hxxp://launcher[.]theice[.]com/launcher/download/Connect[.]application

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2023, 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://launcher.theice.com/launcher/download/Connect.application

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133234503909821855"	chrome.exe

Modifies registry class 28 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Installations	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment	dfsvc.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0	dfsvc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\ComponentStore_RandomString = "BWQ7TD5A0478CY7Z6NKCHHBK"	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion	dfsvc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\ComponentStore_RandomString = "0ZVTPEMC4K0KE995OZK2G919"	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Categories	dfsvc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\StateStore_RandomString = "L4J36QW0MCYJXK38ZZ0T4WL3"	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\NonCanonicalData	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\conn...app_52f9374e80c65a	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\conn...app_52f9374e80c65a = 68747470733a2f2f6c61756e636865722e6963652e636f6d2f6c61756e636865722f446f776e6c6f61642f436f6e6e6563742e6170706c69636174696f6e23436f6e6e6563742e6170702c2056657273696f6e3d352e332e302e332c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d353266393337346538306336356161652c2070726f636573736f724172636869746563747572653d783836	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\VisibilityRoots	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Assemblies	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Visibility	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\PackageMetadata\{2ec93463-b0c3-45e1-8364-327e96aea856}_{60051b8f-4f12-400a-8e50-dd05ebd438d1}\conn...app_52f9374e80c65a = 3c004100700070006c00690063006100740069006f006e00540072007500730074002000760065007200730069006f006e003d002200310022000d000a00460075006c006c004e0061006d0065003d002200680074007400700073003a002f002f006c00610075006e0063006800650072002e006900630065002e0063006f006d002f006c00610075006e0063006800650072002f0044006f0077006e006c006f00610064002f0043006f006e006e006500630074002e006100700070006c00690063006100740069006f006e00230043006f006e006e006500630074002e006100700070002c002000560065007200730069006f006e003d0035002e0033002e0030002e0033002c002000430075006c0074007500720065003d006e00650075007400720061006c002c0020005000750062006c00690063004b006500790054006f006b0065006e003d0035003200660039003300370034006500380030006300360035006100610065002c002000700072006f0063006500730073006f0072004100720063006800690074006500630074007500720065003d007800380036002f004900430045002e004c00610075006e0063006800650072002e0043006c00690065006e0074002e006500780065002c002000560065007200730069006f006e003d0035002e0033002e0030002e0033002c002000430075006c0074007500720065003d006e00650075007400720061006c002c0020005000750062006c00690063004b006500790054006f006b0065006e003d0035003200660039003300370034006500380030006300360035006100610065002c002000700072006f0063006500730073006f0072004100720063006800690074006500630074007500720065003d007800380036002c00200074007900700065003d00770069006e003300320022000d000a00540072007500730074006500640054006f00520075006e003d002200740072007500650022000d000a0050006500720073006900730074003d002200740072007500650022003e000d000a003c00440065006600610075006c0074004700720061006e0074003e000d000a003c0050006f006c00690063007900530074006100740065006d0065006e0074002000760065007200730069006f006e003d002200310022003e000d000a003c005000650072006d0069007300730069006f006e00530065007400200055006e0072006500730074007200690063007400650064003d002200740072007500650022000d000a00490044003d00220043007500730074006f006d0022000d000a00530061006d00650053006900740065003d002200730069007400650022000d000a0078006d006c006e0073003a00610073006d00760031003d002200750072006e003a0073006300680065006d00610073002d006d006900630072006f0073006f00660074002d0063006f006d003a00610073006d002e007600310022000d000a0078006d006c006e0073003d002200750072006e003a0073006300680065006d00610073002d006d006900630072006f0073006f00660074002d0063006f006d003a00610073006d002e007600320022000d000a0078006d006c006e0073003a00610073006d00760032003d002200750072006e003a0073006300680065006d00610073002d006d006900630072006f0073006f00660074002d0063006f006d003a00610073006d002e007600320022000d000a0078006d006c006e0073003a007800730069003d00220068007400740070003a002f002f007700770077002e00770033002e006f00720067002f0032003000300031002f0058004d004c0053006300680065006d0061002d0069006e007300740061006e006300650022000d000a0078006d006c006e0073003a0063006f002e00760031003d002200750072006e003a0073006300680065006d00610073002d006d006900630072006f0073006f00660074002d0063006f006d003a0063006c00690063006b006f006e00630065002e007600310022000d000a0078006d006c006e0073003a00610073006d00760033003d002200750072006e003a0073006300680065006d00610073002d006d006900630072006f0073006f00660074002d0063006f006d003a00610073006d002e007600330022000d000a0078006d006c006e0073003a0064007300690067003d00220068007400740070003a002f002f007700770077002e00770033002e006f00720067002f0032003000300030002f00300039002f0078006d006c006400730069006700230022000d000a0078006d006c006e0073003a0063006f002e00760032003d002200750072006e003a0073006300680065006d00610073002d006d006900630072006f0073006f00660074002d0063006f006d003a0063006c00690063006b006f006e00630065002e007600320022003e000d000a003c0049005000650072006d0069007300730069006f006e00200063006c006100730073003d002200530079007300740065006d002e004e00650074002e005700650062005000650072006d0069007300730069006f006e002c002000530079007300740065006d002c002000560065007200730069006f006e003d0032002e0030002e0030002e0030002c002000430075006c0074007500720065003d006e00650075007400720061006c002c0020005000750062006c00690063004b006500790054006f006b0065006e003d00620037003700610035006300350036003100390033003400650030003800390022000d000a00760065007200730069006f006e003d002200310022003e000d000a003c0043006f006e006e006500630074004100630063006500730073003e000d000a003c0055005200490020007500720069003d00220028006800740074007000730029003a002f002f006c00610075006e0063006800650072005c002e006900630065005c002e0063006f006d002f002e002a0022002f003e000d000a003c002f0043006f006e006e006500630074004100630063006500730073003e000d000a003c002f0049005000650072006d0069007300730069006f006e003e000d000a003c002f005000650072006d0069007300730069006f006e005300650074003e000d000a003c002f0050006f006c00690063007900530074006100740065006d0065006e0074003e000d000a003c002f00440065006600610075006c0074004700720061006e0074003e000d000a003c004500780074007200610049006e0066006f00200044006100740061003d00220030003000300031003000300030003000300030004600460046004600460046004600460030003100300030003000300030003000300030003000300030003000300030003000430030003200300030003000300030003000350037003500330037003900370033003700340036003500360044003200450035003700360039003600450036003400360046003700370037003300320045003400360036004600370032003600440037003300320043003200300035003600360035003700320037003300360039003600460036004500330044003300340032004500330030003200450033003000320045003300300032004300320030003400330037003500360043003700340037003500370032003600350033004400360045003600350037003500370034003700320036003100360043003200430032003000350030003700350036003200360043003600390036003300340042003600350037003900350034003600460036004200360035003600450033004400360032003300370033003700360031003300350036003300330035003300360033003100330039003300330033003400360035003300300033003800330039003000350030003100300030003000300030003000330030003500330037003900370033003700340036003500360044003200450035003300360035003600330037003500370032003600390037003400370039003200450035003000360046003600430036003900360033003700390032004500340031003700300037003000360043003600390036003300360031003700340036003900360046003600450035003400370032003700350037003300370034003400350037003800370034003700320036003100340039003600450036003600360046003000310030003000300030003000300031003800370032003600350037003100370035003600350037003300370034003700330035003300360038003600350036004300360043003400390036004500370034003600350036003700370032003600310037003400360039003600460036004500300030003000310030003200300030003000300030003000300031003000420022002f003e000d000a003c002f004100700070006c00690063006100740069006f006e00540072007500730074003e000d000a000000	dfsvc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2496	chrome.exe
2496	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2368	chrome.exe
2368	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeDebugPrivilege	4784	dfsvc.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 324	2368	chrome.exe	87
PID 2368 wrote to memory of 324	2368	chrome.exe	87
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1424	2368	chrome.exe	88
PID 2368 wrote to memory of 1972	2368	chrome.exe	89
PID 2368 wrote to memory of 1972	2368	chrome.exe	89
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90
PID 2368 wrote to memory of 1472	2368	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://launcher.theice.com/launcher/download/Connect.application
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffc3dee9758,0x7ffc3dee9768,0x7ffc3dee9778
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1756,i,17916193600013995598,7573592711506862303,131072 /prefetch:2
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1756,i,17916193600013995598,7573592711506862303,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1756,i,17916193600013995598,7573592711506862303,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1756,i,17916193600013995598,7573592711506862303,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1756,i,17916193600013995598,7573592711506862303,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1756,i,17916193600013995598,7573592711506862303,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1756,i,17916193600013995598,7573592711506862303,131072 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1756,i,17916193600013995598,7573592711506862303,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1756,i,17916193600013995598,7573592711506862303,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1756,i,17916193600013995598,7573592711506862303,131072 /prefetch:8
  2⤵
  PID:4244
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\dfshim.dll",ShOpenVerbApplication C:\Users\Admin\Downloads\Connect.application
  2⤵
  PID:2524
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
    3⤵
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1756,i,17916193600013995598,7573592711506862303,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1756,i,17916193600013995598,7573592711506862303,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1756,i,17916193600013995598,7573592711506862303,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2496

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:900

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cc0739e82bbf75594cf10dd63422ca6d

SHA1
d1c18f97f910e4033fdb31d2e680a9c34818a21d

SHA256
8b3fd2b9be03fb93fd1cae92a026bc8485888019549389ced3d54f18e3c80620

SHA512
d8273979c20f5e90e4d3b5cd778df6b48ecf6e071a74ac68c6ac147835a4a612ee2625f9c7beb5120228225b5a76350c6e8023bb3e16bd84bc39522e7ac490d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2090d5aa879a8073415292f500fbea98

SHA1
5d21880ad7d4cdb929464feb6a9da25f31e1de10

SHA256
903778d06fa77fb6560f10a2485316ebc6b696d6ec8c436276267ee8493027d4

SHA512
70ccc5f3259652467a5a741f2abd81706ffb0c3282efe0f8df037b5de8f75dc58bd61fcedfc18b1ce7844b721060c6d77500b1592395004e06b5b1977f5c146f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7ca0f66acb2a6b49590c444a642d2866

SHA1
03fb996c26af89abe4d0d21b2dac670b2015a501

SHA256
7703cefd0b9d2e824557df86468befaf80802237d2383b286864eb3f13eae26d

SHA512
086e7a40e2e63ed8419f48b80e3047773318f2e19381a6e88e2721a4cef7ef5b82137ce422e3fa1546e27d69dc1066e31c302384c375d31dac4a2402eb6d35b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d5a1714262f00417e47edda5098c3cce

SHA1
fb8752f75e66bd83ae3c4fea6df45dea12e660d9

SHA256
c15b830a7fb4f63ce2b342c69f386b572922a3a9fe88381d0882adc07972e6f0

SHA512
3c132f1152800d6fe9e3b034891c73ef1a8e276bf977948cea51c49a9f611d644043abfcef9aeca93272d73f38adcff567ef8ecfe762694a1d0130c2cda7bfb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
653670fca3c56f484916fc051483543c

SHA1
bd33b7a72fa82e4e4aa2eb368527b814282931d8

SHA256
7e8222c0bdd1b6da0610d4fadcb975f40604669141b5ccd162860310eb9de99a

SHA512
e1bf4f42b57285a552e6fcfeab14edb34b83f26853c636a5771611e29de64d20f4474680c098027541acf71d55a2dfe59e80339882b6bd01bf5000b05093b2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
f51b75ab04d7b023c523e395bd0ad891

SHA1
458ad5e5066a4919d7d7215648fe7942786ab80a

SHA256
21e8eeb6affe46178149cedb38c5924ff578370bd8260f4d6c309b208c9ab057

SHA512
4cfb894bb3034c883e1e8b9bda80e939533123dee960808abc3b28ed79779bde79b671863a50c56125fa72628f2545757b953a3c13791670941c555a4039ed25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
fa29a12c3a8b37045bbbfc2ce73d996c

SHA1
1283ce5c7d1e1fb44a8fa816cfb42b3bbd7e6376

SHA256
b1f6baa9209a5688ac252e6fea910acf55169ce39a006927a74f7a61ca2f4f0d

SHA512
c2b5ddc95cc8ebac0b188c095d352744ab3791d40dbc084266f19c85c2c55a0e85a8a1fa3d67ef288ae07d64d5668ccca630dafb7a80a4048d15ae02d322c3ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
a8be3ca105bffb40d47f7909c4fd51f9

SHA1
f5129af4adc3ae8a65bcf5ede8e1afef038514cc

SHA256
50f7d4803bf059ef66806ba9312beb610d6b3db6e08806aa0d2341f64bf0f7e8

SHA512
7a7a938d4b5577278c177b694ed7a6656172c1d237e7a964b21a3062f14ba7bac24d2147c5cb37ca4b190c5af8acd34e76db6fd6f19b9b4699cb49548dd7f5b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5712bd.TMP

Filesize
103KB

MD5
22fa6d9771f96f2ccc140b77e75d0212

SHA1
b2150792f6c26b4e161911cd37916361abe46363

SHA256
d802102146204a75cf356c1a7c57a997c4aea96bcaebfa67f9375613a1aac7f3

SHA512
601a203dbb9760f4ed0134fecac527ab2e9d689a770a469b6025ad0e1d9a802ccad8bd18654a615a426e57f93690bd48376c3bd9b50acb280cf54584b372c002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f864ec8d-c2d8-452a-95e6-73a24109d582.tmp

Filesize
144KB

MD5
660995de22c8441cc0680427c54144be

SHA1
cf75483d63cd12a3ba15d1b1e1ccd6b7e83bfd17

SHA256
f3b55fe668a387a95cff56598d6b5e0c8fb372887121cd0c28e9e094912ab898

SHA512
a6ec5d3590ea3d8f2de4dbf468a4a4cbd64322c658408bdb15bb7ac7820d63bf2033b35ed74e4d88207d9f7235677669c718da83222f0fb03bafd9ad49617b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Deployment\D4NHGKLQ.A3N\9ZKPABCH.2O2\IceLogo.ico

Filesize
3KB

MD5
a6de672107862e7fc273d3a689986c54

SHA1
b15558398172dabf1431b281a3e43ec88dbfd734

SHA256
1689720d91740383dd0a597419e54b00888f02972c2ca274fa80b24d9b22b358

SHA512
c863ffc518a9ab4a385ebe94a2e8c750ba692a4988ee8d6cb06692c1d5a48afa234acc07eb582fa24367801c8aca7ad76fd9190e0bf67a7949a60b25ddb5564a

Download Submit
C:\Users\Admin\Downloads\Connect.application

Filesize
12KB

MD5
5dabdf2f9287428a53a7ff54f5a7580c

SHA1
c8157df21cc720e21120d56254ba2903a3c7312b

SHA256
ebfde6f044b6ef8becaca18fdaff52467ee63b3d3cd941c076cd4d97df665736

SHA512
bf49383a54d33f10c2244e5308bff8f84e196c925e2d291a36c6dc851fc1a8b699abc14ca55909d0cead3b878ac8033ac3304a8a59e89fe0f1e6b58203ec2305

Download Submit
C:\Users\Admin\Downloads\Connect.application

Filesize
12KB

MD5
5dabdf2f9287428a53a7ff54f5a7580c

SHA1
c8157df21cc720e21120d56254ba2903a3c7312b

SHA256
ebfde6f044b6ef8becaca18fdaff52467ee63b3d3cd941c076cd4d97df665736

SHA512
bf49383a54d33f10c2244e5308bff8f84e196c925e2d291a36c6dc851fc1a8b699abc14ca55909d0cead3b878ac8033ac3304a8a59e89fe0f1e6b58203ec2305

Download Submit
memory/4784-188-0x000001C8B9920000-0x000001C8B9AA6000-memory.dmp

Filesize
1.5MB

Download
memory/4784-222-0x000001C8A1030000-0x000001C8A1040000-memory.dmp

Filesize
64KB

Download
memory/4784-204-0x000001C8A1030000-0x000001C8A1040000-memory.dmp

Filesize
64KB

Download
memory/4784-256-0x000001C8A1030000-0x000001C8A1040000-memory.dmp

Filesize
64KB

Download
memory/4784-257-0x000001C8A1030000-0x000001C8A1040000-memory.dmp

Filesize
64KB

Download
memory/4784-203-0x000001C8A1030000-0x000001C8A1040000-memory.dmp

Filesize
64KB

Download
memory/4784-201-0x000001C8A0FE0000-0x000001C8A1030000-memory.dmp

Filesize
320KB

Download
memory/4784-187-0x000001C89F290000-0x000001C89F298000-memory.dmp

Filesize
32KB

Download