Resubmissions

30/06/2025, 20:31

250630-zawkysxvgy 4

30/06/2025, 20:18

250630-y3c4msvlz7 10

30/06/2025, 20:04

250630-ytal6afn9z 10

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250619-en
  • resource tags

    arch:x64arch:x86image:win11-20250619-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    30/06/2025, 20:31

General

  • Target

    zhopa-siski-pidar.html

  • Size

    31KB

  • MD5

    65d048096ad71990cf696b0217ad74e2

  • SHA1

    dd56223a980b5f8a52b0a734b40abb74690f15d0

  • SHA256

    67b7a84a56a488b56d59a6e990729796fc88105d1edad46d587641e5e490e3af

  • SHA512

    2fbd9ff2e68a46ea39d95b23b9d76c1cd0c9932cdc7a17a656b086e9f05446de6c0814b9e470abaa2fa7f6eba0744e4c7c21a0261040522ce9c992f239b721cb

  • SSDEEP

    768:J72aFqlyDkPHFXRMBdUFElHdlE2RRPXhTxvjdlK7:J72Cqlyo/FXRTEl9l/T/vjdlK7

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\zhopa-siski-pidar.html
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2608
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1e26dcf8,0x7ffd1e26dd04,0x7ffd1e26dd10
      2⤵
        PID:2788
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2044,i,8395643582862076792,14934742993260909223,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=2040 /prefetch:2
        2⤵
          PID:1020
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2216,i,8395643582862076792,14934742993260909223,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=2212 /prefetch:11
          2⤵
            PID:4972
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2348,i,8395643582862076792,14934742993260909223,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=2520 /prefetch:13
            2⤵
              PID:3748
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3220,i,8395643582862076792,14934742993260909223,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3248 /prefetch:1
              2⤵
                PID:5100
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,8395643582862076792,14934742993260909223,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=3280 /prefetch:1
                2⤵
                  PID:5040
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4232,i,8395643582862076792,14934742993260909223,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4268 /prefetch:9
                  2⤵
                    PID:4736
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4664,i,8395643582862076792,14934742993260909223,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4720 /prefetch:14
                    2⤵
                    • Modifies registry class
                    PID:5172
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4684,i,8395643582862076792,14934742993260909223,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=4668 /prefetch:12
                    2⤵
                      PID:5084
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5236,i,8395643582862076792,14934742993260909223,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5240 /prefetch:14
                      2⤵
                        PID:4860
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5232,i,8395643582862076792,14934742993260909223,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5296 /prefetch:14
                        2⤵
                          PID:4168
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5260,i,8395643582862076792,14934742993260909223,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5336 /prefetch:14
                          2⤵
                            PID:728
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5584,i,8395643582862076792,14934742993260909223,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=5596 /prefetch:14
                            2⤵
                              PID:3684
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1128,i,8395643582862076792,14934742993260909223,262144 --variations-seed-version=20250618-180047.684000 --mojo-platform-channel-handle=744 /prefetch:10
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1008
                          • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                            1⤵
                              PID:2736
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                              1⤵
                                PID:5792

                              Network

                                    MITRE ATT&CK Enterprise v16

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                      Filesize

                                      649B

                                      MD5

                                      187e5662f98d47375dd1b7c7c2d70344

                                      SHA1

                                      89d4fd2047f53b1503d5ed343e0faed2895d9f89

                                      SHA256

                                      97065ffb6614eb4d5dcd476575d210033d0203cc111d316feb3066cab772c605

                                      SHA512

                                      92cbe1ba78546d92cd903069d5f43b6bce4f2e11d5b0b714112beb5ebe1857835afcacc509542c23140d4fcdc8acd69bc570a245aa8d1d59d68f0ed52526b254

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      5KB

                                      MD5

                                      e0f6e5fee6799821eaacdb4cf53eae5f

                                      SHA1

                                      ace9cb47bdd06bec339e4b0074ccd1a0d389d0dc

                                      SHA256

                                      bdaa5baf50121eb28dc79bce299f581ff09beb22fbcec2b11cc073138f7b121b

                                      SHA512

                                      08569c1685d20f7d018cccf779d75ac7d088c4b85b4ac28bf8d6e3f97be7830641153a225cedde265e7408271809d21ee7eac174f8876fd547af3108cbe7be72

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      10KB

                                      MD5

                                      c7e705e6e6e3e295343d1a10fe9d69b5

                                      SHA1

                                      31701c5d595a85f35b8e57b9a002813755c55990

                                      SHA256

                                      10896aceb2c78cffaa98c419f27a6286692a4c699068a2c246d379fe6ac6cb87

                                      SHA512

                                      c28d8108c6c2f83305f6a328a56db3dcfac24aba6dcbac357cc1f9ec5870279636506245223d74e138cf07cc4090d32d9dd01eb671a8b9db3bf51e1f3537b017

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                      Filesize

                                      15KB

                                      MD5

                                      1dcf71027a6ea96dd727860876ec3f54

                                      SHA1

                                      526c16ddd3a797009ec254554c8f06e5d1d88ca5

                                      SHA256

                                      8de58dcec43c36baa60225a5724b1b1432fe189e070b0e1414372ad0cd02b56e

                                      SHA512

                                      0b8ae34e2dd2d31487466457163828ad69038b8f6e6f2ee2822c2c9a3c55187df25ccfda1ad27c49cc061efff17eb85fb61d935719bc3f611b82d0fcf0ab8ac9

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                      Filesize

                                      72B

                                      MD5

                                      7e9f226dcf9135e6e4c1b24b55718cee

                                      SHA1

                                      90a57b23ca37d46334b1a605c82007e41f9babb1

                                      SHA256

                                      8b6c87d93f20035a43d1988a891793a9108fb290ff27601428cd4e9ddd561bd8

                                      SHA512

                                      9cecccae22f913bc1c151d9aeeecf4e8ad3e5a41215352714bba2c7835c5548765f3057628a588e303c6edeb2caa6e5e51509dfbed61c8f830e99d5adeed1426

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578cee.TMP

                                      Filesize

                                      48B

                                      MD5

                                      37c19cdc6550f551718853789ea2aa25

                                      SHA1

                                      48d59aeef95bbfa0ef92e3303f4d712fa53ae332

                                      SHA256

                                      3a8c8f4af832e374157dc3909473da751c91b61607e18d5aa1f7db41edf54270

                                      SHA512

                                      5acb80b41114a2827c34de8c7df33f0975fc1a56b1f5e9576b1244b86a6bef85dc0478b77b4ee9f6f7ab805c72c7bdf28b1f9ab4150289d3856836437e0288d1

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

                                      Filesize

                                      72B

                                      MD5

                                      a89ea4ac5947db256dd3d61bdebf65f3

                                      SHA1

                                      2993808ec40665702de167141d5389e9d6d45f75

                                      SHA256

                                      102e0142df7fb585c27b7b6ec6409f296b096c4f82b3dbe54d6e7988a273d8fd

                                      SHA512

                                      39c766c99f8d959ec8a1733542560089105187c28882b0758d2e8781cb7f35558cad46a2b3aa5b7b27dd08d0f8cea80c7deb49cd05afc3d6c1a541531cebc73f

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      84KB

                                      MD5

                                      22f3b348626ebde14cd7bffdb6425870

                                      SHA1

                                      e1f8f326d065fa4e966451f2b490de01d47590fa

                                      SHA256

                                      36819ceeef520f6ab671622fe253132fbc726731752f72e2fa29fa4d49748f4a

                                      SHA512

                                      da80f38a5a5332f5e1b82626d1e1a4825535d7dcab6eff32513d7634114ee38f6aa6b0df7820552bd5eb3c4b2411c2df88ab2c251898c3e891fcb796d250be8d

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      83KB

                                      MD5

                                      2f6b75960f29bb7f2bf8872782c3dbe3

                                      SHA1

                                      8d11c0cc8d376f1bad69b99a3739bc51c673555b

                                      SHA256

                                      678bb61ace17572043cf252b72492ec0e19a35d6eab536f4ba0060e8fb4dea68

                                      SHA512

                                      1a1e2c0d5955cbded0f2cf0579066c59f692500367dd985901c9351743a08b3ed9e32bb30eb7c619cc92f51d42462caaaca5521f3f6e4b3b659a628dd52ae47b

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      84KB

                                      MD5

                                      d7b71eff2acd90ee70372b29aef4c75d

                                      SHA1

                                      5941ef5516bbddf6e0b070e8ef7845c409ac656b

                                      SHA256

                                      80057851f5e11ca71b12466893dddea94e3ce6c056e0b53b56fce16d488f1130

                                      SHA512

                                      e7e0b9a48d23b1af4c3cbc6ac8c3ba8a1cb7a5fce62ab11d8511319e152ea62a7a32a3369b530f46b5eedd37f0748ccee6198d16dfc22d403a7a12f1229dc706