610f0ac7f61d0e450281941a5476f6316fa14ddd6fd06210029905246b56b0ef

Analysis

max time kernel
88s
max time network
146s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15-12-2024 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

release.exe
Size

423KB
MD5

be4cbe10f071b583895eb48b532e837a
SHA1

cf7fe65594aa9d74a23b35cb608c01e6a7912014
SHA256

610f0ac7f61d0e450281941a5476f6316fa14ddd6fd06210029905246b56b0ef
SHA512

7fbe0c286bebc18db0e46f17757ce824b643856d2d647eef8e9ec1d66c5af145bfdbac4904c2f494d1d6e4480fd96aaa7de7c66bfd1083c2d3a841c08b42e47a
SSDEEP

6144:YeghbOV4Asvo/Z+wo6TmTIHnqgKIuTi5gTaWnLLDt1dbWAOaKapXFWbcF5U:YeKbOV4A3ho9IKNti5gT/wUzzWYU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	release.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe

Suspicious use of AdjustPrivilegeToken 32 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 1396	1176	chrome.exe	37
PID 1176 wrote to memory of 1396	1176	chrome.exe	37
PID 1176 wrote to memory of 1396	1176	chrome.exe	37
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 752	1176	chrome.exe	39
PID 1176 wrote to memory of 2832	1176	chrome.exe	40
PID 1176 wrote to memory of 2832	1176	chrome.exe	40
PID 1176 wrote to memory of 2832	1176	chrome.exe	40
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41
PID 1176 wrote to memory of 324	1176	chrome.exe	41

C:\Users\Admin\AppData\Local\Temp\release.exe
"C:\Users\Admin\AppData\Local\Temp\release.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1704

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5719758,0x7fef5719768,0x7fef5719778
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1384,i,17222172055244041465,15943049331771329950,131072 /prefetch:2
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1384,i,17222172055244041465,15943049331771329950,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1384,i,17222172055244041465,15943049331771329950,131072 /prefetch:8
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2332 --field-trial-handle=1384,i,17222172055244041465,15943049331771329950,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1384,i,17222172055244041465,15943049331771329950,131072 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1424 --field-trial-handle=1384,i,17222172055244041465,15943049331771329950,131072 /prefetch:2
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1460 --field-trial-handle=1384,i,17222172055244041465,15943049331771329950,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1384,i,17222172055244041465,15943049331771329950,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=1384,i,17222172055244041465,15943049331771329950,131072 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1384,i,17222172055244041465,15943049331771329950,131072 /prefetch:8
  2⤵
  PID:1952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9f5791b1-d6e2-4c6d-a740-a3c4423a0286.tmp

Filesize
355KB

MD5
92eb183412bdd42b09a0964313dc6ebf

SHA1
ab03c332e34cc35cfb5b88cc9e661276f89948a2

SHA256
508e6d6cdee3749d0b0cb9f7d0ae4c3d2f24a125430d60d1308073754cdfbe87

SHA512
c4ae3dc1ded4619f18d18e22e4614cbd5dc6dd6796ee70e7129651e8d713a8116b4ebc2c8afc91b7da54a83d149429cfa8cd19055923d124d8e5540147cb2d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3faea3692d305eef56ae1e0469a832b6

SHA1
1280e69663eddbc16757e0c8134a9a5da9490b24

SHA256
fbc724c0f570ca84c91edac24f8f10cb3d35478a7b4d08de24838f5c34925eee

SHA512
2cd60c3ce85352fdea68b726378a6aa198d7d70516596c1ad69e019284a6454c06d853d77fc8e0fc60c91272e9179134c5ec4f23efa7086d28ceebddc8f571e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a356524b59803d3f002a08857226d703

SHA1
01a715afa9491edd27cd4e4d70bdc55b0f0f39d4

SHA256
5b3ad8101461e684f19eb0ee46b2ce52a6f770ee66c6cc227aa16cf32474d4a2

SHA512
7bdb953bd452e100c5e79a25d877d62547d66760d875b921e9cb405e2d96eccb249bdc3059b4a7d176c9bae0f343c7dae384d139c1b9cd1f58d493c4aabdcbb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
8c8613d4b00c35c16db90993f1d7c667

SHA1
519f9be80feef004b0c8e6369791a9bddff4ead2

SHA256
8ee35b586d1c32fde0203ca96e353556f689159535ac35084a11575c8087da7d

SHA512
4d4c49b5f278e7d8d3000c28bb1739e63c4194ac7a1f78481f0756f512f9c5c231cb0873d0d271f2524111f5e1dc735735713a68b7d72806b1ea12c2849ff290

Download Submit