643112401,7276722037930825762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
                2⤵
                  PID:388
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4532,i,17464760835643112401,7276722037930825762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:8
                  2⤵
                    PID:240
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4668,i,17464760835643112401,7276722037930825762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1928
                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                  1⤵
                    PID:332
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                    1⤵
                      PID:4380

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                      Filesize

                      64KB

                      MD5

                      b5ad5caaaee00cb8cf445427975ae66c

                      SHA1

                      dcde6527290a326e048f9c3a85280d3fa71e1e22

                      SHA256

                      b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                      SHA512

                      92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                    • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                      Filesize

                      4B

                      MD5

                      f49655f856acb8884cc0ace29216f511

                      SHA1

                      cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                      SHA256

                      7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                      SHA512

                      599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                    • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                      Filesize

                      1008B

                      MD5

                      d222b77a61527f2c177b0869e7babc24

                      SHA1

                      3f23acb984307a4aeba41ebbb70439c97ad1f268

                      SHA256

                      80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                      SHA512

                      d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                      Filesize

                      649B

                      MD5

                      5fd9d896fe02dd9382630b7e7c92154c

                      SHA1

                      55f9a04ac78b0b367ea1f6789d93618748b4f598

                      SHA256

                      752500857a46a186af9210f84c35f6a3bf3724861998b24a4c7ed3e061626d34

                      SHA512

                      63b918355b09c4062cf2804a99bec7391fc75b226f34379d1c803cc7f9769e2ccdf7e79f67275607592be3d14eff7175035bfa1d0c19e6403da9baf9cd451005

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      1KB

                      MD5

                      7243c268abb0e7349e7a7fdeebccc4f9

                      SHA1

                      18d0bb91f516e02390b4609483d061946d3c9f63

                      SHA256

                      7f1609f462909bfc4cc97986752e0fc3a8385c8a52f75e7498c43878437adab7

                      SHA512

                      635ce367c2e02d9c1f9a2a689967c814f3fea766f10ecd9bca79f20a242241ccd1227c5f9862e57a565523fe9ee56a6c69012ecd5d7be5bc01f27af7bd49e867

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                      Filesize

                      2B

                      MD5

                      d751713988987e9331980363e24189ce

                      SHA1

                      97d170e1550eee4afc0af065b78cda302a97674c

                      SHA256

                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                      SHA512

                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      45c4af768eca0242672d72eddb0902cf

                      SHA1

                      fa2bbc79935cb16a9b928c171446f192ddea5854

                      SHA256

                      8b431e926665009dfd42cdfda3bf8d1e4e8239871c6686f30c5979005f79e18b

                      SHA512

                      771af58be3bdde0c3228318721af92e6738e35beff08740e2e28b3bc005a3ff391f11b80e22d1acccac898725439cc76f8f3f539624eb17a12bbb87dc663abe6

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      d16272d3dfbc530953d48550d9c683cf

                      SHA1

                      80da6549d61dda1802e4f441b764db939aa94d50

                      SHA256

                      ddcf7e5a51b0d2020d625cb5df4e916995a408bd3ab16a013716528af83c92d5

                      SHA512

                      df3853a8317f46b0334779cf8d0d70ffe8181950ed93991058401a6a280d8fc03ddbe0a9ef01ba0604002cf95c8aa20f8990baed5faba49b0fd427df4322df06

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      fd017cf5fa97832a0f7063a9c8b4ca98

                      SHA1

                      e1fe84be7805f0356f01412c7e6851ffbe937593

                      SHA256

                      7ad7e27146d7dabc759c100b67fee19b27c789bf3de05a9bc5850b21a357e244

                      SHA512

                      894652e354aa3420872b089754fc3a043a6ebe6371a9e0799f57d294b74a9e2d6ecfbf9f0fafc032363020d5d1f26281cf37b2d154a7dfa7bc173613eb03a8ab

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      28feed18fc624c71284d0e2dcb97866c

                      SHA1

                      2c1b9e9c9d58bbf361bae654670b2b8fa670136c

                      SHA256

                      cd4053f8fc4c7183bf2046755b1891fb7642a3a89b29da5fd96aabaebbfead86

                      SHA512

                      1775f15ffda78fb4bdfd862231475e74e23729d8bb89f7bb79511b0ae0a2ed1d2644d21bac4b818c91f3e3ca85a69d0d812739a9a4be3aa07a5fd023a27e275b

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      e02ef51dfcd72e4666cc9d83a451b4b6

                      SHA1

                      d987d2de29c30972e13e7b4de1740668bacc1a1e

                      SHA256

                      0ebe447974554b12b5c99087e3381dcbc2ed796dee68a35b36886078d983ca7c

                      SHA512

                      2cf8150cb96420d14a9a9b8f7eefd2ecb9636fa67ec72834a57a122afdcf01f6c1bd41ed0b07eeb11ec0e477dc1b57ea377899a26093583204306f09442d8185

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      94ea39b65d0c3be3616e919b0d4ec9c6

                      SHA1

                      f6c40027553423a1b9a70cb18668109a62f2e2b4

                      SHA256

                      91cc19163363b0f325f6f9193261e3f0f5f8bdb0f46dff33d2b51fd6bb6b489a

                      SHA512

                      19c4c5eb5ece2cd096960303c6f4597d994ccf56a3ad6ca9c79d73235d53cd3b603d68a61a4d3e24ce35b7187a580cf87ae02c7d090212c3a2fc7fb225a53891

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      775d5d7b70e7cad986347e6f5a436dc1

                      SHA1

                      ee481531ab2f64cc0d2ccc4ad7f6d8057f3f8a59

                      SHA256

                      0bfeb7f7fc0bf9b2b2c2109dcd1d4e85e66fc2460cc0679f7177a79677a1fe42

                      SHA512

                      57aa255f7d9a9aefc0da8cd9329fbf4be9756705b737cb5823db5deac7edcd0a49b9d9e34a3c9fde1b05df79e971eb374ab64f954f22e2ca5fde272886e8c469

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      5bc5a89483a501679772fb56446ff220

                      SHA1

                      575ad12622d3ec5811810c61d8b35cb8487d7222

                      SHA256

                      88149392d9b3fda0cae53f4a629d5f24a2b19314a1b3116f6da97b37dc370602

                      SHA512

                      fbb0616b0d9fdc34ffde2456dfdd9dddbb907f9f14d2b4e0bcdaa1cd5ccd6294b374601641edbffb75f23e189d1c3223328840e1d9ed77af85932e377d87ec9e

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      0fcc0e623211472e5a70ba78b35b4cbb

                      SHA1

                      5e58d1af3af952286cde40127762bc7203299af0

                      SHA256

                      a0de1d1ce5412c398c221a5863107646a62f1d45cb22d5b6dcaf7813516b7e11

                      SHA512

                      bd796ab3485a3c5d19e6f0b1fe9cf00e03944e40cf199a788fb5e748a73637defa7a9a65dc6f974ea7e734cbc0408b8ff76f41c3d8f2748da84bdbe97c6a54ee

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      228KB

                      MD5

                      be6222fe71af5e0b479970ab6c7e08a3

                      SHA1

                      ee46c7193d655732ef0eba14ccdc8731445c5ede

                      SHA256

                      88cc816c7879ab5fd663d85cb47b8199eabdd239cce3064d02e5d3cddac8469e

                      SHA512

                      93cab376d083ebb059c9d6aad773e4afd66debf23c27d79f738d0fa8c420c082b05474059a49bffab9c3c423138212efca7663b7900133ae4a6258c16d7c9bbd

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      228KB

                      MD5

                      5e5cd456f452d0278006fc3c78d5d5d8

                      SHA1

                      67001ad07d969db4d357a4a63cedf8f702c5ff47

                      SHA256

                      f02c0e68efc1f604eefec2121c5295c033b590d466a925d47d48eacdbb85d709

                      SHA512

                      a4dd777e679df0b7a1830776aa8973316dc40d61f4a22f0887c455aad1c4f2788759d924d2d234ab216fe14a8a8d0cfbd1b7b8abcbf914fd5327b65bdecc4fad