Analysis
-
max time kernel
1658s -
max time network
1802s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
07/02/2023, 15:19
General
-
Target
sample.html
-
Size
761KB
-
MD5
7da5ac88438188a94a69e5ca75c03bb6
-
SHA1
b3a04aa60d9223d629128f0370cffb75f3268186
-
SHA256
1dbde3816572524a93e643b68d6b6e7333575b5a8776454d1ce6814a6e6134eb
-
SHA512
e60d0d209d890e9fe2287704068f10c7858a0cc3e7e49cbb053e26c71ea8f32add471d16faac094ff11f85c6d5398cb94df8bf9694a87a0c4d4ca8f4b89244c7
-
SSDEEP
6144:X1brxPrxbrxGrxHrxbrxQrxNrxx2+qNjF74VCjOET7rzN/uYPaLdYuXNzlPW9v+7:XprlrNrErFr5rSrnr//UI
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 64 IoCs
-
Executes dropped EXE 1 IoCs
-
Drops desktop.ini file(s) 52 IoCs
-
Drops autorun.inf file 1 TTPs 2 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory 64 IoCs
-
Modifies termsrv.dll 1 TTPs 1 IoCs
Commonly used to allow simultaneous RDP sessions.
-
Drops file in Program Files directory 7 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 14 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:884 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\notepad.exe"C:\Windows\system32\notepad.exe"1⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f81⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5104f50,0x7fef5104f60,0x7fef5104f702⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1076 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1416 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1748 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3280 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3508 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3560 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3660 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3676 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3792 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3768 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3516 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3696 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4344 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3916 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3656 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2188 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3804 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1016 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4684 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4668 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5504 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5548 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5276 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4620 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4092 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=880 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=892 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3524 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=892 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5880 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5116 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4104 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5432 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5104 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3520 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3524 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5116 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5104 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=968,16635088124872138817,17956652664983518892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5208 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"1⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2008_1831867551\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2008_1831867551\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={9bb34f4d-c344-42ce-b14e-929e832a9394} --system2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe"C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe"C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe" /SpecialRun 14001bb98 24042⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe"C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe"C:\Users\Admin\Downloads\advancedrun-x64\AdvancedRun.exe" /SpecialRun 14001bb98 24402⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\cmd.exe"cmd.exe"2⤵
- Drops file in Drivers directory
- Drops desktop.ini file(s)
- Drops autorun.inf file
- Drops file in System32 directory
- Modifies termsrv.dll
-
C:\Windows\system32\whoami.exewhoami3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5f0dd2d6b8fb5e144c1ec97e6ca7a0609
SHA17b34dc988615e539429724a3c125360e2e308c17
SHA256d9a6913227d7311ac07fc04fa48822b8875ae9997f015b85752f5e37cc4ce50a
SHA5126e0b84f81382ba7e4bf15d95a8f84967d0b46b7855280cb3ac3d92aa0b5c7d8fce012717cd0222f8a43d083cd39efc9d9ab8df5a4cb64e8299d1c77404611196
-
Filesize
471B
MD596f1e231b19466486b661cd50d8c0f65
SHA1e6e776870ea0754fad2919d800a6323f801ad72b
SHA256e0da2097eaad63526d25558b760784633e523fb189cbb46b75695cd357d123f2
SHA51209b5cc7badd7bb950cb66d6b51f95f75c09ed9138e4021d0e1285d433b6f5715e19c661055224857aa31c6a253bd624fb402a2efc04c4b6771f48f3c26e8f63b
-
Filesize
472B
MD5ed3f32fef9b843f5511bb882c0a38358
SHA1a1a60921f7cb6ab14b645c77bb7d77c20b8201ef
SHA2569a4b9e269aa66258c1d9b10fb1af899a3e669de3e244dcfd843a0bce87646f8e
SHA512c14336e5ee87435ebeb3ecdfe5ef4434288659feaaae2731995b425d18c9041a1ba0af449706cf87dabd439e9d010acd6dcda4d17df0fac24b5093fce1760336
-
Filesize
724B
MD5f569e1d183b84e8078dc456192127536
SHA130c537463eed902925300dd07a87d820a713753f
SHA256287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413
SHA51249553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012
-
Filesize
471B
MD50a8ea253ef61b5c330b3285f9a94e6ae
SHA10cf9a1c66c83f505c7195774996b107c145f5884
SHA2568b6bca0cd9c9adcb16bba03349e8fcbfcd645719c82c95f0111095b731842402
SHA5127f84d29116734b68615dd91af940afd219e04bda598a1da77c41240fb6fba8aa22d090e9e89dca1cad500ff430bee23f731d807eaecbc9fed714b4df699af425
-
Filesize
410B
MD5179f25e6883440d75851a1ae4b98841c
SHA19b4b08cb58d74879cbaf4b2b2b308e01b9270592
SHA256e359630a8affc72264a670ae34d8bcc0875636fb4cf28b9b3c67a3ddd7e152e1
SHA512346f784bd3588e9a9c1448779b4e5a7f018564d0a1205c287f01ad68dffc5f5781993ef4df8a9cb577b1e0b53ebd4da945f96527708f4efb27e359469e2a1760
-
Filesize
340B
MD57b75c986ba03dc11e79f327dd5b5b32d
SHA15473dcaed000128dc88d2ce7b69c01a0716ed530
SHA256955824fc9bdce41e94fabedda37d42379a043bd601522149182cc2eee5d45e4e
SHA51237cf9055c8d60e6ef89d33d13d7d3196acfc124b334a8a8df9527350ff94436121d1258610cbeb4392d827c0f5e2a4da109314c21cfd487205bb88f35b413396
-
Filesize
406B
MD54d3535e6d84eec864439456ce8c1b982
SHA10472bdb133aaf0eff4ff838dab39ad1916194fc9
SHA25672e0f7922d3ce27ac1a88c6140706caa5fbabf85bb579b5745840e8c00b7bb84
SHA51281056caff461b078cfec1f10b888f8b289e494aae28e6bc90f639b11d9dd1b2a23a3a37914d0e98f0c3b2ae113029457dd253341a1236821af0846411a9dd857
-
Filesize
402B
MD59e7744679660651a11aee6e4bc6425b5
SHA193f1ac15630de8d7e0d7f18bbb3dd0bed2a6fed0
SHA256d2d2deefd4b84fca2786ae92c6e96756e432814a22e7bde0dd46fa455b753c00
SHA51240b2d71b442350b28ce3164d78c5e5a7f115e4799c365ed7f1984c4a485372917ec41b453eea2fdbb97991544628b682824f030a5854f2733471d8e4fbd7a952
-
Filesize
392B
MD5e77184010d9f7cdd368981f783edb859
SHA13bbb423a70b153435adb3318f8af6a283af5061b
SHA2565dcc96c59e0b51f184fd893fb29ebb10884f639e1f9e13ea3cef304e723fb85f
SHA5127fc682b58779683f6dbd5276b1a27a44f5082d1dc6b961e27930a7bf8384f6d5de4cea166fea2cb686324f3c64448ca1b080fb83ada2675b7510e8e36650d5f0
-
Filesize
406B
MD5a8ebd1044c06c10937485c03f2d16bf6
SHA1d2f72cb2045674a8063c8e683b5d3d4e77ce4ef6
SHA256201aa40767d577998b6bafad472a58a4978c74a6489c69787e04579dc61232ce
SHA512273d29df8dfea5c5cecd8dc1bfeea7318a2817d7b48089a40c25636d9ece05ce30851e717f8458a38b9925e34280c8bea5b077078abdef1dc6760266af7f7075
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
5.9MB
-
Filesize
5.9MB
-
Filesize
5.9MB
-
Filesize
8KB