Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
02-03-2023 12:30
Behavioral task
behavioral1
Sample
2dafde8db9931b339d3c4e02211d1510.exe
Resource
win7-20230220-en
General
-
Target
2dafde8db9931b339d3c4e02211d1510.exe
-
Size
1.4MB
-
MD5
2dafde8db9931b339d3c4e02211d1510
-
SHA1
de7784c8b122b3a0cede985a4f016c8d1dd2a291
-
SHA256
fd03bb72a0c9a14456d200343547eea78cdfb8d0f07b9277312f456a3f367ef1
-
SHA512
66bfa9c229f5a83f21f8b94bd5403317991a25a1b4691445bf8fbeb73a0846a8ca51b9bb2e8b708f82c6c346ab8e00f5cbd347da984086433b2137f14e6cc920
-
SSDEEP
24576:qGU0HpRGUYHKaPUM0Hqy69NgA+iVvRuPpND5TqJ6y5eXt7dRXj5hjSU:ppEUIvU0N9jkpjweXt77z5td
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Program Files directory 10 IoCs
Processes:
2dafde8db9931b339d3c4e02211d1510.exedescription ioc Process File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js 2dafde8db9931b339d3c4e02211d1510.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json 2dafde8db9931b339d3c4e02211d1510.exe File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 2dafde8db9931b339d3c4e02211d1510.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js 2dafde8db9931b339d3c4e02211d1510.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js 2dafde8db9931b339d3c4e02211d1510.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js 2dafde8db9931b339d3c4e02211d1510.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js 2dafde8db9931b339d3c4e02211d1510.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html 2dafde8db9931b339d3c4e02211d1510.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png 2dafde8db9931b339d3c4e02211d1510.exe File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js 2dafde8db9931b339d3c4e02211d1510.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid Process 3800 taskkill.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133222374286752804" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid Process 548 chrome.exe 548 chrome.exe 1336 chrome.exe 1336 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid Process 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
2dafde8db9931b339d3c4e02211d1510.exetaskkill.exechrome.exedescription pid Process Token: SeCreateTokenPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeAssignPrimaryTokenPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeLockMemoryPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeIncreaseQuotaPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeMachineAccountPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeTcbPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeSecurityPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeTakeOwnershipPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeLoadDriverPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeSystemProfilePrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeSystemtimePrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeProfSingleProcessPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeIncBasePriorityPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeCreatePagefilePrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeCreatePermanentPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeBackupPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeRestorePrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeShutdownPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeDebugPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeAuditPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeSystemEnvironmentPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeChangeNotifyPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeRemoteShutdownPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeUndockPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeSyncAgentPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeEnableDelegationPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeManageVolumePrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeImpersonatePrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeCreateGlobalPrivilege 728 2dafde8db9931b339d3c4e02211d1510.exe Token: 31 728 2dafde8db9931b339d3c4e02211d1510.exe Token: 32 728 2dafde8db9931b339d3c4e02211d1510.exe Token: 33 728 2dafde8db9931b339d3c4e02211d1510.exe Token: 34 728 2dafde8db9931b339d3c4e02211d1510.exe Token: 35 728 2dafde8db9931b339d3c4e02211d1510.exe Token: SeDebugPrivilege 3800 taskkill.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe Token: SeCreatePagefilePrivilege 548 chrome.exe Token: SeShutdownPrivilege 548 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid Process 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid Process 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe 548 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2dafde8db9931b339d3c4e02211d1510.execmd.exechrome.exedescription pid Process procid_target PID 728 wrote to memory of 5048 728 2dafde8db9931b339d3c4e02211d1510.exe 82 PID 728 wrote to memory of 5048 728 2dafde8db9931b339d3c4e02211d1510.exe 82 PID 728 wrote to memory of 5048 728 2dafde8db9931b339d3c4e02211d1510.exe 82 PID 5048 wrote to memory of 3800 5048 cmd.exe 84 PID 5048 wrote to memory of 3800 5048 cmd.exe 84 PID 5048 wrote to memory of 3800 5048 cmd.exe 84 PID 728 wrote to memory of 548 728 2dafde8db9931b339d3c4e02211d1510.exe 86 PID 728 wrote to memory of 548 728 2dafde8db9931b339d3c4e02211d1510.exe 86 PID 548 wrote to memory of 3956 548 chrome.exe 87 PID 548 wrote to memory of 3956 548 chrome.exe 87 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 1540 548 chrome.exe 88 PID 548 wrote to memory of 4432 548 chrome.exe 89 PID 548 wrote to memory of 4432 548 chrome.exe 89 PID 548 wrote to memory of 760 548 chrome.exe 90 PID 548 wrote to memory of 760 548 chrome.exe 90 PID 548 wrote to memory of 760 548 chrome.exe 90 PID 548 wrote to memory of 760 548 chrome.exe 90 PID 548 wrote to memory of 760 548 chrome.exe 90 PID 548 wrote to memory of 760 548 chrome.exe 90 PID 548 wrote to memory of 760 548 chrome.exe 90 PID 548 wrote to memory of 760 548 chrome.exe 90 PID 548 wrote to memory of 760 548 chrome.exe 90 PID 548 wrote to memory of 760 548 chrome.exe 90 PID 548 wrote to memory of 760 548 chrome.exe 90 PID 548 wrote to memory of 760 548 chrome.exe 90 PID 548 wrote to memory of 760 548 chrome.exe 90 PID 548 wrote to memory of 760 548 chrome.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\2dafde8db9931b339d3c4e02211d1510.exe"C:\Users\Admin\AppData\Local\Temp\2dafde8db9931b339d3c4e02211d1510.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:728 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
PID:5048 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3800
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:548 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdddb09758,0x7ffdddb09768,0x7ffdddb097783⤵PID:3956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1812,i,2327074125729024941,4932505450001024422,131072 /prefetch:23⤵PID:1540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,2327074125729024941,4932505450001024422,131072 /prefetch:83⤵PID:4432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1812,i,2327074125729024941,4932505450001024422,131072 /prefetch:83⤵PID:760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3172 --field-trial-handle=1812,i,2327074125729024941,4932505450001024422,131072 /prefetch:13⤵PID:1376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3300 --field-trial-handle=1812,i,2327074125729024941,4932505450001024422,131072 /prefetch:13⤵PID:540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3876 --field-trial-handle=1812,i,2327074125729024941,4932505450001024422,131072 /prefetch:13⤵PID:3984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4752 --field-trial-handle=1812,i,2327074125729024941,4932505450001024422,131072 /prefetch:13⤵PID:4992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1812,i,2327074125729024941,4932505450001024422,131072 /prefetch:83⤵PID:4912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5332 --field-trial-handle=1812,i,2327074125729024941,4932505450001024422,131072 /prefetch:83⤵PID:1680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1812,i,2327074125729024941,4932505450001024422,131072 /prefetch:83⤵PID:1728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5492 --field-trial-handle=1812,i,2327074125729024941,4932505450001024422,131072 /prefetch:83⤵PID:1604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1812,i,2327074125729024941,4932505450001024422,131072 /prefetch:83⤵PID:2688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5028 --field-trial-handle=1812,i,2327074125729024941,4932505450001024422,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1336
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1504
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
786B
MD59ffe618d587a0685d80e9f8bb7d89d39
SHA18e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12
-
Filesize
6KB
MD5362695f3dd9c02c83039898198484188
SHA185dcacc66a106feca7a94a42fc43e08c806a0322
SHA25640cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f
-
Filesize
13KB
MD54ff108e4584780dce15d610c142c3e62
SHA177e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2
-
Filesize
20KB
MD5c09b5ae23a34c6dc4a5f0ad480e3ccea
SHA14684a844c22a6ce84fc648264a7a73c1ee6cd214
SHA256e1a568ca3f6386c91628d83c5ef50d82441d8d3fc7f0d64a18d68747860b7dc8
SHA512418e6ed3812f0c05195541c2ba2462b743ebb985b28102a79558b6a51de15ddd9d1e5b13a7eef471915de36738c135fb8be8a89645054397399848a3cf00598a
-
Filesize
3KB
MD5c31f14d9b1b840e4b9c851cbe843fc8f
SHA1205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA25603601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA5122c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa
-
Filesize
84KB
MD5a09e13ee94d51c524b7e2a728c7d4039
SHA10dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a
-
Filesize
604B
MD523231681d1c6f85fa32e725d6d63b19b
SHA1f69315530b49ac743b0e012652a3a5efaed94f17
SHA25603164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA51236860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2
-
Filesize
268B
MD50f26002ee3b4b4440e5949a969ea7503
SHA131fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA5124290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11
-
Filesize
1KB
MD505bfb082915ee2b59a7f32fa3cc79432
SHA1c1acd799ae271bcdde50f30082d25af31c1208c3
SHA25604392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA5126feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3bafd18f-c969-4e03-9a1a-be1df3087218.tmp
Filesize6KB
MD5089319e2dda7db67a2b0e7377b45f568
SHA1247e40d9d3e7faba1a3ab1034c3e04d035d42a4a
SHA25678330cca3afd50159e57f2107a0af17655fcbddeb0aaa86cf590de1055c6290b
SHA5126cffbfa77413db23ca9e73d56bf7513f27b365def0f6d3560e5321b99c52f043ea3712608c4c4f846f585c8104f98408598ca072473d6f82f30960e13614d916
-
Filesize
2KB
MD5396d92a46267c2f2ab8f54d4fcdda4b4
SHA18f3157c004ac9ab86bba74898ae2bbfbf8fc9a54
SHA256c0e7a2ce07f5523e802ce51f78dfc46af4038b216f34fb6b6e22d33a60b48f6e
SHA512b4566c16cfe107901bcecda2e52e610371c513b6b133a63589fb2c25bb44c315d4f63f0af1006e6d6b730c1ef40f16b36b5b163d0077d548caba692130dff0a0
-
Filesize
866B
MD5367f562d577e48e0d5838026662ac43f
SHA129b842aebcdd17d2ce9e98b7b70eca6feb14fcf4
SHA256fa3bd8ec796f35f066e9c4a2e3b4976bfd4846aef159cfdb4d21a091238e63ee
SHA51202331959252fd5eab72501f54c8a2fa27d2fa4a4315d82d5a7e578178dbef0852fdf8ce6555f7d411278062b7b0ff24917e00743d188f42f8d4f363d7a3448f5
-
Filesize
872B
MD5910a45402f3f6862c937f522068c56eb
SHA137060ff1ba8c2cc994b84a91eabd116140effc64
SHA256e35d73f4e88ee20178cfdcb472cd88521d8c6f7ced2e70fb082aba1272699309
SHA512572d0fca17b1b6f7d7b727cd86364ef9173661eb8778f2c166aa2c9efbaca4f398983bff8d626a5666a1db9aa07f4dc4b5aaedca508a5c88f28e521afad175ea
-
Filesize
866B
MD55494f0ea4bf0c902b1b0477831dae022
SHA1d1fdf822245b6e7d3cf9c033130ce13a92f254a5
SHA256e1f2989507d3bc87a3d2f4e3e200ba5a26ba5d581b476acac505325d8b0c89ea
SHA512a32867f009234e630ec7374c610326a9972aaddb308d213a78cc9bac75be64392ca464ad740ae20ee764dc945943e8bc6d81b586712d552274cee32a5e442765
-
Filesize
872B
MD5214d0eeaa5bb68512b5e06c1e0827e24
SHA15e56a447e463a5a134288cea31af238ead4cb461
SHA256cf46a93d3f707a9d50e27754c126d2d88e0b150d85b691b2888cd93a9a314c56
SHA512ab3f6a098e7d84dd220255d7adfe5a20467f51c81afe7bd3abf7d6a33e266225c49478f83cebedb4349b67d8a18cdb24cec1235f0a62367b54875b5861da487b
-
Filesize
6KB
MD5d7b185396ff8c4366214d8c3e2847126
SHA11ee986f48dd628795cb2563be7c2680e56b3ec90
SHA2567dbd0d879ff0b5149401f1874967eb89bb7620d0228e1cce9cb473b6879d76d7
SHA512302dd8f32441ef6c6202f6bd2ec5ef871f9e5e0ead682aea90c11933dc9840ea213e75104118ca3419b1eec6aa30d9647672988cbf1491c1d3baaa9d2a944080
-
Filesize
16KB
MD53cb4f160dfe894cfa63e3bd7554cecf2
SHA17b9e513121e8b0822648cad3b4864ad98435093a
SHA256735eb02bd1fd68c4d71bbaccaad96c7c652a66cc5f5e1884dec4718b2f7234ef
SHA5129c91a9b5201dde951b035b645ba8bf1dd2231dcc0227f57531078f5226af26328f54ad12ed24121c173442e8d55a5779b2cd94b7675959228897e1d07b72eb06
-
Filesize
16KB
MD509874617c91d8205502ef88d995d15ce
SHA19a8a28f1c93bb492ce7e6657f64f63f1c83aef0f
SHA2564c5987a79a5a111adabaae6c1a5f593b28e682711f70f5df38b2c005988b36ca
SHA5123ce4c0bf29921af0c52d5cba7c244983dd1ef5d8d7868788fc9cffe2f03d80e4ad70aff49c16fd12d94738f7da0492692be5f354bba7b98ab04d63a70b47778f
-
Filesize
142KB
MD538179e32a6a083998563ee5994c8d16f
SHA1bcbb0604de176f485657ddcbd99e1e9fa2c74bdf
SHA256ae91e39672523f614796dbb950edc7a808f983769386d70dc74750aa1b893f58
SHA5129b5a2513a0bb17f94c7b054263a98b2361f75028fb74bce2d0d42fe17bb8556dae0d47661c4aaa945907446706b6f9a2709ac3861c2805682846aa14f2717dd3
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e