Analysis

  • max time kernel
    104s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-12-2024 14:10

General

  • Target

    https://planinvestgroup.pccwv.com/researvewa/70936546/?ae206=YmFmaXNoZXJAZnQubmV3eW9ya2xpZmUuY29t

Score
7/10

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: [email protected]
  • A potential corporate email address has been identified in the URL: [email protected]
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://planinvestgroup.pccwv.com/researvewa/70936546/?ae206=YmFmaXNoZXJAZnQubmV3eW9ya2xpZmUuY29t
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4876
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffed618cc40,0x7ffed618cc4c,0x7ffed618cc58
      2⤵
        PID:1936
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,3394591007965235060,14749734297294510380,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:2
        2⤵
          PID:3944
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,3394591007965235060,14749734297294510380,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2164 /prefetch:3
          2⤵
            PID:3988
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,3394591007965235060,14749734297294510380,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2420 /prefetch:8
            2⤵
              PID:4920
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,3394591007965235060,14749734297294510380,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
              2⤵
                PID:4064
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,3394591007965235060,14749734297294510380,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
                2⤵
                  PID:2056
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,3394591007965235060,14749734297294510380,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:8
                  2⤵
                    PID:1324
                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                  1⤵
                    PID:1360
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                    1⤵
                      PID:1708

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                      Filesize

                      649B

                      MD5

                      1aa96efbdb88884b749edcc80c757808

                      SHA1

                      660b6cab830e9953703d18f2709372b0c1618b89

                      SHA256

                      fdc50eae2e0c4f8822394a53014168b3c59dd84e1b3d06f4d0dc29730791bad4

                      SHA512

                      54c3965455579bf64e7a29a063fe4c422fb2402c54876bb2a72d9a9a2d2dcc10cabef33a28abbcf211c10ae9781ffdef869b50ee1ddb472cea83b06144d9fcfa

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                      Filesize

                      192B

                      MD5

                      23036b9f3958756e227cae7b33ce4906

                      SHA1

                      55639da4a14ee8d1f8c79441835f917f0029e147

                      SHA256

                      8de7d658ffcfb8c9fe065048e77f85dd407dd9ceb14d28a91e97a61ede71e7b5

                      SHA512

                      d2972cdff691996c39057ef962dcef5d607455cd504e7d532d3d1bcc32d6987b86df1e1c798431af9a9ce9a6e206b206725265354d51c7c8b00079df468abb18

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      3KB

                      MD5

                      7bea06d6981c58c42eb87f116bad7277

                      SHA1

                      2efe94310d678f1745ead8a63cdc6c9d13c60163

                      SHA256

                      568bf29002203bd3abaa624c5f5ec0cc2bba182f72fd3c08d5849535902b0fc1

                      SHA512

                      3ef9a8372e71a8983de996c327529552ee8f588a7ff8818df4662503bfe0b1f61af874b8202217495277a435a0b4b93830f2239f3ae6471b9760a956a39fc740

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                      Filesize

                      2B

                      MD5

                      d751713988987e9331980363e24189ce

                      SHA1

                      97d170e1550eee4afc0af065b78cda302a97674c

                      SHA256

                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                      SHA512

                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                      Filesize

                      852B

                      MD5

                      e5c78a913e8f5b484b04f477a28382b7

                      SHA1

                      f750af480a855227202f5302565b7fb2dfbc37d7

                      SHA256

                      65be59f9bc3c8f377717438bbf0087f76fa8cb836d3a132f0c7acb6e9ed0ebf6

                      SHA512

                      0e3fa7cb1ee87703666c81f7992d6a85123a6aed22b06aec94a509945073d1ac4b75b97d5ca752697029b468a39b8b6e35a7b0006ad94da29e2be3d2b6c771fc

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      4938d967c5ef932c5e2f1fcd6fd441a2

                      SHA1

                      1b81c1557fe82ffdec745fd4e70ed3242b32d879

                      SHA256

                      e4ad6c429745306960d0c7e1e356a988fe0381b7467df2a4822dba38a9e1e98d

                      SHA512

                      67a245bab2635d3829313c67cab3dd4a02fc16ef44129d75f65f5ab7d8914daba16da3a251bbad01f7b02894414c5a57fc0bacbeb9731b6c348eecb227f94f14

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      83d65bb7fe0beda34c466594ffdd167e

                      SHA1

                      847b07cc232096e735c235e0f71c988eb49c04a0

                      SHA256

                      d3c4b09088994f7f51f0ffcfd03eec5f1c7f9eea32b7fa0f33628cca0f35a18e

                      SHA512

                      4ef4ef690a203fb02e232ae266dfd9208714b85a8d517c6a8ab38f5e7a6b214cf49947b2b6dd8f09b6b15a2a57aff73755b4161c0a85577f2e203c6e88d94642

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      5d8a093a70ef6b685f95c47a981b5ae8

                      SHA1

                      0652a04d405f7ddbab8367b59964cf0320b71ecc

                      SHA256

                      3f6ab8e510ba475a25af2c074f060da119c6735161d617153bc691d1d2a67b36

                      SHA512

                      730ac087bceafc117719384a6ddbc5a8c90e3c9cd1644239f18f881f182fb2cd597deee0200bc143005daa971371540f153688b0dc1f5de872c28207fe06ca86

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      375825c0a67c99efb16f82ef0739be9d

                      SHA1

                      3d34b86492bede6c46d8afe6d91fbf0f75eb06fa

                      SHA256

                      d23c7ef65af3e98701f6117338d8f61f0954747869f66eb5ac588182b561873c

                      SHA512

                      4221309e3fb87f62cc9c32640f1999ab585ce7d896d34f243ae42a109c462fb2e8dcde398e81ac52baa48391504c3cc8f4caca1602821f4ac30602a2c1e9c047

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      fa58dd14161b55648554813f2beafa2b

                      SHA1

                      7335796fc809733c03e08c8cf395c52a0662122e

                      SHA256

                      d1647718c0e3850c9644bb1c8c8543fea1f2fca55b54ca41842ec6c7e58c76f8

                      SHA512

                      22a048552f9da97814dd31d55c226ce8d013c9bc3883973a6720088bbd61feb52aa9b4d963d5c7a8231eaf819a7519c8fef07068e847bbc8a8db6b629ac4bc64

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      fd629aa9503c2fe18c104edc758c8ff4

                      SHA1

                      f2e66a405fbbd6a79c5b3d0619b591b688a86b09

                      SHA256

                      f977cf9319e29b509272ad06ff2dd3d473ac5722ee71922d6ae1844aa582066d

                      SHA512

                      7a0fc415e605f5a0d86744b5ff86d12150ae43928af714d0760af0544bfcf44569e38e4b781f2371d74223ba890b5d7ca121b4409bac6c2e40d8a98b683b640f

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      8d567ede23c15f31a846857806e37aae

                      SHA1

                      aa50a24f77888b81cde84f49ff07e9c22209d9f2

                      SHA256

                      0b8bd224a12189b11377bc0575818e202b1a508cb3449dff25cde32b5eec7251

                      SHA512

                      3fb11f4b187419ad13557510d99ae872418edb571f6a135647426989384bdd921b449c0a589158d573835acf5a35e935a3e501deac5cf3669014e71c92533fa4

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      116KB

                      MD5

                      f9daaae3fa9c6f37d9cf24387343f157

                      SHA1

                      6adb30bcf7270040fe1f585b53f2fa6f446360c8

                      SHA256

                      848e01e067c5012cb16f11930af2e7d1f8284f1ec8bd52bf2bfa52697f9bb018

                      SHA512

                      b9905daae5609664a0c046b2aaa657f85efc34174acbbfe9055f7dabf0afd6a56d5b6247654713e438c402bd66382dbeec8f0201d771931a1f47ca4a515f5dff

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      116KB

                      MD5

                      4b744a7536a814dfabb89ee383e9036b

                      SHA1

                      9eeeb5b37ea99d7ad695ad551e0745ff94a38c7e

                      SHA256

                      43e3ea80449ced2d771de2b62d73b746b6fcd9d3c9839b7f5d68d3714eebbcca

                      SHA512

                      099229117cffa857d292f8b595e96ab4d479501f8b1e95fa6b28cc0d02fdcf0e3a94b71cd05ff24c8c4d4e39c16e3ed84db4a45280951ea55e388dfcb360a38e