hxxps://transfiles[.]ru/wjvp4

Resubmissions

03/08/2023, 21:22

230803-z79h3sgb67 7

03/08/2023, 21:17

230803-z48sdagb57 8

03/08/2023, 21:14

230803-z3rsgagb52 7

Analysis

max time kernel
114s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2023, 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://transfiles.ru/wjvp4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2792	CoolSoftWare 2.1.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355709323117718"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
540	chrome.exe
540	chrome.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2792	CoolSoftWare 2.1.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe
Token: SeShutdownPrivilege	540	chrome.exe
Token: SeCreatePagefilePrivilege	540	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe

Suspicious use of SendNotifyMessage 59 IoCs

pid	Process
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe
1540	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2792	CoolSoftWare 2.1.exe
2792	CoolSoftWare 2.1.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 1272	540	chrome.exe	35
PID 540 wrote to memory of 1272	540	chrome.exe	35
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1968	540	chrome.exe	87
PID 540 wrote to memory of 1820	540	chrome.exe	88
PID 540 wrote to memory of 1820	540	chrome.exe	88
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89
PID 540 wrote to memory of 3100	540	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://transfiles.ru/wjvp4
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe51b69758,0x7ffe51b69768,0x7ffe51b69778
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:2
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4628 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5052 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5288 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5724 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5696 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5072 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6164 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:8
  2⤵
  PID:3840
- C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe
  "C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1904,i,15528095762712437270,9073071209432005449,131072 /prefetch:8
  2⤵
  PID:3964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4316

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
56KB

MD5
0e626f346dec0afc5f5942add273c716

SHA1
f9d2216432672272d09773ad16e10fe035b3f82a

SHA256
4aa5ebb91b8d894568797aa851b2f65c4d23e40533f77a2907dc2b5afd38e0f0

SHA512
1290e68643208af9fced47b5d216b6e596d252d7bb4757fe2b55d163077886afbc5f47cd6207f50ccd2962b72bdde2be2ef1bc3d18c44e12158785b43de952b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
642e572090b212241974e05f00ad6c16

SHA1
bc24ed8f469ce5b7cf2fd23d3ae6479e197eabc7

SHA256
fec0e425982ff6aeacc993bd6050229d42d8471df26a2d6db45c9e13a93615ac

SHA512
124290f395c3b7c8f32f7ecc1997909d87d588b367c45457e64be7ad033a750b95f6207db7741701c879b68d6be3d6bf95c0481157cfff358aaa59516db3891e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
61344e9857b13ce2994e3fc9f3490af2

SHA1
077eb23d688d00dc5c36a413e98756d716cc00df

SHA256
f978cf0f8ecd54677df0029388b437ab97c6b11c140f3686ad8cd63f9dec2c58

SHA512
cb8646b228e2fccdaff83560c5dd2f9f763abd31777f20f455109ff24bf3060f29d5e9f90a4a0b4acf9175727faad3308f4c56fe27655605129bc39bb71dfc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4967fcd17fbb95a877a326e9d23cb6fe

SHA1
d66b333256b518b3854cccc3692aecf09726f7d7

SHA256
6a9f86cab0792784949234dca1ce706b538f3ef31cb803ebff6a4d2ef29f07f9

SHA512
991227a65a0b260869e9284bdc68112d12b41ca73c4e6d106f598b101e32510ea77cf362a87aee7f67e84c97c4d0ddf92b38681ba036cdce1c8e74e7bef3a3d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b94312323d1475660e269974694f834a

SHA1
8ce8b43fddba3a4ad7ea670e5b8463f8a3e17727

SHA256
12c33ca64141f8d13f0b754b8a886e1f0442b6069a60274ee8e6d8c3440a3c25

SHA512
97bdef0992e4a64a5538adab5d19e196cbebef5cfbc5a5463f4082681cec0e6843516674a9f34399f1e50ff95296219bc5894d76de54a994c2cd000a77971b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
14c8e58c2cb8a297dc49d359b2d0d3fa

SHA1
7396043e43fa3caaa7d61eb95cdcf01f87fd3d0b

SHA256
371dca0e25736618447e61277c77df20e48c7c749a7370b147f7d5cc91036dd5

SHA512
0cb3116bfd229ff8df85b72fced3db89f3823ad946c15b86d794fc3b9bbe2154ce72b14cfe49d0e8a3bd56169bc9b6e399111b32b18ed9f2c21c3a6c519259f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7c8b0151c428bb822a687bb711e19878

SHA1
1c6c2f1202fd69a52aff7a013d2dc2490c3f968e

SHA256
fd0672401ee3b81747706cbc39f105faf82990ff3364ea1f0902ec6ae349cb3b

SHA512
430bdc2ae229aed328d610b37487ca6bc2dd012e993b7c03e122d5102017b65230966d1a8b81f52ed4532baa97b4ab0d7edab87d895875503d3ec96dba1cf962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
71be948c7208a0ae915980f37459a651

SHA1
db1ce746b5b2054893d738460def539f7d1f5c55

SHA256
f6168f7639db15bb8f9cad71572ac0bd407e5dfbf1e81719b956eeb0c193638c

SHA512
afdb63c6d734afc60689353c2bfb43becaec7c65197edc8beb37ac1c58a1f8e29afc820ceec9d50c280ca9ab6feac0b6deb7c3bbd93f2c1dfd0d89713e736047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe

Filesize
815KB

MD5
1341a7db06d95d52a5702eef0c864cf6

SHA1
378d7751911b0783a798c3bdd9616d6c684570fc

SHA256
1b3b8d589987482a5d43ec9df5ba8ef745e3fd6077d3bbed0d31dba562f129a6

SHA512
c8ac4a9ab50cc5d60af97712dfe6836cd62e35e67471af2506e2779d2b9c2260aa3e88b95e9cb253a0b6d7b5cfb72ea4e328c809b6fea531627c620430168a0f

Download Submit
C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe

Filesize
815KB

MD5
1341a7db06d95d52a5702eef0c864cf6

SHA1
378d7751911b0783a798c3bdd9616d6c684570fc

SHA256
1b3b8d589987482a5d43ec9df5ba8ef745e3fd6077d3bbed0d31dba562f129a6

SHA512
c8ac4a9ab50cc5d60af97712dfe6836cd62e35e67471af2506e2779d2b9c2260aa3e88b95e9cb253a0b6d7b5cfb72ea4e328c809b6fea531627c620430168a0f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 704809.crdownload

Filesize
815KB

MD5
1341a7db06d95d52a5702eef0c864cf6

SHA1
378d7751911b0783a798c3bdd9616d6c684570fc

SHA256
1b3b8d589987482a5d43ec9df5ba8ef745e3fd6077d3bbed0d31dba562f129a6

SHA512
c8ac4a9ab50cc5d60af97712dfe6836cd62e35e67471af2506e2779d2b9c2260aa3e88b95e9cb253a0b6d7b5cfb72ea4e328c809b6fea531627c620430168a0f

Download Submit
memory/1540-327-0x000002B7037D0000-0x000002B7037D1000-memory.dmp

Filesize
4KB

Download
memory/1540-328-0x000002B7037D0000-0x000002B7037D1000-memory.dmp

Filesize
4KB

Download
memory/1540-329-0x000002B7037D0000-0x000002B7037D1000-memory.dmp

Filesize
4KB

Download
memory/1540-333-0x000002B7037D0000-0x000002B7037D1000-memory.dmp

Filesize
4KB

Download
memory/1540-334-0x000002B7037D0000-0x000002B7037D1000-memory.dmp

Filesize
4KB

Download
memory/1540-337-0x000002B7037D0000-0x000002B7037D1000-memory.dmp

Filesize
4KB

Download
memory/1540-336-0x000002B7037D0000-0x000002B7037D1000-memory.dmp

Filesize
4KB

Download
memory/1540-338-0x000002B7037D0000-0x000002B7037D1000-memory.dmp

Filesize
4KB

Download
memory/1540-339-0x000002B7037D0000-0x000002B7037D1000-memory.dmp

Filesize
4KB

Download
memory/1540-335-0x000002B7037D0000-0x000002B7037D1000-memory.dmp

Filesize
4KB

Download