hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Resubmissions

01/02/2025, 20:30

250201-zac4lsypgw 4

01/02/2025, 13:08

250201-qc7lkavran 10

Analysis

max time kernel
31s
max time network
32s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
01/02/2025, 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133829154455568974"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2384	2896	chrome.exe	83
PID 2896 wrote to memory of 2384	2896	chrome.exe	83
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 2156	2896	chrome.exe	84
PID 2896 wrote to memory of 5020	2896	chrome.exe	85
PID 2896 wrote to memory of 5020	2896	chrome.exe	85
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86
PID 2896 wrote to memory of 2572	2896	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffe5776cc40,0x7ffe5776cc4c,0x7ffe5776cc58
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,15520603841462024223,5635587875133227841,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,15520603841462024223,5635587875133227841,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=1960 /prefetch:3
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,15520603841462024223,5635587875133227841,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,15520603841462024223,5635587875133227841,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,15520603841462024223,5635587875133227841,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,15520603841462024223,5635587875133227841,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:2356

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2072

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d168c42f1270d94e4d1b8f2c5e76b2bc

SHA1
18c39865000e3a599f7565cfa6872435f4383482

SHA256
b65dec028a00e3d1a7b320206ba1b164ac0bfcfeac2ad07a06767bd6896ffc02

SHA512
8c41ed59e8b9f5b956b6714036df5b2068db5bbbee253344035e89958361cf3fc8b33e4f4382f4b23465eb27881e399eef116ef401a1100ac0e17f27799758dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
66ac615b2da4e17eae9eea406c0788dc

SHA1
d652abcb7d1866af54938e28ab1eacf679364c3c

SHA256
a06ed8938f89ae95f32248bb0e3a5a4f6c4f4900f054a82f706195527aa2ccbd

SHA512
1df27c0387a439aa7d6ef66175761e292f598242c20c58d12ecbc4f02335fc23b142b63fae24969acb760eb5b686e5d06452cc3ee1a242f58ee1e1606c12a049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9eea68aff7abb5518c41a3fdc87c6eee

SHA1
919ca8d0774afd13896dfa29312b1ef4fe00ad69

SHA256
6cbb45ce3260d31715abc555751693f7fc55ae710a8b92cd99e63bdfd86a1247

SHA512
c894802c78f683c94a4dff51cbc630ec38d294417e4cbf57efb600c295eb14132deafac113f4d76a8a06beb68e70a9d450ae06af6ac03300a5cb6b6ee178001e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6310ca846a5f63f13f1876f807e256c1

SHA1
a4807773c2626ee4fd9b777f64de470d7d4ebe82

SHA256
d3ea760db43843dfc86b2ee800e7a9a2dbc0483a74b25405a9369bd4a1f62d7f

SHA512
d912ab9e22289d9ce4fd5cf5f9ab35e6d62fafb687700bb83807d259e5716aa2998ad8d15dca0baac1873eb4fd6644c4a3fa616e794bbca8d10ed7fb3f6f5e05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
34e477f111e6cdb1106d5f87ae81b72c

SHA1
16b790c105f02b3b340aae96a25397d38c864688

SHA256
baaa8abb8d92e48f7bffafac2e4f3843fd3cf6d4e09bb1137904f7678e2be24f

SHA512
ba5737af2bc61c052271df7e7b8c980ccc51fa6bd2632a44eaade6f5a23b1a5363e0857a093e54e085daf5ab2649341e26b6abd85f05ed03e4c0d6c12c93e587

Download Submit