8b57ba1b6222d9061bc7548874aa1a7dfc846e79b0c0d2b64dfb62900337ae1b

Analysis

max time kernel
33s
max time network
58s
platform
windows7_x64
resource
win7-20230220-es
resource tags

arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
submitted
18-03-2023 18:00

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

INSTRUCTIONS.url
Size

130B
MD5

d6243a727322924914fb86362ba8d8f5
SHA1

e4b33f5ed4c3e49567bc0aa558fa44fa04b19af4
SHA256

50058400d54c609fe44cc936c76dd56261a80f1e7bccb57ba7aa149199aa542a
SHA512

583c4e87627d8030a64801056e303bb5186ae2c7945818b517facc00652672be5a268a415e333e1a2b388bc76efa0638c8412eb0e435fecd77a60edd0b5aa892

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

rundll32.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2311ADE1-C5BF-11ED-9C92-F6B2F3A01775} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1052 chrome.exe
1052 chrome.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

iexplore.exechrome.exe

pid	process
1228	iexplore.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exe

pid	process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1228 iexplore.exe
1228 iexplore.exe
476 IEXPLORE.EXE
476 IEXPLORE.EXE
476 IEXPLORE.EXE
476 IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exechrome.exe

description	pid	process	target process
PID 1228 wrote to memory of 476	1228	iexplore.exe	IEXPLORE.EXE
PID 1228 wrote to memory of 476	1228	iexplore.exe	IEXPLORE.EXE
PID 1228 wrote to memory of 476	1228	iexplore.exe	IEXPLORE.EXE
PID 1228 wrote to memory of 476	1228	iexplore.exe	IEXPLORE.EXE
PID 1052 wrote to memory of 536	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 536	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 536	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1712	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1700	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1700	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 1700	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe
PID 1052 wrote to memory of 668	1052	chrome.exe	chrome.exe

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\INSTRUCTIONS.url
1⤵
- Checks whether UAC is enabled
PID:828

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1228

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1228 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b89758,0x7fef6b89768,0x7fef6b89778
2⤵
PID:536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1236,i,8700323825647459529,16333445159746441001,131072 /prefetch:2
2⤵
PID:1712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1236,i,8700323825647459529,16333445159746441001,131072 /prefetch:8
2⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1668 --field-trial-handle=1236,i,8700323825647459529,16333445159746441001,131072 /prefetch:8
2⤵
PID:668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1236,i,8700323825647459529,16333445159746441001,131072 /prefetch:1
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1236,i,8700323825647459529,16333445159746441001,131072 /prefetch:1
2⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1448 --field-trial-handle=1236,i,8700323825647459529,16333445159746441001,131072 /prefetch:2
2⤵
PID:2304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1208 --field-trial-handle=1236,i,8700323825647459529,16333445159746441001,131072 /prefetch:2
2⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1496 --field-trial-handle=1236,i,8700323825647459529,16333445159746441001,131072 /prefetch:1
2⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3808 --field-trial-handle=1236,i,8700323825647459529,16333445159746441001,131072 /prefetch:8
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1168 --field-trial-handle=1236,i,8700323825647459529,16333445159746441001,131072 /prefetch:8
2⤵
PID:2560

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1548

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2752

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x568
1⤵
PID:2900

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:3032

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
29854224e4303b7b1620ded18d8c6e3a

SHA1
119a0b9c2555e218e3009b236a0bd903ae468d9f

SHA256
d98f4098a6af3b946417e79e4d33d8307f528230c4ad97200b432f5eaf5b64e7

SHA512
62de0927849f01e25903a8e1aceb79b9c30181fde6207e37e16afd2ff2a287cdac981823f641620af8e1aebfc7d9c4b7aebdc168f1cfa0cd67847f913c5801fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
936223cffe27a9488175ba42a229352b

SHA1
f8c40d56c30e3da35f23bce6b46b13145e8d13ef

SHA256
9557c821d2e7bc14089861c9bbd7b035404eaeca9d8832f2773302c3b66d35c8

SHA512
c443deb130e1cf17011991643b1946b42e985dccadeb43fc924cbfa40520d2413385f8fc47af1f37239b3196530fa09751b375bc24214640cf6c0f33b72eb8ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
886bede965e828ce30447a67fde78bf3

SHA1
f0489c23ecfa9278929b1bf1d666f037a4b18835

SHA256
005fc0e180e477340711556efed3bfd6a83a24bbc182b7aed7c6749bd1d6cdbb

SHA512
7430cf88eadee8eefec70ae53f12d2f9bbea2e0a72af3d674ec73013eb49312c8dee44f2a219768dd9c52045bdb4311962f80775b474935583bc73d3d46e5782

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
7cc74f3b38e8a2d558270e9a758a8169

SHA1
c58e5341a6c0682b772750c6881f42dea3d5ab63

SHA256
ffe2dc45385c48d13f5e9249ea6a54732e2029005cc6aedb55cd1eb51976de27

SHA512
b67727bb48ad67a5836e8b06e8e9436572113278be838efd3f12f9579ec1fb6c7664510a67a5364cfd66db54c80f448ba48a6c33df3905f85421ab4ce8cddff8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3546c16c1e424612e1a554808ba047f0

SHA1
8903559ed71864e076c3d70e39b05ff7cd8d6ae5

SHA256
cc6412a82c451ceb206d2ae501b16bbad68f18ce2398519d8bbff0bcaa0d6c64

SHA512
2941395a2d4da1749ce686776293065438617d745cdce15f1a848d7d57073b9c8db94db14151551d0e778dd7ec1e9a4a3f836d4ca41bce8be0eb5b3ec291f60b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
8b94d588be1fc928b64f7ac88a95cefe

SHA1
55f5809e163d37efe7e22f8df5ad9cd86c728916

SHA256
0e7400360a972cdb0afa1c25037158a849ec8d6951609f37c0f47c9b60b006bf

SHA512
4daa70d5d24a7e488978e7ee02733d5571742595a61f2a1e64f8f68c05095c8dadbd4d0eabe4dc1779b0f806eb6e4981c66ed26e5f1c140ed64d191508c1f9ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
445b41432784d6de2d9795fd061fc8e0

SHA1
332f7c611bbb69a9ff51257c6165d9140fa048f3

SHA256
957b32f06d11f8bc862c66c44d1e3ece9f6c31cb71c87581ccc0863dbdcffb8a

SHA512
dae2a0ff9c8a4d0ebe1940f7b8841297ba8041d8bcf7a3c2478323cd55b659e332423c473b3c80123651212c2b5ef320d88535397482dbc385f678b4a0acdc33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
853d84983c2a444fab2ee5de011ae407

SHA1
e5489af4b970c1997e7d9614c4939fa2fbe68864

SHA256
d4d35f73a9eae62211ef0ca0f52e010dd33e571115a91c2c2373586a5e947838

SHA512
7ea492f8f67ba861360070f7309e189c801d73339f53c8ff6b90e7545a018570fa7d97232685a5513e8a85ad785c01c39ca948c6951dc8cfbcdeeb788cedab70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
1a16b490f676481adae8a96240b095d9

SHA1
a88fb3e619e1eefd1a056da88e76ef2bad699e8c

SHA256
6acf2e1874ee7c2dafe82c38b581bdfea76c6604ed2753725dd03c2619f587c3

SHA512
85d41ef776f5d5a01983bc24f296631d39bda055efa22d55b9ce00769043bb43ae587235fcac4d2e03cad92d2e2ee257a29b130d7b5fb355bc0277e607f9ec61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9f336071-6b33-4ecd-9934-17dc73f24cd9.tmp
Filesize
4KB

MD5
29b48c70541c5dd0f2ed221d7f5a2ca1

SHA1
d76b164d0d2b404a200715913de38a4f565ec11f

SHA256
43d560a91afa14dcb289324d45ff61424caa4b215ad6a877a1f32d4e7c7ccc4a

SHA512
4f2f7293f2a45a74882afdb75eb034777eea60cb38c52c766abb1440e6d82cd2c1078623ed07fcbc90eca12c2a26ea24c8ace6d0586e503d454c9a4e49e1c7c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
96d1e200528e07ad1b869f261b4ef4ea

SHA1
03237e2169a66ce1e4051a3d89c75dfb9dde28ad

SHA256
15ba5efdb676cc154f43753a9cd7c8f2fe22dd8dfaf471a35491a906ba127fc7

SHA512
518955751e8bc5271426e9c928da1abf17af4659d5fbbf475ff138981c0ae1935bbdeb18c67a8fe740a462f70a2a0d44793ad18cbf33142644c667cf65b41c79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6700.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6A14.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF7D3BCDFC62D96F75.TMP
Filesize
16KB

MD5
b77040f54e8a99abc714bb0d58c58e1a

SHA1
0d9d8a24311f60f04aac10a51d3ce7cb335acd19

SHA256
b1d0a28bc4c1e40fc16f74214a64fcdeab1617f103c0785d81d4aa7a7d215343

SHA512
7445d6af0d17d07a96dfd795371420b4fe8e540e12acd3c8d537aa8ad4b0ce7621488dc1a6bd139d4215396da9b50a6df22174f236245d902d6277d0c8ed77e2

Download Submit
\??\pipe\crashpad_1052_HUXDSLCHNPUAABVA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/828-54-0x00000000003C0000-0x00000000003D0000-memory.dmp

Filesize
64KB

Download
memory/2752-644-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/3032-645-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads