hxxps://ipfs[.]io/ipfs/QmRMJnQjYWCi7TkzfLTjKeNypPXUBEG9pb21zyMStmbmNe#test@test[.]com

Analysis

max time kernel
4s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ipfs.io/ipfs/QmRMJnQjYWCi7TkzfLTjKeNypPXUBEG9pb21zyMStmbmNe#[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

chrome.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious use of WriteProcessMemory 42 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5088 wrote to memory of 3292	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 3292	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 728	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 3496	5088	chrome.exe	chrome.exe
PID 5088 wrote to memory of 3496	5088	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ipfs.io/ipfs/QmRMJnQjYWCi7TkzfLTjKeNypPXUBEG9pb21zyMStmbmNe#[email protected]
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce9709758,0x7ffce9709768,0x7ffce9709778
2⤵
PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1940,i,9314313974180791070,5182172545060434183,131072 /prefetch:2
2⤵
PID:728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1940,i,9314313974180791070,5182172545060434183,131072 /prefetch:8
2⤵
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1940,i,9314313974180791070,5182172545060434183,131072 /prefetch:8
2⤵
PID:216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1940,i,9314313974180791070,5182172545060434183,131072 /prefetch:1
2⤵
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1940,i,9314313974180791070,5182172545060434183,131072 /prefetch:1
2⤵
PID:1268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1940,i,9314313974180791070,5182172545060434183,131072 /prefetch:8
2⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1940,i,9314313974180791070,5182172545060434183,131072 /prefetch:8
2⤵
PID:1060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2772 --field-trial-handle=1940,i,9314313974180791070,5182172545060434183,131072 /prefetch:2
2⤵
PID:4604

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:3964

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
2019092e367fb37628dc59cc54d9e167

SHA1
a40fa6949b0b1fdcc902ef308af7e3e7e6aa3169

SHA256
f14d12488b55247227f5681aaa8af5bb5c0bd27a6b62df111620393f502d3f90

SHA512
c3b2483b1784f6019d3f3e3b2d432a501b575f7d0ce64954285cd28444c1568eb400f5c9a8c652a489b9d8e51551a39b1f7e2e5a6d4c2f41f138d613f4cf1f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
697B

MD5
f80c4aceb9ff1927dfa94f06d970a538

SHA1
ff4ce278640bef3d64f6782067736944ff115211

SHA256
205c54d66fed9dc21225137277b48c6720cef21761b3e43ef26378ef83fc3b79

SHA512
eea997b457ed8fa284d082c9e94f1db600ced90b64408a1db5cc60b8a34c696769bf0c7e33120aae662fed0de38a44ba5a45da5caa0999468307d265b19e2b08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2ce2f842b030bfe2b4c9afeb131f70f1

SHA1
f727664c0f4ee30162dad014a1fff57c05715c74

SHA256
92b2e43c9711e9da1ecceba6010c300cfa0efe40e5b2faf96d5af21117680eed

SHA512
52cfb9e7ad3f568c752a8783049c7280d5b35f358528f6d819e9cd32b91c8559dcfd1a813db9d81f80c52d90c03c5402606ee665773f21e49e764d37e6e1cb4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a9dcddc176ebe3dbd2cee6f893758fea

SHA1
60566a6ab16b8b8189046d2e56d593f43d9c9b4e

SHA256
0db61c7a78204a17ba06423825c103fd1b47435ebd10047ab4c23046dbd2f354

SHA512
18cdd81506ea131d7e7e2d7f54dd94159a0d8edd5aaeb8185e196ed9967d3dffdaa1ff541fca66189438f0a7fb2064dbd902c5401f772e07b2538071e39c30d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
786a6a29da07a3f1c6814d8f8c63db08

SHA1
e581a484472f097c0e98d21447b31d7587ca5c9d

SHA256
a600535fa05674efc03d7c4206977903c6562d75d7a35a7afdfea79ce4b6f330

SHA512
0818df937d708cc0fb277c734914466fd02e5e868347ce76d54b4323fb2b883897e0c7474d892d513d9a22c2c44f1878f9abec0e46ac794867693831a9dbefe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
16ef7feb3a120f5fa80f8684d303682e

SHA1
4221024b3b463abc6d7320018d180205fd49e1f6

SHA256
cda738da4796edad9ef9aabaf7aed3cf71940cefc00f150fb14b9cbef630429d

SHA512
6dcc7a52c03a16174c1d38f7f41b987a1cc514d7adedb2bb86629bb9c2f014df64f36dca498a88a2a2b1763068bd68138113c30db2d115ce2aa80ac94cae3a40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_5088_VYDSOJECMWPLRTQW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit