Resubmissions

22-12-2024 23:06

241222-23gzda1ngv 4

22-12-2024 23:00

241222-2zdsjs1qem 1

22-12-2024 22:57

241222-2xjwsa1qck 4

22-12-2024 22:57

241222-2xjk1s1qcj 4

22-12-2024 22:55

241222-2whx4a1qar 4

09-12-2024 21:54

241209-1sdzasxpdp 7

08-12-2024 13:35

241208-qvq2javmhx 4

25-11-2024 21:52

241125-1q82navmfp 7

20-11-2024 22:33

241120-2grxfsvhqr 7

20-11-2024 21:54

241120-1sbtyavdpn 7

Analysis

  • max time kernel
    300s
  • max time network
    245s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22-12-2024 22:57

General

  • Target

    .html

  • Size

    20KB

  • MD5

    1b074a4ee8eead8afdcef0fbc0c3ae21

  • SHA1

    af880a4d8fee87ee37e8b7df0b6300e700cbf4cf

  • SHA256

    ec32183425f582f636d59a00571e501ad3161340409a73731dc32b956a890a94

  • SHA512

    312eeec043fae799b11d2878831effc15d9ab750265852e9f9c4a5aff335b4a946f0cf3c313da7e6679e0cb65a75b6b91bc83ede007bfae1e47cef9cb9d9a5be

  • SSDEEP

    384:rRp65t9DpmReVoOs4Ai9ylKeGMYU8HhhbEez2n75u22zo2paWhOwob05Bz+m28Jo:rRpMBVoOs4AmyI1MyBhbn+IMWhOwob0O

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda74ecc40,0x7ffda74ecc4c,0x7ffda74ecc58
      2⤵
        PID:3908
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,2382466238647308266,8538331898553868649,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1924 /prefetch:2
        2⤵
          PID:3364
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1792,i,2382466238647308266,8538331898553868649,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2244 /prefetch:3
          2⤵
            PID:4516
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1940,i,2382466238647308266,8538331898553868649,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2360 /prefetch:8
            2⤵
              PID:2676
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,2382466238647308266,8538331898553868649,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3108 /prefetch:1
              2⤵
                PID:3108
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,2382466238647308266,8538331898553868649,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
                2⤵
                  PID:2864
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4396,i,2382466238647308266,8538331898553868649,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:8
                  2⤵
                    PID:3116
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4588,i,2382466238647308266,8538331898553868649,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1400
                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                  1⤵
                    PID:2040
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                    1⤵
                      PID:660

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                      Filesize

                      64KB

                      MD5

                      b5ad5caaaee00cb8cf445427975ae66c

                      SHA1

                      dcde6527290a326e048f9c3a85280d3fa71e1e22

                      SHA256

                      b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                      SHA512

                      92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                    • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                      Filesize

                      4B

                      MD5

                      f49655f856acb8884cc0ace29216f511

                      SHA1

                      cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                      SHA256

                      7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                      SHA512

                      599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                    • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                      Filesize

                      1008B

                      MD5

                      d222b77a61527f2c177b0869e7babc24

                      SHA1

                      3f23acb984307a4aeba41ebbb70439c97ad1f268

                      SHA256

                      80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                      SHA512

                      d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                      Filesize

                      649B

                      MD5

                      ae2f5bc6a5f5371ef6d62bcaa8c33137

                      SHA1

                      f58f916e6aede4159e3e4b270f7b478e0a38aeb0

                      SHA256

                      dfd740401e02d12216a1f47b256f3f365cf3e0f11698c4b8725db662cccd6497

                      SHA512

                      8df828e5796170d02279215f595feabae467a897b23cb332e24e7640abb5a42f95bce1c5d76f94dfa639cdec13fe7e4859f4e406ff04f064efd94e7282a20d21

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                      Filesize

                      1KB

                      MD5

                      1c1679ffd35efcf3e75a50f9beaa51b0

                      SHA1

                      6441800b8dce5e68fb75ec7691b13b165c8c7983

                      SHA256

                      7c983f45019c2d3db19c574cc4bd6ddea99f56bbc0ac705fbbbb2d86e0e289a4

                      SHA512

                      d01fa8f35f8b85ab2da76d50413940fc92f4f97ab35f4828ec84d1ebd00e07f3db1aa4086336ff56f2cadd85bb0f4953f5f2e5a58cbdfba76b6cef588dc12d42

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                      Filesize

                      2B

                      MD5

                      d751713988987e9331980363e24189ce

                      SHA1

                      97d170e1550eee4afc0af065b78cda302a97674c

                      SHA256

                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                      SHA512

                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      6ad44d1d2eb89c9c9747b675a0b369db

                      SHA1

                      4127dc5744268ccc5fea45b3d76fd61a8a38334f

                      SHA256

                      7438b1540c22d67dd824d6464d1860da7624d8b492ff443c9eeb0d340d0709f7

                      SHA512

                      6452d7e7e06350a3c90476263f7dc7cb398d9ebd9f442f69a5c918d5f7da7d1f5d291e1afab72fdc50cfb1181cf8093b4c8a0beb97e92b4cb1c1eb3c33e120a5

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      4837a11211dece478c0d81c2ddf2048f

                      SHA1

                      47c9300731734d951ac52769a4a3ea27eeb61c47

                      SHA256

                      9067123d660486c829720f1a33f6f1b2458a6120d127d53b842447bfed8f5866

                      SHA512

                      dc49d052336e6d671fb5a25545c0a5244e27b8c82fee7e0946d399d0c35d96a962de23e2d1efa0742041ae0333bc48773cce377c1f22fd949df4d576c71e4813

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      8ad793d53a46b47753d7402a45293369

                      SHA1

                      af03a3b5606d8dba4fffc979eb47195b4e4711eb

                      SHA256

                      af7bb159e61a8183909073e3132255bccadeb00bacfd0756ebd584ccb168538b

                      SHA512

                      42f908e14bfc17af7ffe11a7ee4a2c86d7cca6381821969e466ce7ab20da03441562213f584c4216d4f5fa470075557704f05bcf757cbc43f2bb911849ec5963

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      003aeeee6f6c95d779d6395f66300436

                      SHA1

                      f7692647d68feb6f425b1ad4b008a8da573e291b

                      SHA256

                      b4dea4b8a9e66edf150e8a3d7f74c2915f09b1fc0792f0b3d8588233cab496f8

                      SHA512

                      78bfe54f975db5be93c91cfd37a36839b4febc463bebbc0c9974256f0339dd97849fa94cbcb410ed61807ad5fe926cb7305e9a8fda424ef414a70a465b19a308

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      da5f4ce3188f608b99712b260142b8de

                      SHA1

                      1ecf7944de7d9b3b46174379e5214dad8e913bb0

                      SHA256

                      bc3eef4670086734f2b35ecf47d0dd73b76e892fd6568285eb2daee616c9fc28

                      SHA512

                      036faeb03e62b6afb173af7d0e5a870623c46b75e374144be182170b129386a0326964d41b55a55e1ae2fbcd21b8d95afffef7281ea88b5b3f3616d1f2b08bf0

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      d75832036604c2bf7cab2ac4e83b48b6

                      SHA1

                      10c53aa6b3c4ee2254da99ec5ee8f34a16474b40

                      SHA256

                      8fc0d8ac3ca33a7043e6264f829ee8f6d9502977704856f4e7c03a774ab3e43a

                      SHA512

                      f65e37fd332272c2d77b5ad73ece7b077e3635b9f03023ad00955045bc809e811a2410540f906af497b3776bcd3e122d2fb57f1fc88a1cf9bc789a1a61ba22e3

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      c85baf92c67c3f4aac4ec45f73090f2f

                      SHA1

                      c7fe818fe80a3f143da496fd58392f727daa81e8

                      SHA256

                      6076c0318c4379b0c69fd79fec8006ae892609c58abf365a1b99a93521da19ab

                      SHA512

                      c8b38fa1206d35b318c12c3840f2b5214712f8191aa1b4ad623c46bae83bc87de23b54f63f48bb72c2b0486efbca8d671ead38143fa0af9cbb7321aa826b7f57

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      0de00e11e8bc7e0ae1f05f108312cafe

                      SHA1

                      638df650f1aed6427e5cbff4cc55fa43b1032f86

                      SHA256

                      2c58c2ab20920adf72fc34b4ec6b4553710456523aa84389c3c0262d7eeeee78

                      SHA512

                      4febae3aa377045ca8b5dbdf7f0d0a50fb13f3a2dd636a53b0e5a3985eca2bf5d8ecee7d439c5df275cb2dc471b7bf04de1ff4a21e1e78ab1cab2e0bf7eab15c

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      55454aa30ae4a46ddf061a3efc99feb3

                      SHA1

                      a54e7dc41b1d9d82d3117186665d04b86ae8172b

                      SHA256

                      1db2accf68ba7599d615caa829ea0eefc45d4e6f014a99da68a6ff04b406aa06

                      SHA512

                      67527f40a9170b2680f24a4b6ed9c5412a47dc3cb0b298273bb6e2e562485f25028c6c029dc51176a834401837ced2c281e3c5725b297a2144003c947e4855cc

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      4cc7ea97ff792ea54bd20510e19227de

                      SHA1

                      33092630a4b2126b9421b2327190b9d5d383901c

                      SHA256

                      7bb807e7506cebe1816d0df42462af05162398c1c47ae4337e85f71f4e6d7027

                      SHA512

                      486e9fae49cfe2c43e3c2d67617a0e7978750adafd3bba663ef7a11ec55090c79a79fa6a22b4888ac89686e6fcb116c9478269aa5a8bdd65e15b4ae473cd9d16

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      3fad6856f3fe29bd578db89e614f332f

                      SHA1

                      0557cc49888609613d9c8cd95377cbb730b7d485

                      SHA256

                      9eba3feff1f22278c63b1b360cb660354228cc714aaef8a969319c41467ea7fe

                      SHA512

                      362be1ddc41c1eb8066c1689f450c53335a8760f7288afd9102e34e0f27f0e11e6d478cd640e7b644e9117a0f4b90772e7cd93a26e1d5e7a87c57dc2c20e8a2a

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      61ea56847edeafdc87e501a37035c509

                      SHA1

                      975ab6b731237e5a75327ec69cf48857fea0adf3

                      SHA256

                      0c66733140968609e9877c38a82ced11c19fccf14e6767f1f7bf663dece220ee

                      SHA512

                      fca805b7e76bf30de4ae82f6f3d3278ef7f2f8c2dc699fc7204e9aa92c27507cd4b0c7d96b39b5e9914b9bc7599cdaad0eb434adcbb3699f82d6c0bf1e700ed9

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      3a85f7d3a24044e0ecf735aa204a8669

                      SHA1

                      f7471a431b8520b58e919eff02c6873af2d0d059

                      SHA256

                      b78509b4ba9c9ad42183d80186df0f21e46f91d6f62bcf4ce3bce051f54fea64

                      SHA512

                      54612bd73265f26076f0956b128e86d6de7ac9ed2d9d877e6e9a0abe2e538e951c7204bc3e0471ecbdf81be9e5b474ef54e4f7d3594ade6caf3017b1ecf981ef

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      7b2355a3a6e44e816ae0f20db5aeb34c

                      SHA1

                      5cc8a1524d3d08b9c2b994ebdc98851ba95b6805

                      SHA256

                      23b6392876f9fb3d0d2d84076235b6b2627b84741c375c72d5238b7e53d8eb2b

                      SHA512

                      a90251fcbac3e76816afa0bf8f4edbf17fcedf301b81fba97bec4e2b768e901d775eb3964ee2f4e8655a47f569844262d3d48bc40e2612dcc91b6375d138839c

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      891a219d49163819034d00eae7f83b39

                      SHA1

                      667da0e93f890c1cacf75e8af29a227133ea4b07

                      SHA256

                      ce2d899e82c1ae90ec3c67137c78ad04a19127e8a007464e88dc5c726ab9dd11

                      SHA512

                      8108d67c61e52abb0f05c3c55adf2a93ec8f0a47758c2afa5e63b61c8c4da6701649ee716d0775ff212bf72011578bfb553fdcec51e5f5bf6f222408ba7fc3fc

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                      Filesize

                      9KB

                      MD5

                      b36c9736b7f9ca40588aae2a58db789f

                      SHA1

                      dacdb663b0fa61b92c3faf433ae9493d4ba207e5

                      SHA256

                      7755dd4e347258aa253ff81fcee3bb17eb9731338854746f83029bf3242bb4dc

                      SHA512

                      d8cece3d22faff6943031b459b122f7a243299eb8a9a320da2fc4d7d77f25bdf96741586cf61e4e0df4fc9dacc63258f340adf10f3545e28a248465e3a099949

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      116KB

                      MD5

                      6dc85c4f0a8a7a88fa2a77a44b8347c9

                      SHA1

                      ad844e9bde434250762e3077d88640ddb0e97927

                      SHA256

                      318015d19e72d4a76366bb9dfa4dd4d10d0f78c671638aa8a6e3b8231c44b02c

                      SHA512

                      4eb06e64e6c8d9c138754a53f67f350b7304df41e6006ba2bbc46329dbf7db2c21db28afbcc73ff334176dd6488448467b27f7f8371d11b931baaad589b308ed

                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                      Filesize

                      116KB

                      MD5

                      bc2f31b375fe6be4714078f2debc4fb0

                      SHA1

                      1bf324c6d3819de752f21d5d9969eb905a8d0ac7

                      SHA256

                      e0d4ffefb103c83b6894aea6a7b5d1ad179b22e8e588696f7050d9d448819c16

                      SHA512

                      c155349dccd6e5cb9a34c63036a0edba4e7aa541019ed7967474acb8aedf2b5ce3a3e4786bb86deaee341e2afc4d3aae6d86bb2a02abd5133a924ebd4d331d41