Overview

overview

8

Static

static

URLScan

urlscan

https://vente.net-tr...

windows10_x64

8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    22-07-2021 08:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://vente.net-transact.fr/hoping.php

  • Sample

    210722-rtrl42q8aj

Score
8/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" https://vente.net-transact.fr/hoping.php
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:532
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc8,0xcc,0xd0,0xac,0xd4,0x7ffb5fc54f50,0x7ffb5fc54f60,0x7ffb5fc54f70
      2⤵
        PID:3156
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1492 /prefetch:2
        2⤵
          PID:2552
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1740 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2796
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 /prefetch:8
          2⤵
            PID:3340
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1
            2⤵
              PID:2304
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
              2⤵
                PID:2784
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
                2⤵
                  PID:2120
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
                  2⤵
                    PID:3792
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
                    2⤵
                      PID:3852
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
                      2⤵
                        PID:2052
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4808 /prefetch:8
                        2⤵
                          PID:4356
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5448 /prefetch:8
                          2⤵
                            PID:4580
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5596 /prefetch:8
                            2⤵
                              PID:4608
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5724 /prefetch:8
                              2⤵
                                PID:4660
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3500 /prefetch:8
                                2⤵
                                  PID:4736
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5468 /prefetch:8
                                  2⤵
                                    PID:4768
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5864 /prefetch:8
                                    2⤵
                                      PID:4844
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5860 /prefetch:8
                                      2⤵
                                        PID:4896
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6084 /prefetch:8
                                        2⤵
                                          PID:4916
                                        • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
                                          "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings
                                          2⤵
                                            PID:5000
                                            • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
                                              "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7d1faa890,0x7ff7d1faa8a0,0x7ff7d1faa8b0
                                              3⤵
                                                PID:5028
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5572 /prefetch:8
                                              2⤵
                                                PID:5056
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:2356
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6076 /prefetch:8
                                                2⤵
                                                  PID:4120
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5484 /prefetch:8
                                                  2⤵
                                                    PID:3836
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6008 /prefetch:8
                                                    2⤵
                                                      PID:4380
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:4400
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5376 /prefetch:8
                                                      2⤵
                                                        PID:4696
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5824 /prefetch:8
                                                        2⤵
                                                          PID:4688
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6372 /prefetch:8
                                                          2⤵
                                                            PID:4720
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7096 /prefetch:8
                                                            2⤵
                                                              PID:4824
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7112 /prefetch:8
                                                              2⤵
                                                                PID:4872
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7132 /prefetch:8
                                                                2⤵
                                                                  PID:4932
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7156 /prefetch:8
                                                                  2⤵
                                                                    PID:4900
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7644 /prefetch:8
                                                                    2⤵
                                                                      PID:5100
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7764 /prefetch:8
                                                                      2⤵
                                                                        PID:4372
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7900 /prefetch:8
                                                                        2⤵
                                                                          PID:4392
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6296 /prefetch:8
                                                                          2⤵
                                                                            PID:4624
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6812 /prefetch:8
                                                                            2⤵
                                                                              PID:4940
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6876 /prefetch:8
                                                                              2⤵
                                                                                PID:4768
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6704 /prefetch:8
                                                                                2⤵
                                                                                  PID:5096
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6632 /prefetch:8
                                                                                  2⤵
                                                                                    PID:4616
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6492 /prefetch:8
                                                                                    2⤵
                                                                                      PID:632
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8240 /prefetch:8
                                                                                      2⤵
                                                                                        PID:4656
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8344 /prefetch:8
                                                                                        2⤵
                                                                                          PID:4804
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7136 /prefetch:8
                                                                                          2⤵
                                                                                            PID:4956
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8160 /prefetch:8
                                                                                            2⤵
                                                                                              PID:4548
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8100 /prefetch:8
                                                                                              2⤵
                                                                                                PID:1600
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8040 /prefetch:8
                                                                                                2⤵
                                                                                                  PID:4448
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8096 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:4748
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5960 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:4680
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:4384
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:4768
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:3724
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:8
                                                                                                            2⤵
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            PID:4444
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 /prefetch:8
                                                                                                            2⤵
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            PID:4988
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=904 /prefetch:8
                                                                                                            2⤵
                                                                                                              PID:624
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 /prefetch:8
                                                                                                              2⤵
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              PID:4852
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8816 /prefetch:8
                                                                                                              2⤵
                                                                                                                PID:4636
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3696 /prefetch:8
                                                                                                                2⤵
                                                                                                                  PID:4640
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3536 /prefetch:8
                                                                                                                  2⤵
                                                                                                                    PID:4712
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3724 /prefetch:2
                                                                                                                    2⤵
                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                    PID:3812
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8812 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:4104
                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\91.266.200\software_reporter_tool.exe
                                                                                                                      "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\91.266.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=cLNXGdczGJe6sqOptGYbeSB9ov4UYevMy+KMfyYW --registry-suffix=ESET --srt-field-trial-group-name=Off
                                                                                                                      2⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                      PID:4260
                                                                                                                      • \??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe
                                                                                                                        "c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=91.266.200 --initial-client-data=0x244,0x248,0x24c,0x7c,0x250,0x7ff71a883270,0x7ff71a883280,0x7ff71a883290
                                                                                                                        3⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                        PID:4248
                                                                                                                      • \??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe
                                                                                                                        "c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_4260_TXVUNKZJMVJYWWBI" --sandboxed-process-id=2 --init-done-notifier=716 --sandbox-mojo-pipe-token=10428096315103535167 --mojo-platform-channel-handle=684 --engine=2
                                                                                                                        3⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Loads dropped DLL
                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                        PID:4404
                                                                                                                      • \??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe
                                                                                                                        "c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_4260_TXVUNKZJMVJYWWBI" --sandboxed-process-id=3 --init-done-notifier=920 --sandbox-mojo-pipe-token=7156889381081240042 --mojo-platform-channel-handle=916
                                                                                                                        3⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                        PID:3692
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:8
                                                                                                                      2⤵
                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                      PID:4240
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18305891415228787488,4941132283648491476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4988 /prefetch:8
                                                                                                                      2⤵
                                                                                                                        PID:4744

                                                                                                                    Network

                                                                                                                    MITRE ATT&CK Matrix ATT&CK v6

                                                                                                                    Initial Access

                                                                                                                    Execution

                                                                                                                    Persistence

                                                                                                                    Privilege Escalation

                                                                                                                    Defense Evasion

                                                                                                                    Credential Access

                                                                                                                    Credentials in Files

                                                                                                                    1
                                                                                                                    T1081

                                                                                                                    Discovery

                                                                                                                    Query Registry

                                                                                                                    1
                                                                                                                    T1012

                                                                                                                    System Information Discovery

                                                                                                                    1
                                                                                                                    T1082

                                                                                                                    Lateral Movement

                                                                                                                    Collection

                                                                                                                    Data from Local System

                                                                                                                    1
                                                                                                                    T1005

                                                                                                                    Exfiltration

                                                                                                                    Command and Control

                                                                                                                    Impact

                                                                                                                    Replay Monitor

                                                                                                                    Loading Replay Monitor...

                                                                                                                    Downloads

                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                                                      MD5

                                                                                                                      f647d1151598f4c1f0d4e5154becb8c5

                                                                                                                      SHA1

                                                                                                                      1cf0ce440a6121e9984b8581df26f62e696625d0

                                                                                                                      SHA256

                                                                                                                      03d0fd027db8e7c73c7d325bbd2e14199793145c0553ae5161902f84b77d77bd

                                                                                                                      SHA512

                                                                                                                      8a43bdb2b6b529a4d0a03835d0fcafd3682b920467645dc19aa7118f8f17b6fa655a31a1658621ffd998d47078449f06aaafc6b426d2b7fd0c78a95ed6c4ccf6

                                                                                                                      Download Submit
                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\91.266.200\software_reporter_tool.exe
                                                                                                                      MD5

                                                                                                                      5eebc550f0bb371d9ac950a990455951

                                                                                                                      SHA1

                                                                                                                      9698da00eb030596f412958ad1e79f5b6afaa2e7

                                                                                                                      SHA256

                                                                                                                      272fc6120c5a4a13d9b09a83debe65165284622a854f628d9ed5dc1d97952206

                                                                                                                      SHA512

                                                                                                                      a60f3ec2869a54c114874f7baa4ba66f01f6c020ba7a58cfc1c71473df245a091171d5962b225747e0586a1356515713845080f076ec87d4c654caeb3fd6db49

                                                                                                                      Download Submit
                                                                                                                    • \??\pipe\crashpad_5000_KKJMRJXIVPGQJUVC
                                                                                                                      MD5

                                                                                                                      d41d8cd98f00b204e9800998ecf8427e

                                                                                                                      SHA1

                                                                                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                      SHA256

                                                                                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                      SHA512

                                                                                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                      Download Submit
                                                                                                                    • \??\pipe\crashpad_532_MOOMCBEFENLVYJYF
                                                                                                                      MD5

                                                                                                                      d41d8cd98f00b204e9800998ecf8427e

                                                                                                                      SHA1

                                                                                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                      SHA256

                                                                                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                      SHA512

                                                                                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                      Download Submit
                                                                                                                    • memory/624-404-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/632-332-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/1600-355-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/2052-159-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/2120-144-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/2304-137-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/2356-235-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/2552-121-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/2552-123-0x00007FFB6B750000-0x00007FFB6B751000-memory.dmp
                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download
                                                                                                                    • memory/2784-140-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/2796-122-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/3156-116-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/3340-127-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/3724-391-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/3792-149-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/3812-426-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/3836-242-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/3852-153-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4104-432-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4120-239-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4260-436-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4356-176-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4372-297-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4380-247-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4384-377-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4392-302-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4400-248-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4404-448-0x00007FFB6B520000-0x00007FFB6B521000-memory.dmp
                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download
                                                                                                                    • memory/4404-447-0x00007FFB6B2C0000-0x00007FFB6B2C1000-memory.dmp
                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download
                                                                                                                    • memory/4444-397-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4448-359-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4548-350-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4580-184-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4608-189-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4616-327-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4624-307-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4636-412-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4640-417-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4656-337-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4660-194-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4680-372-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4688-262-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4696-257-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4712-422-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4720-267-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4736-199-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4748-364-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4768-379-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4768-204-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4768-317-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4804-340-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4824-272-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4844-209-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4852-408-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4872-275-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4896-214-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4900-283-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4916-217-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4932-279-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4940-312-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4956-347-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/4988-400-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/5000-223-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/5028-226-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/5056-230-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/5096-322-0x0000000000000000-mapping.dmp
                                                                                                                      Download
                                                                                                                    • memory/5100-292-0x0000000000000000-mapping.dmp
                                                                                                                      Download