Analysis

  • max time kernel
    130s
  • max time network
    125s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    18-12-2024 17:13

General

  • Target

    https://esplees.za.com/png/index.html#dmlzaG51LmFuZ2FyYWtoZUByaWwuY29t

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://esplees.za.com/png/index.html#dmlzaG51LmFuZ2FyYWtoZUByaWwuY29t
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffa0ef1cc40,0x7ffa0ef1cc4c,0x7ffa0ef1cc58
      2⤵
        PID:4424
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2064,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2056 /prefetch:2
        2⤵
          PID:4504
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1924,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2076 /prefetch:3
          2⤵
            PID:600
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1312,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2304 /prefetch:8
            2⤵
              PID:2620
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3120 /prefetch:1
              2⤵
                PID:4956
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3156 /prefetch:1
                2⤵
                  PID:3908
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4472 /prefetch:1
                  2⤵
                    PID:1540
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4336,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4608 /prefetch:1
                    2⤵
                      PID:792
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5072,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5084 /prefetch:8
                      2⤵
                        PID:3744
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4576,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4484 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4892
                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                      1⤵
                        PID:896
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                        1⤵
                          PID:1768

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                          Filesize

                          649B

                          MD5

                          cf11aa0f98e28d7eb664dc836ca61a88

                          SHA1

                          c263524ea8c212ccd2ccf5cf20626efb8be42d90

                          SHA256

                          f7235c2c82b08eda0997a21dfad8d0d6c4968b7b892e5dc2e07778edd661e42e

                          SHA512

                          c3f72bf5afb79c2f298f1573cbd1d19298bbe141aa408544b70c65f71cd906a861c565c5ee8e55e18f2fb53dff4cb51497ab21719030f331af35a7a286844e96

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          120B

                          MD5

                          45a8cf4364a8b90d262f0708e242d77a

                          SHA1

                          e85e28a8a8b457552a00dcc72e9dd9a581f106ba

                          SHA256

                          1c8e02cb25bde71243f799e73d160413e1a59bec8be91e05a96a75d5dec94220

                          SHA512

                          db0fb0a841669f3d53448e7a488af7fb400e4871f423a20d3b1f2db27dfeffc3c351750ac599e33d60c64e94502548e2edff4b8a85c6b31c8af68909fe675d96

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          144B

                          MD5

                          124ecca95fe83030ea6dc8839300641f

                          SHA1

                          63f7d81f3bc63237c18001aa30b10c9147052ea7

                          SHA256

                          24524347d8ec72bfa56746a21a36df97cdd238094746c4905f326ce4a0b7bb38

                          SHA512

                          b949e0066920c717ed375532c19f799c4f7148a4d50d18f2351d7af8a0b47994ba5b285a635828a686fc45f600ca0655001f22a04b7373f3e10d571b9f545df1

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          2KB

                          MD5

                          1e9ce62e4773eda8ce04cf77fc2bf172

                          SHA1

                          c50f6d7db82dc394732649bfb2b22bb9638b2e8d

                          SHA256

                          cc4eeedb1bc193ac7ae43edbf5c0f3d6851de3047500e91b7c2bc702dc38d279

                          SHA512

                          6a6e1348253b2746e330eefecccd9b23915b9b95a26eb54dde64c6ad742d305d2cdd8fdf49989dfaeace47fb2c8b633b5d3d3147946fa497c9e0f476362cd3d1

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                          Filesize

                          2B

                          MD5

                          d751713988987e9331980363e24189ce

                          SHA1

                          97d170e1550eee4afc0af065b78cda302a97674c

                          SHA256

                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                          SHA512

                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          523B

                          MD5

                          d1bb4013009fb6e57db3fb7e7333f95d

                          SHA1

                          7ce3c1a262755d5d17cb34247a9270662d9e93b3

                          SHA256

                          ac872b4fe0937ed3a99649fbc40c72839430512bd0b989e9bf8e76f014a636f8

                          SHA512

                          e683ae43b52f1e16f0aa32bf226bb843aea750ca6f8d657ccfd8e55595b2bc7ce06a1c6dfd0902494dfea8b591bef024812b2977a32a138d683f3ae440ab09cd

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          8KB

                          MD5

                          8fe065ddb7c50fcc193f10b5f45cbfd6

                          SHA1

                          dd8bc2ee43540a4a2893468bb9c162ccc4e08dd3

                          SHA256

                          efac3c3ec68d43fede295e632cc98988521b998babc236eaf849550ebd75148c

                          SHA512

                          333822c573d03f400498f9ecba78e0293b56d4844ae3b0dd110eed572e91c2433e2687e351e7e1172e7fed517402fb33e57d2a9dc2952a5458e0c27d215588a9

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          8KB

                          MD5

                          f1a4893746ee9bc67b92af4250d69b3b

                          SHA1

                          63b053476432f056de67a4142c204c321de8f276

                          SHA256

                          60cec6818a216baf01b1086f3f5aa6f101f2970a0148fd26d967608d1a316806

                          SHA512

                          b6f4c64d74b6a29f6dc938840069e137c4bc20d62d13021e5fedff706714c001c758e972222e384de4babb688269e765bda3737524c155205c47cf2d80d2a581

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          e732d6abecdcbe90b0ccb6566c772d45

                          SHA1

                          f54f954b2a46242b077c1e44a6c537562e4e02b4

                          SHA256

                          7859b77ec66dc5fab0273a87b1634061a439ad18db0e585a6c02b55dc744c33f

                          SHA512

                          12e6d81e64db51991fbacf5153693ef183734f1bb6d33d02b3e83a157b9717047afd640c18d78fe8058160ae221419e019feabda0af2bbff4252efb5fb0e6dc6

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          df4e4ef1a81b6d990cc217e0de378944

                          SHA1

                          3c5669362b198555e0b4bb455d19aec186aca467

                          SHA256

                          c03c7fe51d80e742534848569b75a17589fc857e44fc2ccae8d61f7c6f1143bd

                          SHA512

                          5aeb6d621cf804628f3f028c305f47dbc410bd9f963879b7201fe66d2c82485e0122ec117373b25487698247ea31fbe35ddd45bd76fbfa5a5b3075ca3de16a12

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          ccee447d1f842f5d6248d3a634c65a05

                          SHA1

                          66116030a038ceefe0ea57a1bf522013331ec126

                          SHA256

                          a4168b2bc4c7391e31db6d4a71212d6d356a9385a8165e7da3d9aee61eb999b6

                          SHA512

                          1db64de224ae69e4f4af493f850b5b050ab79964077664845e776660bbc1ec69961b751452777a16b7fcf4586f1c669b123d66d2434d3f668f57ea63c6d07034

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          5d99442d4d3ced3257f6ccaeb6429fb6

                          SHA1

                          5b31c2705e2b0187f028b80faa01ff3406801bc2

                          SHA256

                          a843541bc4bc1d35b066d42790ee83f5e42b92532b30185880ac3151d5195f94

                          SHA512

                          9c72aafc4c2520679eda5fe77445cc7bc527419cc015b61b532c35ad1fc6bb772e7ba9e0e2666c823f0e47f864b0d5b0774b9dad3d9c9768d5f2cd63020b5c27

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          97335b3589d8dc4eca4bde8a119283fb

                          SHA1

                          c59957dab6b412823b957c3f5334a807eea81d9b

                          SHA256

                          6fdf6d9da8307bec8cbc041d70eb8d4717c826e6c6817aa3d54837d9d0bfdda1

                          SHA512

                          6b386a9a60cffa4a3c985134e265e19d8750137bbfefb822b112f92f7e381ed3bda282c523f196d933ab56b2fe7d09f245e44de7fad3a9297de4b171139d4996

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          118KB

                          MD5

                          7d8b76351d9cf972d4dd892ec04f3326

                          SHA1

                          71dc41c815e6ffcee02557c66c18f3b6f6f17aa1

                          SHA256

                          4383c08912e1530ad1ee521b842fcc6db10692c8e56f2ed727eccacc104e4966

                          SHA512

                          2129be1964c0f327b5d00a78f7ec58effed6e05bfc325ea2625f0634fbfcde6046020735acdb6e56bbd5797949d4e21120514aac8b40b8024c507b3d426c19be

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          118KB

                          MD5

                          2dff50fe4615ef1cfb3360db2780c364

                          SHA1

                          74d5f7baa042f3f9215357b6118053c434a93a57

                          SHA256

                          907d02330a1dfa56be11683d48c6f90e1ba3ea5d68d4fd23016da4fd706bde7f

                          SHA512

                          57bdcbd1366eb5df037f89383730de25702b7499d1c18628fb35c8bbc7036ee1f0af30f53a2867112f1318451436c4bfa21cb2fbaf74e8108ec1de41a738bd5f