46522d9e413ef1fbd4a122da26b996a4653bf72b6394504a346b4006daff3bbd

General

Target

ACH223321113.pdf
Size

66KB
MD5

6a4015692bd1a76299a812975f10a913
SHA1

3063441e86e2e9dce7d8f8ff6d54ceb356b9c1a9
SHA256

46522d9e413ef1fbd4a122da26b996a4653bf72b6394504a346b4006daff3bbd
SHA512

cd66557939ea0bcc9687b20ce04ba3bec4f4f434f0d8f921bf1725a15fc86ee7d016a857cbaacca9a4b7300d2f0fa9c23a787dfe21a8d3f7287f012cbf6df724
SSDEEP

1536:e3NPrWKs8+h1zcO+G9KBtHVx5c19b8EY5E4nzkyU+ZT:e9PrkbcC9KTC19ZAEMzkN+ZT

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003881bdba40e8124b9fff79d92c7639950000000002000000000010660000000100002000000054a279419b9c230fdbe8cf0516fc4d7ddad75283da449ce2f1bb3d1a322c7d72000000000e80000000020000200000005d2d2e356e82df64206caa6252907c9ce59bb9d1d6a6d0929b011e751836458420000000ca9b3b4a7544f56fe28b7b71d05c4b7bbaa304bc178c083a8720475d755d1b4140000000e6819fb45092d5548e7d3134f2391a04c961fbdf3148450245a38f03831a15b464b3871434e9b99f1ab3e9a5875cf06703380c9ec53b990b49e5889353fe92f5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{25BB1AA1-6F60-11ED-A6E1-52E8C5FCC7C7} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0c031076d03d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003881bdba40e8124b9fff79d92c763995000000000200000000001066000000010000200000008f770ee083392ef1c4bee934c42dbe5a7071b057af9f50c363f9124515b20388000000000e80000000020000200000008485baf9c5e46456fa72c59f01260544addeb612ab8dec21e490bf6736a9258b90000000a3da280c29bdd459c585aa538a3690a092e986896a3d876cad6faa262adc8dc414141f6c1c63fafa50fad625b8301cc4cffd982e14b5eeb648988400e793b69f3c5e3f890d4365ecbd1b30c8e6c997989328e9748bf12df4cb4ea32e8939d83b915a8e13d6369b78fa79e45c9548ab2608de365aa44c4c1c689ef5b4acd0279a791209bf1d556e5c0c4458a796f1b28d40000000dcdb8620a150d08903fb09691ffccb544a0cd534c24c473a90f2a3f4bc754675b96dcbb923a05483d0e81ad20667e8eb3fb16094f6c3c3ba461b1632c1260411	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376434402"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

chrome.exechrome.exe

pid process

788 chrome.exe
1968 chrome.exe
1968 chrome.exe

pid	process
788	chrome.exe
1968	chrome.exe
1968	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

iexplore.exechrome.exe

pid	process
2028	iexplore.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exe

pid	process
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

AcroRd32.exeiexplore.exeIEXPLORE.EXE

pid	process
856	AcroRd32.exe
856	AcroRd32.exe
856	AcroRd32.exe
856	AcroRd32.exe
2028	iexplore.exe
2028	iexplore.exe
1760	IEXPLORE.EXE
1760	IEXPLORE.EXE
1760	IEXPLORE.EXE
1760	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeiexplore.exechrome.exe

description	pid	process	target process
PID 856 wrote to memory of 2028	856	AcroRd32.exe	iexplore.exe
PID 856 wrote to memory of 2028	856	AcroRd32.exe	iexplore.exe
PID 856 wrote to memory of 2028	856	AcroRd32.exe	iexplore.exe
PID 856 wrote to memory of 2028	856	AcroRd32.exe	iexplore.exe
PID 2028 wrote to memory of 1760	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 1760	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 1760	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 1760	2028	iexplore.exe	IEXPLORE.EXE
PID 1968 wrote to memory of 784	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 784	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 784	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1420	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 788	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 788	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 788	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1720	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1720	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1720	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1720	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1720	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1720	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1720	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1720	1968	chrome.exe	chrome.exe
PID 1968 wrote to memory of 1720	1968	chrome.exe	chrome.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ACH223321113.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:856

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://pluriebr.com/dhernandez@forgenergy.com.ACH22321113.Open_DocuSignPortal/Docusign%20Global%20Standard%20For%20E%20signature/Docusign%20Global%20Standard%20For%20E%20signature/Profit-maximization/Profit-maximization-2018
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7054f50,0x7fef7054f60,0x7fef7054f70
2⤵
PID:784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1128,9212242117734083654,15915233308902661338,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1180 /prefetch:2
2⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1128,9212242117734083654,15915233308902661338,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1248 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1128,9212242117734083654,15915233308902661338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1744 /prefetch:8
2⤵
PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,9212242117734083654,15915233308902661338,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
2⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,9212242117734083654,15915233308902661338,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,9212242117734083654,15915233308902661338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1128,9212242117734083654,15915233308902661338,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3320 /prefetch:2
2⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,9212242117734083654,15915233308902661338,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,9212242117734083654,15915233308902661338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3492 /prefetch:8
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,9212242117734083654,15915233308902661338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3656 /prefetch:8
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,9212242117734083654,15915233308902661338,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
2⤵
PID:2508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,9212242117734083654,15915233308902661338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4296 /prefetch:8
2⤵
PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,9212242117734083654,15915233308902661338,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=920 /prefetch:1
2⤵
PID:2772

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
3dcf580a93972319e82cafbc047d34d5

SHA1
8528d2a1363e5de77dc3b1142850e51ead0f4b6b

SHA256
40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

SHA512
98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
c42d8891bb7c521d05b4d8aff4c50388

SHA1
33f8c4c97fa56b63db3b0116afb7a0a4433f6304

SHA256
7e9719b7dc62fe1628d1bbef8e2bb31153e7dfcdf7f37840671d323e892154fb

SHA512
a8aba4bfbf00125933469a714623b6f0de25ae1faec88c8bca1b807018eab2c938992aee153ed3a285173a1c5170acfcba9e5672149119c83f64f748418e601d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
7d3fba3146209e5a1413495231c53b3d

SHA1
66203d17e1fceedb3ed8445727f023dea80cf63e

SHA256
d0574db325dd47c5e8a88f2649d2cd7d18ddb41714c0cfb34794556cb7211173

SHA512
da6cbc7b0a08511966714f60202f3ac20a2d5d8be3363d6c4709f5accf9d1deecf175e547ac5df1428ae22e97e94e7de9903e76fa52e7e4bdc8c06c96635dc51

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DP9ZRYJR.txt
Filesize
603B

MD5
cf2bedfb55a1e93d4b2799d02b87d4db

SHA1
aff6987bc2ab49e1d6463b61624edaf73d87e20a

SHA256
6c2c0c10021d12f6fa06fecc64633610b38571b1446092adff0b49cec7aa12af

SHA512
00f409d88245d9d06a649a69749dbf3581b1221a3d7e06f0732e1423b5cf50cbeb3e1f668482660c28358f0d9c446752e6def65de933b7945947d5039b2bde81

Download Submit
\??\pipe\crashpad_1968_GDESMZLQNZETPMWZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/856-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads