Analysis
-
max time kernel
149s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-es -
resource tags
arch:x64arch:x86image:win10v2004-20241007-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
27/01/2025, 15:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://dl.driverpack.io
Resource
win10v2004-20241007-es
General
-
Target
http://dl.driverpack.io
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\INF\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133824642919214348" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2184 chrome.exe 2184 chrome.exe 4592 chrome.exe 4592 chrome.exe 4592 chrome.exe 4592 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe Token: SeShutdownPrivilege 2184 chrome.exe Token: SeCreatePagefilePrivilege 2184 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe 2184 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2184 wrote to memory of 2476 2184 chrome.exe 83 PID 2184 wrote to memory of 2476 2184 chrome.exe 83 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4764 2184 chrome.exe 84 PID 2184 wrote to memory of 4024 2184 chrome.exe 85 PID 2184 wrote to memory of 4024 2184 chrome.exe 85 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86 PID 2184 wrote to memory of 2136 2184 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://dl.driverpack.io1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff91fe7cc40,0x7ff91fe7cc4c,0x7ff91fe7cc582⤵PID:2476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,11406028750053126034,12702417292472268074,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1908 /prefetch:22⤵PID:4764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,11406028750053126034,12702417292472268074,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:32⤵PID:4024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,11406028750053126034,12702417292472268074,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2400 /prefetch:82⤵PID:2136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,11406028750053126034,12702417292472268074,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3044 /prefetch:12⤵PID:2424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,11406028750053126034,12702417292472268074,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:12⤵PID:1700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3660,i,11406028750053126034,12702417292472268074,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4004 /prefetch:12⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3448,i,11406028750053126034,12702417292472268074,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3516 /prefetch:82⤵PID:4544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4672,i,11406028750053126034,12702417292472268074,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:82⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:4592
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1940
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1004
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\94b9cd0b-fc46-4e9d-a11b-ff63bc855ec6.tmp
Filesize9KB
MD5fb584c9302fdfdc8f31d77eba5f2db6e
SHA17cdc5f22fa1150ad6dea382bc380e7f530ef7422
SHA25648f4fe18e6f119f390aac90dc2e03206c72af462715f794cc9728580c135c80f
SHA5122e447924af521cd2d5bb40c1909071d29150a72a9c9e7b80f10deb1fbfe58e95fa75ab8435b1cbd8df4579fab24efbf09ea2e9740f1c5f859bd6112ab9197561
-
Filesize
649B
MD5cf1de4258ec0d68f2ddfbff395de7a2f
SHA191792dd38faff6bba0fba4c3cc8f25e50b122a65
SHA25678be2d6460596d9f488a6aa2d415ca3005c1f85ef8c1aec96a56889fe052ca4b
SHA512af01600d33f743415b8c464a246d853bf59c5b8aab5f140b335668072def4a847dfdc3a9cc763fd0cf28be7905650e7d8532f84d362f0168fd49c338ccc704df
-
Filesize
1KB
MD5a02bad228c98c88299b45981e6b6ae2d
SHA1481ad33039a39056ad1dbd95cc7716a91190d010
SHA2562f0d72934fe8c87bd60f8e1d8f43fead7989c1cfa39ae33d5c6b31cf09e0472d
SHA512a12aff7930b45eab2bd7afd6c054160e00593a45994f1150aa448b221e61d7516984d11097118b055e258af119f87c32cbb6c86a6164bca5b350d5366654d1d3
-
Filesize
2KB
MD542cd79fff5f99f5686b64f4e54fa4a25
SHA1f618ae15eb2d2af3fbd12a7272219a1566227c7d
SHA25667c7cad771dbd9073e7f0988be16fa177877263b9fbc5f62922eb788c3ba3e66
SHA512a9ba9afb88b67f07c26110f1fcd5ff2bac26100b32fd20f1e752fbd501916485077db3c69e33dd2aaeb37e7fe262a97ba379a288235334f99d63fa55ac3e6e02
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD5d6af2ade8a07e0bb717b6eda8ee1732d
SHA1b3e48488739c5a49199384895e3ea4d6a5777220
SHA256ede5aeabc585406773a6efacd92a1c02066f842b0fb0dc0cbbde5a8742c58ff9
SHA5123bfe4e5353f7705b60bb93e37d48f79fafbcb7fd981af53f9fce9151cb91f0400c7dce836f7bef52d23198dd27a22db398b7289a884ba7f4ab8e87c1b75f2202
-
Filesize
9KB
MD576b3ccc3102624f60b09ed92ca807fc5
SHA1e84bc71a9c43ca063f82f6047e030a1fa6906183
SHA256b0412edc2f3630dbfe59b73411c728118b6cfaf182cacbb7e01dfe25a4916fd0
SHA5127b9cbe944c872deb191d35cddd64279a7f437d7bd400e616a09bddf068ff3b476186b708f4a3dd8a8b586993d225cfe67904aafc9e2b6829730722f391dcbb8e
-
Filesize
9KB
MD5eb6c09a8687c95d80429b6e90dcb8f5e
SHA13c7c7677e65f1a4fef2b3705f431b05f55d4fd2d
SHA256d148da62b02063d299ca77cf82a3e7364d7bfb6ee4e5ac63d08ecdabfbe6e236
SHA512f963452dd19c241fa572290fab213e62aa200ecc274cceffc362f594055af8d346d494d8cf3a8e235158253088cd6ddc93e10b349f8790b4ddb48a92ddd718d6
-
Filesize
9KB
MD50ed932f2fb84158f8d52a01553951c2e
SHA1eec42fa092ae92bd22a824827ae4a8f95d5dd3b9
SHA2569a092b098291816dc231994f165c0bbccbb3a888e9a69d964df079c907349ea4
SHA512d218e15d2c42df3c956a14a5a1c0d96fbcded80c367701bbc33bcda1864d16c116154d9ad20373e0f653a8fd1593c8926876f47a25a5ff825038bbb2ff220d1a
-
Filesize
116KB
MD5d8c185f93ee8cf7b4a8e2dd08ffe2955
SHA1ac7c345f314874903c8ae97c3137c6d76fb64104
SHA2562025fae259bde39c40806c19f6f4c16ac3ae6ed51234154ea7c77ef6f0ac9f4e
SHA5122e2534ff7c88d95fa06bfc4e82c767b35f069c1412415f6b8b57ebc4ba7f20a20a48f51ad6bee209481054c93cde7f240571b2c768365aefd45c3735b7b1a5fe
-
Filesize
116KB
MD5857f8c1b995c06fcc091afcaa673cc76
SHA1e348b8dbd2344c67364b3f1d8e17976a6bb6fd46
SHA256cb6a199a361580f666f607fe2c6d61036e86b8b3bd439f51deadf3e091ac47bd
SHA5121fbb78e963632fff682f91c3f9dc2beb237b4145d2cf8720ed9572b68c10c9111aa06181823ce123302301f0fefcd06d09f6c75bee87842ac7114d49bd99d9f7