hxxps://github[.]com/Swedeachu/SwimDragon/releases/download/Public-Release-1[.]0/SwimDragon[.]exe

Analysis

max time kernel
121s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2023, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Swedeachu/SwimDragon/releases/download/Public-Release-1.0/SwimDragon.exe

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
4204	SwimDragon.exe
1720	SwimDragon.exe
2956	SwimDragon.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133367694920372184"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2948	2124	chrome.exe	82
PID 2124 wrote to memory of 2948	2124	chrome.exe	82
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 4000	2124	chrome.exe	85
PID 2124 wrote to memory of 3164	2124	chrome.exe	84
PID 2124 wrote to memory of 3164	2124	chrome.exe	84
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86
PID 2124 wrote to memory of 5016	2124	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Swedeachu/SwimDragon/releases/download/Public-Release-1.0/SwimDragon.exe
1⤵
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffa7ff89758,0x7ffa7ff89768,0x7ffa7ff89778
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:2
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5188 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5200 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5332 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5260 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Users\Admin\Downloads\SwimDragon.exe
  "C:\Users\Admin\Downloads\SwimDragon.exe"
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Users\Admin\Downloads\SwimDragon.exe
  "C:\Users\Admin\Downloads\SwimDragon.exe"
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2516 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3824 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5616 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5780 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5952 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3132 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3000 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1640 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 --field-trial-handle=1612,i,13072295664112733715,8999228284989787005,131072 /prefetch:8
  2⤵
  PID:548

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3928

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4640

C:\Users\Admin\Downloads\SwimDragon.exe
"C:\Users\Admin\Downloads\SwimDragon.exe"
1⤵
- Executes dropped EXE
PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\300a39e9-e01c-4e9f-b9d7-dcb5b5878e56.tmp

Filesize
87KB

MD5
6891eb6ce1bded4b91a2acafb29dfeb9

SHA1
96ae9187c0f1bb10fe38f8eafde86c2a775cd202

SHA256
9472aaf6b13e45400740df114cc07c7523e376436e7f8ad21c8a3ae8a19e60ac

SHA512
77eeebcbbc28fd1d8e39506c077c58603d209df775e4fa5e31f23d1d5f2a7d9be7ad342b35dc656124cacc308b7ed7b1a41bae7aa31ec48334327aa52e71d777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
1.1MB

MD5
5ebf2ddbe8dce7804dd60b004df730ea

SHA1
7fd3e49fb3e9c730435d5f9855f360aaa017622c

SHA256
c01848d9ddacc91bba1ae8b9521a6bde7c807b3873d522cf04178792dc7d2cd1

SHA512
8f6bc9277924ae208bab8340f37bda0e32d9a92f6eeac492e41eca795e0dec72bf583018d371bd2f747363d1c0ba531cbc9b690e48613699c8efd1a6a78c25be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
180KB

MD5
7f4148385408f18e61c997a6bd4d52f5

SHA1
aaac74a9531ee11228d2845f0096e2acdaf68242

SHA256
c882c824f1c1eca6536012defd98c86e2c44fb3969f9bbbed90e5df6968f551c

SHA512
0447fa8d70e41a684b2fcfbe03672d1551048249aeb506d9d94e2185000dd31e2cebcadccf2c388e67364ef7cf1f87e5fa0aba4685768e7c835c3e24f3717176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3c5e8fe46e0d04957bc9c745de2cee5e

SHA1
b50a74812b9d0fa37f39dc74c3f96e1a213e517f

SHA256
797df91677a3cbb251d99e4bb7e82652afe9fca8837fa25ee442dc5ffe7d2118

SHA512
31dc4d41dac6560219a64b1a8a87e01aeaba92707c40ca335ae90085edf144d05ce548546f2cc87282b4ba70ee9ce44f87c4cf7ec54ea9efa0956a943e06d7d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
161aa4c7225ce762227444445d950cb4

SHA1
7319c1820c632551d24e011914fb318cf241e24d

SHA256
24643e486f02667266d88f2049ed971e2f852daf25867d5eef2ebee4139fcf12

SHA512
d13d4732d6d39c4c6f207adfb8ba02daf663a7536b9d0cf0736d25ebcc14048ccaa92f282ce5d3dcaabbca56264771b1e9b36d69a639babf5475b54483b3d52a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
798c5d7d8cd6e4831b4f97c78d1ccbab

SHA1
e623d2ce09df189e676e20813730502d96adef3a

SHA256
4a605a5361f40f2782f9a22692b4a6ad8542f2c6f77dec4a5251445b62cafab5

SHA512
98c048cd7bc80513f11f799a5e8b8f029e6c3473488e7a9056d74a874eed1d32f5896497dc87d6c1a7f002b141e0a04c6811bc3a8721f2b43902545b79737745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
864B

MD5
374e41a05ce72b79cd9a1b5621508381

SHA1
cb573075a32f9ffeaa3c90ca9b9e481eb1cf5071

SHA256
3feb5746a284987ada45e77cb7810bd5e9b1d479fa3d1a485b33bc5e78e18bca

SHA512
94e7c588f20fbbfcedd1fc611ed16c76020093b4c5cc40907615cb4675780284a373f821cab451a29f22ec71ac3220bb0d893a1c45362354aeea1ad377f9ed84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
e59db9a4dc1c8fdbd19ecfdb5e8d85c6

SHA1
b958c565f0fa35b0da5d6f653c7aa7e41834318a

SHA256
00c10c450ad219141bb64f655b2aa17062c22daf937661fc1d5d6e298a38f10e

SHA512
2a613c61607554dc73ccf503be00acb13359db1c4bb4cf8044f98d5397878d434e0d0483e361647df5671b95a5bc5b014b386bb52ef55b24aa9bd0c5ae8707f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d8e1164d67fa98ea1f18ccc364afd3bf

SHA1
86488f1c24772772330524b3b971a70f2b779730

SHA256
c548b0fbf4904f9ef1771fb507a9a05eb0287673d06e093d5c780487dc184644

SHA512
b0015696579490ae4b190cb3c7b500f57ddbf95e3145babefb9fb7f17129d7cf91b32de59e769349abcd6914a38efc674b8e2dc1af804e1ce2fb718bfb3b8a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b9ddcbe089b424032c0c7d2677ddb759

SHA1
d56588c29bc4de25e280ae3d76095ed77a219720

SHA256
35c4f45347783f139c65794e52a658be2701370e5df9473d6b709e7c169b84d4

SHA512
76cf4270d914724a429586cec30b1207a15a4ee1cc9d8ad968c40f5b8c6b2b02f9128ced71fdf72b871a3f6bf8f8869b6adaae4228315edb94a9d1cba96adc73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
582ac56250885e5c017708eb8904fbcf

SHA1
84822dc526b0d0b5e651ad5e588d2a4a82299251

SHA256
722067414532f87d5bc56c992ec589cea67b4bba3566fcc59e4348477c70f62a

SHA512
03bff3b458a93987687088bc9fc225ad9d821eed0acd0359ee47dcf99547a00b9a5edb12e5001fdf2f69457ff09bcb1cd87d1f4f3162c5c7e896d1a61c9a2c8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
304c37d5a3fcafc6d3e050f6c7076fc5

SHA1
f56a1a14907c28f9a12f05531113cfa4446bc9a6

SHA256
875c3699a096585b8d83cf8de33c8b16427d5150e3525791208714b0a003beb0

SHA512
3039202420be080fc72d1afff3b8c18eb3bf5ab37f3fa7296d0d64b0f4df4ee3e303fff18e14b4f7d0005e6de6929e45960fe0f6b3fb8b8307b9bffe5523d22c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
04847be8e5a36b7547dcb95fad50cb59

SHA1
3893fbb41cecbdd433a585d2ab726b8614dfcd9d

SHA256
417bdbdaf55e56f5bbd788d27d01261e6a4b7b57bc8faf2ab8432edca0eaad65

SHA512
6bab759ce9d492948084e84f845752916a681c325bed74bebd526be2c3a53c96aaa6b2fbb61986fa5dee79a1a7d093334059437995e6d044384c94ff2101bd85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0605509152f6aea9dcbe2327f37f813a

SHA1
ced83981705ca7bc2bdf6e619db6af0f88dd5b84

SHA256
13df7557571133adcdf8057ad7cd3644f1145c17f6a40f2dfda6620d27806d62

SHA512
f93164407c5734cc5a4c11d05de1bc5dede0b019cce688b08c8ef71fe1d175cb9240a610cdd4b9a78f670d05cf40171bfabfd41609404511e73621cd60b973a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586ee2.TMP

Filesize
48B

MD5
ad9668e5139d24be139223a7c23bcddd

SHA1
d2d74a48dad6145980a00120ed2b6216cca96f73

SHA256
7843bca8040028d9d13f1f2620ce37aa66e0bd97d128d5cb70996f4930b1da87

SHA512
787321ace90d40195d0d04d605a16dc44813ce51b1dda2a9de46ea521976c83b594a3fd2d02ede718da341efb6c33d49e26a0abb8c814268cf4b1d62da1ac426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
8aaa49bdf606c78231a8efcfb21766c7

SHA1
eeb5577974ac5fca7b19143e0b03de6021019e9b

SHA256
7b6d674d3c1b4b614a7b1db4898aa0e40821a75ec2607cb7fa767d127f2ff1ed

SHA512
62c943d9b7f342e391c0955e0c3532b3aade23ab6f72d96fd2cc1195aa53c4304f25db82f9ac378eb601c45998251198fa977524f1b21e5e38686fa2494a728c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
51a7d1ac94f0159f3022679e25cd8cbb

SHA1
37f9053b40b5028678ecf33d9a416c9f24ab79e5

SHA256
a28cb728e5ae5e72589ea1a67240c1bf1e8274bba026e9330ef9b2c3170fb885

SHA512
fcc7ed369dd486d2c1a1d2ddeaf99827b1071de121dc6483987d55d706281bc350461cbfc685921e84a6205ba14bd622d9d375bc9bd696ea80d595edbe0ea4f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
115KB

MD5
202ded57b341554be750c76c63ff5625

SHA1
3463d9ed6351b4c9be19529ba4c91468a41798d8

SHA256
b18ea296c39a006f70b9648abbd2a1a4e7de83fc0baa33a259d18b21044d7d4c

SHA512
668c611ae84b2c94232b95b41a977537508449bc7243b91280bf435e7037285d07dfb06eff924ec986116207319a461c25cdf70cc285e801a26bc1e2cf0398e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
5ea8f04c33caf747d00bd2d1323fad76

SHA1
aec2201e0a0d33882193c186ad301b61fb9b97c7

SHA256
14ef707bb46ecdca1e47f8e701a077e9ee29528a5383f3009806152fa11d244a

SHA512
16fd9b5c3e10afda65c7b04faf8b65ccb3019b5c5423b2704abbb0bbdd8ceaf7d3ac7e68d584ea51307e9b1274109a492f86af35a92d1f095c1cc472a05c059b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
97f08b9434e984364936983f034c59c1

SHA1
0aa15f20bbdfdc0e2241213122cdd0066b9d35c1

SHA256
10a759eb4993d2b3febc1d6bd80efa039fb382d519babc2846c6b6af3a949c93

SHA512
6afc2e9563c48d09670c0c31b8602f2dde600f462ed2ba900b4afea52d5b614a4511da2f9165fa912aff732f248c2070b028e59deb3ebd47093b658d3c0623b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
d3e95b0361e80d5e97f7144ca482e185

SHA1
4856076dc17dd2fc1dda1483588e7498a94338ac

SHA256
2cdf51279bcd633bea9de43ca9488b8d113237e7aedab1844554e3e5d9c73036

SHA512
0f135aa12c28d7a911d7ca78149f0634b68f79db2dceab1ecf27220f09ed5311391ae5dfd0e696d597947a766b0eae368b1c39dc87404047d5df2188308af867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c90d.TMP

Filesize
103KB

MD5
08977719d6b1592a11aabddccb942c25

SHA1
aecac26d09ea0a5cb68249272d6b0b6734b36efb

SHA256
3872c3d0d47960c2c9dadc0e5e6facb657d9089c566ac6dfffdee26c884f371c

SHA512
05d9862fb266a2dba3515591bee0bd9aea8f1a7deacce61b3ee32c07bf50936dfd383483470ecdab60cdf7a87eb2985768248d23f5e8282e088e28593c047368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\SwimDragon.exe

Filesize
40KB

MD5
1032cec56b28f1fb1896068f362529a5

SHA1
ddca27211135f79b9a0db733a0c8cf1ed599d6db

SHA256
5fb8f31c9f51640e95707980a77d4943f0b0698063a115bdeb48e7fa22a0dd4f

SHA512
8cf87be0dc8b9d7db15b068fc270c03f58ddcbbdff09e65e3f1da87038461a94745219115b6c0260664cddd1ab50de478e216162a9a0eb942e0971d5107c127c

Download Submit
C:\Users\Admin\Downloads\SwimDragon.exe

Filesize
40KB

MD5
1032cec56b28f1fb1896068f362529a5

SHA1
ddca27211135f79b9a0db733a0c8cf1ed599d6db

SHA256
5fb8f31c9f51640e95707980a77d4943f0b0698063a115bdeb48e7fa22a0dd4f

SHA512
8cf87be0dc8b9d7db15b068fc270c03f58ddcbbdff09e65e3f1da87038461a94745219115b6c0260664cddd1ab50de478e216162a9a0eb942e0971d5107c127c

Download Submit
C:\Users\Admin\Downloads\SwimDragon.exe

Filesize
40KB

MD5
1032cec56b28f1fb1896068f362529a5

SHA1
ddca27211135f79b9a0db733a0c8cf1ed599d6db

SHA256
5fb8f31c9f51640e95707980a77d4943f0b0698063a115bdeb48e7fa22a0dd4f

SHA512
8cf87be0dc8b9d7db15b068fc270c03f58ddcbbdff09e65e3f1da87038461a94745219115b6c0260664cddd1ab50de478e216162a9a0eb942e0971d5107c127c

Download Submit
C:\Users\Admin\Downloads\SwimDragon.exe

Filesize
40KB

MD5
1032cec56b28f1fb1896068f362529a5

SHA1
ddca27211135f79b9a0db733a0c8cf1ed599d6db

SHA256
5fb8f31c9f51640e95707980a77d4943f0b0698063a115bdeb48e7fa22a0dd4f

SHA512
8cf87be0dc8b9d7db15b068fc270c03f58ddcbbdff09e65e3f1da87038461a94745219115b6c0260664cddd1ab50de478e216162a9a0eb942e0971d5107c127c

Download Submit
C:\Users\Admin\Downloads\SwimDragon.exe

Filesize
40KB

MD5
1032cec56b28f1fb1896068f362529a5

SHA1
ddca27211135f79b9a0db733a0c8cf1ed599d6db

SHA256
5fb8f31c9f51640e95707980a77d4943f0b0698063a115bdeb48e7fa22a0dd4f

SHA512
8cf87be0dc8b9d7db15b068fc270c03f58ddcbbdff09e65e3f1da87038461a94745219115b6c0260664cddd1ab50de478e216162a9a0eb942e0971d5107c127c

Download Submit