Resubmissions

24-12-2024 11:56

241224-n37cdawqev 10

24-12-2024 07:56

241224-jstlbasrdt 10

Analysis

  • max time kernel
    124s
  • max time network
    125s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    24-12-2024 07:56

General

Score
7/10

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: [email protected]
  • A potential corporate email address has been identified in the URL: [email protected]
  • A potential corporate email address has been identified in the URL: [email protected]
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 52 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://jofmi.ryokanlaluna.com/ghgfdsa/dfiokjfyujikj/T492uS/[email protected]
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc8c5bcc40,0x7ffc8c5bcc4c,0x7ffc8c5bcc58
      2⤵
        PID:1716
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,15609392769353546113,2176456546914223567,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1912 /prefetch:2
        2⤵
          PID:4612
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,15609392769353546113,2176456546914223567,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2168 /prefetch:3
          2⤵
            PID:2920
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,15609392769353546113,2176456546914223567,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2428 /prefetch:8
            2⤵
              PID:1960
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,15609392769353546113,2176456546914223567,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3140 /prefetch:1
              2⤵
                PID:1072
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,15609392769353546113,2176456546914223567,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3196 /prefetch:1
                2⤵
                  PID:4876
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4536,i,15609392769353546113,2176456546914223567,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4356 /prefetch:1
                  2⤵
                    PID:4960
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3340,i,15609392769353546113,2176456546914223567,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3324 /prefetch:1
                    2⤵
                      PID:2152
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,15609392769353546113,2176456546914223567,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4780 /prefetch:8
                      2⤵
                        PID:692
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4384,i,15609392769353546113,2176456546914223567,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4768 /prefetch:1
                        2⤵
                          PID:1332
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5524,i,15609392769353546113,2176456546914223567,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5224 /prefetch:1
                          2⤵
                            PID:5008
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=500,i,15609392769353546113,2176456546914223567,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5656 /prefetch:1
                            2⤵
                              PID:3252
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1148,i,15609392769353546113,2176456546914223567,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5468 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1172
                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                            1⤵
                              PID:1936
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                              1⤵
                                PID:4692

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                Filesize

                                649B

                                MD5

                                196d57234ca32e91eeaf420603ba1776

                                SHA1

                                ae62b7999bef39a22e0a0c0f1123b321fe27f2ba

                                SHA256

                                d230a2ac1f28e6f61e18920554aff05fe689ef98c650fb46e0cfd380c1fd0743

                                SHA512

                                2c887b442329a91bf8388b12a8382f9e5287decbbf84190b39b0230dbaf87fd886b6228456a5d81fc870e9e379b3a9d6c7acfa046db1bb26db7d060595c08240

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                840B

                                MD5

                                12fe8642eb4da640bf0071ee390b7dd0

                                SHA1

                                619b07b1e00d2d3aa47dd916311bb604d9ec05f6

                                SHA256

                                f5531e749683d73316f564db2c7cc88f8d4d81c15c2ab4d7a348757f5b5532c8

                                SHA512

                                9ffbbf87a64f89c7a060c63b48ff902e3c82c7ba37d175b1ab493df8a691dbfadeb1d058bfc4c3d3874dbb725a0f8d2063acdf5c6e00def80d6be179534cf64c

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                240B

                                MD5

                                6306feedadc60703faf3dc36982b142b

                                SHA1

                                27f75a24518cc05aad0c47767a36dd451e4cb8d1

                                SHA256

                                cdb850d008c6fc14de148e9dff95040e9428bcbbc5ffe0eee502747debce15de

                                SHA512

                                5ef91be332000160bd2ad8a94c8e97b789960b18a51941cec75c8afb0a3a6c4e77f1d17dd14bdf0f9f6b1b38c3df6515fd771732370cffeb5b7a052c093250d8

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                256809ebfa3cb01af990bbbcae1acabc

                                SHA1

                                3ff667af38f051ed4bf7f99124321be09c9b1f56

                                SHA256

                                f436b7859d8bc056bd24c121bec712f39f063382a32aa6c92ce2dcad3cd03b2d

                                SHA512

                                1078284993831c1d5c0d41fb512f32f53fc3b3a90157c306056ffb6790fae3983391802a770cc3241b0be447ae76e94bd475d8b884f4be2e00ca588b2b714113

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                4KB

                                MD5

                                27ef0d27e2a6f2e010a8fbb65d4e0ef5

                                SHA1

                                6899c2dc1c2c03288ab8955b9dda894262a79d6c

                                SHA256

                                e645073790c8852fb866b436e88b63b22d165e05160ff7103af0656807748f26

                                SHA512

                                2d20791bce1103e28c46a322bdb0be31d29b6934bf4d93cf4d5967836ac4b0b214f9b091141bd1f67384070e39c313e87eccee0891f89b4ce52956d37440d4e4

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                Filesize

                                2B

                                MD5

                                d751713988987e9331980363e24189ce

                                SHA1

                                97d170e1550eee4afc0af065b78cda302a97674c

                                SHA256

                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                SHA512

                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                1e1064497eae41ecbc0dbe064ad9ae84

                                SHA1

                                3eeda22f2c911b6f8f3ac97da761bb674c904c3c

                                SHA256

                                bafe1a760c1e6cc43f3e21fe7ca78e8c02da0f4b2a6a85df7977bb04ff29c696

                                SHA512

                                2b836d62784fe51e9da1d04390ed9b725f0421035b27434e06c77acce21e86993fa2ce0557b114069ddd9af4715efd2cd69a58eec66d5647e566d60ea504728e

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                544036d4e666764ab76473bb78754742

                                SHA1

                                d0a4d398b8da3508dd65c0941d7f7ea0d8226250

                                SHA256

                                a3ae34caebd4a69ae8792711375db3e02bf92bec2865e7c9adb12409b3de6a3e

                                SHA512

                                8c07213596c93ee169c17c8a17b2b04803d9ca23c6187916bd72cb167a52098a685850c8f5e587a38628361f802b7989bb9349834bc36e9887458036ea6702db

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                a0e251adda8c026a9927391c1289c6cf

                                SHA1

                                7e3f12ff444bac02f224396ca76eb7d769f981d4

                                SHA256

                                e946f20297144ab1935d6f5d3239a3a4da2d3cd509358a9e086539dc24af1709

                                SHA512

                                2f2e0fd0d41a5d4172ba905b833179c8ce4ad1f87b1c0c208ded42cf25afc35494acd3f0a9004c00202df24ce944741870917234f99f55a8ed60e0b8d2d7a54c

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                5ebfae087d5917421ca9d00d6e327a7d

                                SHA1

                                efb81015c4e894bd39c54683f856770446d7fe9e

                                SHA256

                                7e77cbee19f54bc9412edc4feea26d1e4fcdb205d85ffb99e20bbbca2f058074

                                SHA512

                                cfc92dd6771a11e19302c1c9194eae9fe13425fefd971fc266b48964cfe7653a509424447ccccfeb397da74fca0795746d0c443964c5c703c9da9cb7699d757d

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                32adba107acbdfe838c95dcbf0ed2735

                                SHA1

                                e1d273423384a29b065280cf2bf8642a7c1e7660

                                SHA256

                                4530b5ec08d4711a6d9d1c416c61de593f1e3030f12e077a30dea121e4df841d

                                SHA512

                                db5ad978b6dac4030012f8e78446fce7d71390de55d065486015db0926a9c26bc85046c953c2938e1140b73987448e9d62c4bac594aa5cf85bb58496ffcdb1e1

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                9KB

                                MD5

                                900d6a2999233918f16d8447646bb103

                                SHA1

                                acda91eb368760b4c1d31197ebfd3a32b8253402

                                SHA256

                                3f3fc5a46101d33a7e096cabd9a16644b8dd83a77635046811fef220025b20e8

                                SHA512

                                e50786eb55e220d858b58f5e8068e36dc61ff84137b0d8a3ad32cb8cb3954e62279ddccb843526a61cb0932c9ccff3a2c44f9bfaa7b227ade0dff817dd85542f

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                13KB

                                MD5

                                26263e4a3b9e657c33543a2eb1f95c4a

                                SHA1

                                b4763882611e48fbb80ce262c5f5ad44a80d0462

                                SHA256

                                036ad9239ed67c3f53512729edfcd5de189cd174376152a20a2a028340ce15bf

                                SHA512

                                e8bb21e2b3554ce13c7d42924ea410d3fc06543cdc3a495d0b0bac29c20084a6df179983b9ec86669121b556eac0a766bac3b2bb0e6d046adb5dc5dee225dc77

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                13KB

                                MD5

                                ed87d55dc2d1f0ca7990dbcf1b07d959

                                SHA1

                                9507d4c983f567b3176891939153447bca1e0de9

                                SHA256

                                47bac3ad0944be7ca06d8a6ba40fe098583a1e5643eaf5b8dc2061becef53b69

                                SHA512

                                fe5668586783c92d849db12952eaf42a1efc49c495cfc3b1eea5c8833ed7faf0aae8a1f058e021c7f91ebc0bb32b9ff85b53ed91afe3012a8fc54ffd1103dc62

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                12KB

                                MD5

                                9710f03a40ec9eee863d9a2fd7e83683

                                SHA1

                                86961e070cf1ce4b20a6defeb3e5fdf7c91e1663

                                SHA256

                                0db96d9a8a900075c533e499a0f2c1abebd5790893c74c4f9050a912226be304

                                SHA512

                                18d0c8c1fc6e98477dbdd51014bba6021264a909b6903c54d91463eb98b11098b3b7109eab61d431fff7e3953d800cb83ab4d379a4c44ccd15651d8b257c0ad5

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                232KB

                                MD5

                                9ff3ce9da302e5618b42d12800a800da

                                SHA1

                                2febe91a607058946801737a69ac73024358ba62

                                SHA256

                                053470ffdfb5ee95f8c2c852744da6f620d1138ae71c501cf45ade5b17c99298

                                SHA512

                                0f9bb13a896771f56a5f04d81fda3c5b5bc9453c46021d498882a5c4dab261dbe9ee00f90f9e73c9b968969344483243b4f5be2a02c7f299ee8d3e00eb991111

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                232KB

                                MD5

                                deecb15651ca9de0bc09e448825a18ff

                                SHA1

                                a1afb1560156f9960094675a9082978c6829a65e

                                SHA256

                                5cc1d883fa3d4bf2abfdbaf0871d945448d92feacce6546f991a1be8380fd5b1

                                SHA512

                                71a2dee9d427f0464d6fd7bf8e22589d4ec322901aa82cb7205cccc5829a8c74ec817a7537d03d2031f1bba194753abdfbfea5337cc049eb592affb131fb4278

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                232KB

                                MD5

                                d083d270f4d4ca78b712aad35c3617da

                                SHA1

                                adab12426c30a9b9c1c870c10ef96e2d07c062d7

                                SHA256

                                300708f1093c29483f3e7a3f69a7cfeb6c98012eaca04cbd17846ff37ad2dc8d

                                SHA512

                                e3fe218eaf42a2f87b7c42bf7201c543ef2abbdcab6a96768d3a6e30e6115ea8980235c51b6e9cbed39bb4410d527c63d2fb61c780a8a292d03234efb3011851

                              • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                Filesize

                                2B

                                MD5

                                f3b25701fe362ec84616a93a45ce9998

                                SHA1

                                d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                SHA256

                                b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                SHA512

                                98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84