systembc | 19363b70d7ccdbf10eb7633628f1e0d08fb0f85cff897fd758cf2b61c93abd81

Analysis

max time kernel
195s
max time network
201s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2023 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe
Size

13KB
MD5

489e088030eae6acf86c690cb42352b4
SHA1

943a6abb8d2ff25ae6b54c953b211879328a5123
SHA256

a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9
SHA512

78e7d85f57f0b85a71c617d4bea8783b433340a006756064181745a85b3de8d49f66ca3b460414406d1e83b525134aba0f6451c53b95f5ed482604c8395e6b99
SSDEEP

192:C2WjQTbZ1eBppvfj/j2+cPM3P+Q/tCvwSw3uM76V9bhHOkrUN9:C2jTbZ0pj/vcqP+ctCYSw3GV9bhrUN

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

185.198.56.2:4171

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Executes dropped EXE 1 IoCs

Processes:

a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe

pid process

2360 a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe

pid	process
2360	a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe

Drops file in Windows directory 4 IoCs

Processes:

a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exea21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe
File opened for modification	C:\Windows\Tasks\wow64.job	a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe
File created	C:\Windows\Tasks\wow64.job	a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe
File opened for modification	C:\Windows\Tasks\wow64.job	a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133252052291863213"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4740 chrome.exe
4740 chrome.exe
4740 chrome.exe
4740 chrome.exe
5672 chrome.exe
5672 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

4740 chrome.exe
4740 chrome.exe
4740 chrome.exe
4740 chrome.exe
4740 chrome.exe
4740 chrome.exe
4740 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe7zG.exe

pid	process
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4644	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4740 wrote to memory of 2692	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 2692	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 4348	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 1372	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 1372	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe
PID 4740 wrote to memory of 548	4740	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe
"C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe"
1⤵
- Drops file in Windows directory
PID:3484

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90f4c9758,0x7ff90f4c9768,0x7ff90f4c9778
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:2
2⤵
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8
2⤵
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1408 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8
2⤵
PID:548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1
2⤵
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3340 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1
2⤵
PID:3236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4580 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1
2⤵
PID:5388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8
2⤵
PID:5416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8
2⤵
PID:5432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8
2⤵
PID:5856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8
2⤵
PID:5904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8
2⤵
PID:5996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5084 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1
2⤵
PID:5448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3816 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1
2⤵
PID:5528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5136 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1
2⤵
PID:5588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3820 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1
2⤵
PID:1016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8
2⤵
PID:1456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8
2⤵
PID:5416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=940 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8
2⤵
PID:6140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5800 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5672

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe
C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe start
1⤵
PID:6084

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9\" -spe -an -ai#7zMap25031:190:7zEvent12167
1⤵
- Suspicious use of FindShellTrayWindow
PID:4644

C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe
"C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2360

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
Filesize
22KB

MD5
3b5537dce96f57098998e410b0202920

SHA1
7732b57e4e3bbc122d63f67078efa7cf5f975448

SHA256
a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88

SHA512
c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
Filesize
162KB

MD5
b81d6636c3ad72c63e532e5180eaf7f9

SHA1
ddcd059999fff6218e98af62dbe3fa9c885a0de8

SHA256
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef

SHA512
4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
720B

MD5
32a8ebf5efe9a8538b41740efb475140

SHA1
1aecfee5f435f3d74415c8838c28e2b399e12029

SHA256
5aa0d7e12757ebfa4f41d5f66031b3bd2d7bf1be92891b409212e986906a89e6

SHA512
131d65831ea8f0ccea07e12ed6d53eba504007c45429ba27839a4e80d505fbd74a293d61a689cb10fc8017e823ad92e840e539aebbd8a9b1be7268dfcb62756a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
15fa306707002f1055178ba444a890e9

SHA1
09eeab396c087f5c1e5a513fa981d52b7a6451c9

SHA256
236e665568187db2335eb3df93260151f1a1d37527d7de296f495c8aaac80e65

SHA512
15740a878372c26ae44a08ddeec7a3f593cebf43873281014a013d927613ea3be025608d1b572735855d6bdcb37d111d107e10e52520868ee57d43f1642f3545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
51380d0a331a0c7f38b983b58bc86c45

SHA1
6fe15516dab51c46914aa8a3aee1a9340675629a

SHA256
c9ce169836e91e6bd75a9e87cb41c59dd44a026eac4c549c9292c60e76eb8dd2

SHA512
6e3fb55202088cebb4ab64758682b5a01c4edb4b09ca142b536e5dcde4121dee4891f258fe35180b3074bde74389accc96b40cc7e55f7f1f1a82098c16cba2c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
8a03b3f4b0bbad857c55237656cefb9c

SHA1
3193498fa246d92d58a39ed2469def770331b375

SHA256
79a3c302ec6be23141730f271a460816a21f5285e72ff7b8c46457b081de978a

SHA512
94cda64ee468115b31aee3cb681a85cdedcc5ae1911fdb2ea840b5c16e888c3cef1d1a443d44c50b723d844b501e41b85243a0cd6a80efa6cb869f88fca75bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
0118a625439aeda2ea5123983de7d92d

SHA1
0a0f0f2e2aff70742fb49ad1717ca0c15bc7d6b3

SHA256
5f3c2543f8d6d23e7106dfda4eb7775c3796b0520810fb35ac1dda7646ee21b1

SHA512
9f4555d979d133011a4109d35a0c4e28f29d377756d5bf097aef651f828771f5b0155e6a239aae9d0653ec5be1c975791237443ab342ccedba753b420ba0d7a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
7254070c93bf3272314cdaeaf8fb5b8e

SHA1
1d724bf7ce99f71ab60b8df77afd3bc052f12b47

SHA256
77ef52405224153de7808133ff39254e30225e02140f03098494a152dcf8d147

SHA512
d74fb0e536e13bc6be1713f5d347fb3db02c0dcf37904e35f9ceaf92705a926b85175c0eef7cf72929ba7c7ae0e9dc9f4e2e45defd6ebf61690d293f6c33b456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
468d3970184938f0272d6702245bfb11

SHA1
e411d02b549113f5717a3cc7a83d4fa4b9bca698

SHA256
9c9c359bda2dfbfe008fe85475fcc4ea7f37ce668ad2e7824624a7fcffb962b6

SHA512
87a1d3c2e78c985cd98d94538704df81fcd47aa3b014e772ba5aa70f6353db8b7b463e41d6454f6e92ba64c9633fe30b7efcc80738c2a38893c756afabc28a64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
68905cde7b78ce9ef3f08794b94127b6

SHA1
7b2c0764bd7f72a3858f14d1fe054c1a41e013ba

SHA256
d94d540822116ad906a5d1f8f0970e22d519e4c85161212617a2d0642baa7ee7

SHA512
f916e0561e1735d09b049f9c23c3dc606fb8084a673abeff274beb539dbb1e7cdb83c2c196a44e76b2e466dfddd299b2b85fdb388144e36489946525d07c5ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1e852eb1e26daf5eb73156e9225130f9

SHA1
431e269e0ae209c1685f1fc12225790ce812e81a

SHA256
a3c732a347f926fdc7ef20514150ff12a705499ce5f290088b23bfad3dfc99bc

SHA512
9152f336901e99e13e32b3a42d7f103d4c92c347f23e011b0af595a5895724f08db0854fc0b16c4f593f0d5a1c92f6b5570b51b1853940ff180e8c83e194e389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
261c2147428b9698022934ed615f5426

SHA1
dbbecaceb8c35598b2bc81fcb6f2fc120d103094

SHA256
a749e9c6e358578260badb757349c2c7ed59426d756bee6ed3f34d1632518938

SHA512
b99b7ef457eb7169199d15bf70e17f72c565593507e13b4496976790ba53eab45f781c9e5cb5c0dd83acdc06f7fb8ffeb39fed7d307cd6790863195aba245e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b24b8e6f-58b1-4035-9dce-fe9eecfbee1d.tmp
Filesize
7KB

MD5
4032a30f729619f228a00e2eb795d7b7

SHA1
a271d024e26b85b3d4ecd34fd214d96a3a0ad06c

SHA256
1084cbad50e8f9d3e59f331a18f10dfe09b4d60d8bc6589aeb36bb2f408e7cf6

SHA512
4e487c8fb027b10ca46057e72cbec0791852cff7e98baff237233fede6e485b573c6b2a9dc89eb394c08c70483affb310b04c4e77980965ee75003b3f9977a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
51bf86678757b7d65995666a2774c0f2

SHA1
a5bd413bf0046e4dddcda5b83d3c1f57c6136a13

SHA256
703e06d65919c2587706c1174651b9ef01acfb58c2e7a0263490db1c9ed39caa

SHA512
f15f022a2bb2f7bd7a85a09ef3b779574e960724045215a4c7d84efa95c49d64ebe72eefecde97959a90ae7a35c23680817d1a1f61b88b5dc1cf54683c5aa0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
201KB

MD5
c490a7dba4053c0d53483cce9fac5c3a

SHA1
9ef2bba8cf3f44bcf16b1ce43361431dd66392a7

SHA256
82b775bd1c15a8b00e4a0dca301920312106f319ad632d32c7bfd5a30445cdde

SHA512
bffccd714b171f508d564ff4dda3433457383063cc7dd6b61273e215b36aa77c68bc2da8609634187fc4158ffa701b598beb826ccde43955f42b9af430c33fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
201KB

MD5
f0dc66a92d28facb04db910f8a91f3ad

SHA1
87b2c314d3f629bf22a84ad3f7ac090f38175316

SHA256
7348a52cc2d7736edf4acc08c8989a49883908692c84a6ba12df8d8dfd228fb5

SHA512
7434f93835d26122619e8eb70c79632d52932329557675f445970f50d0e0c7bb97fafda0dd688290f8268c7306f1578882b3842ead012ebd344b21ee6584f752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
201KB

MD5
bee9bba62a23cb8689747f18935e3ae0

SHA1
b21719e9a3707f2efd0304d5cd9d651cc9ff538f

SHA256
4545f44e3d19ac9a0b7f3c219eb19d5f8d403779ab5ba253d11c10c717c9c2a6

SHA512
da16f5ecfb349b76bf55a187723d12c6f02accc21b3c37bebb3d444bee57bece9c74c8009581f001b3ec3b31e06f4eb6dd4aa233684007dac8a90a9c7644e981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
201KB

MD5
e1c7b83232c9dece215e6a013b4c5376

SHA1
24425346d93b42fb07711b3a6a9753bb2f2b3319

SHA256
e48c81c1dbe733104682419535d9f6fb92dfd082224604048b428b0a1645d153

SHA512
f6c063a6277b8e6a98546a6b510179cd8b8896a8b739722866cd7c181a5eaa9810940faf46d380ecea47f6fb7baabf31a70ab54faf9219fe3e64262c69c57efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
109KB

MD5
d3d794e96e158abe952379fed8b127c1

SHA1
3cdc910de4936fd515f1667bf6552ddfd8de0bb5

SHA256
8ba8325b31c75a01b5b1a2d737799871f74636d669dba77e5423e43014dd95d6

SHA512
1a6ea8c446784a200524c30d46d6e441939372fa6021fb84ab0ccc8e75668023516b99f16d2f9358d21ed69e1d1d9c93184c8de9e3819d5fa64a6c1a41556cea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580f5d.TMP
Filesize
100KB

MD5
ef15ee2bc7b7c45f4b0d8f7b4f14dacf

SHA1
d33fc93c9b58972f2b90fe30517e54f76680f3b7

SHA256
9a807e657f67a49728ba5c019321823dee50acecae87ae1824072d06177ea236

SHA512
beb792929e4303fc813238e8f4b5e54809dd12929fbec5254ef832a54a9c52362454f879d8f819cc7c65b057416ff07e297fabfa0fa2c76d956e130566f2d61a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.zip
Filesize
6KB

MD5
d494f04b1ac2db7fe20ee1f314f96c5b

SHA1
21dadf43d21e7341ab8b635ce055bf0a5dca2fe4

SHA256
de914d46c6d1fc285229ed051e14011d52e24a9322f70211db9dbede19918977

SHA512
c663289dc73b969df052961bafc60ecc1be1c1d1bd479b3fccd1a0bfb67da6b029383f632f83a4f4e46965cdcdabc28ff81d59eee885b1d446230d25158e388a

Download Submit
C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.zip
Filesize
6KB

MD5
d494f04b1ac2db7fe20ee1f314f96c5b

SHA1
21dadf43d21e7341ab8b635ce055bf0a5dca2fe4

SHA256
de914d46c6d1fc285229ed051e14011d52e24a9322f70211db9dbede19918977

SHA512
c663289dc73b969df052961bafc60ecc1be1c1d1bd479b3fccd1a0bfb67da6b029383f632f83a4f4e46965cdcdabc28ff81d59eee885b1d446230d25158e388a

Download Submit
C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe
Filesize
13KB

MD5
489e088030eae6acf86c690cb42352b4

SHA1
943a6abb8d2ff25ae6b54c953b211879328a5123

SHA256
a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9

SHA512
78e7d85f57f0b85a71c617d4bea8783b433340a006756064181745a85b3de8d49f66ca3b460414406d1e83b525134aba0f6451c53b95f5ed482604c8395e6b99

Download Submit
C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe
Filesize
13KB

MD5
489e088030eae6acf86c690cb42352b4

SHA1
943a6abb8d2ff25ae6b54c953b211879328a5123

SHA256
a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9

SHA512
78e7d85f57f0b85a71c617d4bea8783b433340a006756064181745a85b3de8d49f66ca3b460414406d1e83b525134aba0f6451c53b95f5ed482604c8395e6b99

Download Submit
C:\Windows\Tasks\wow64.job
Filesize
390B

MD5
ed66f8f7c249f3373a07f0f053844bb2

SHA1
7de3e56fc3a6600fe979e95d829e9ef131110ba5

SHA256
afcbb68cc71343c13774a10d74a9a739e8661b2f068beabf8ed1266ab966c18b

SHA512
be5dcab2dd0e39b81533d29fdcb8d20020d64222dcaf16523a8d0e1ffc8b5b8ae89108be4ffd29628ee8b877554ed2105f3de555336c3cd0782a16578a4e4be7

Download Submit
\??\pipe\crashpad_4740_JYUUNQPCGWDMSBKZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit