hxxp://fast[.]com/

Resubmissions

21/09/2023, 17:39

230921-v8p4lsbf72 1

21/09/2023, 17:34

230921-v5kpqahe8t 10

Analysis

max time kernel
293s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2023, 17:39

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://fast.com/

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "229"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133397916160380619"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2764	chrome.exe
2764	chrome.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
3512	chrome.exe
3512	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe
2108	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1740	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 5112	2764	chrome.exe	63
PID 2764 wrote to memory of 5112	2764	chrome.exe	63
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 3780	2764	chrome.exe	89
PID 2764 wrote to memory of 5048	2764	chrome.exe	91
PID 2764 wrote to memory of 5048	2764	chrome.exe	91
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90
PID 2764 wrote to memory of 2436	2764	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://fast.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7fff5e809758,0x7fff5e809768,0x7fff5e809778
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:2
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3896 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4580 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3992 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5260 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1660 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5392 --field-trial-handle=1724,i,11592289501796825000,1620036018561039983,131072 /prefetch:8
  2⤵
  PID:3432

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:100

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2108

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3957855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
90964f19d0705d2c85935cd9de560c84

SHA1
4b57f9770883de181d13187f39c917166f49fe42

SHA256
996a078651d5b4f399edf394e8d881c653733ed16dc26cb2f3110ad058010ebd

SHA512
9c25df6a5e1d4e878c85768fd68f767efb58fda65356069dea9ba6b9477ebf5d771ea88bded8582eeaf056aba3b99774bae3c8df7cbdffe95ddf6752a6f455db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d963dca84dc09e6814aabda68874a5ea

SHA1
7a75a8b6a4671ddd5ae489847d95dbf18f450f5b

SHA256
50197a8ebffcf5aa1f71f7172f6d66ab405b74a93e5b463c4bf756a3a00835f8

SHA512
5ee1f6aaff18f989b3e9c11250191a1844566b83edbc1748e0bc0e499d953e4a3f05040e813f6a7fdb4f40e89315f8eefbd031c55dcdcfb057f18048b16e64e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8c21ad1638fbd4598a8d7b388cecb4d6

SHA1
f24aba13b698bc02a51a53eaedebe45073ccd72f

SHA256
a23cd519fe98531eafbbddbe837abc5d6bbf5eb86389c45ddcec0e1c1bcfa54e

SHA512
c75d4e1dcafd3d02e4c5649b75fce54e5cb1605162d9dc060409723a4009948d6cf61d677487698c71ed57a14b5efef738d373febc59df021a904c1b41e2b16e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
97ab50f906eebc7e0a099e509240028f

SHA1
c4cb876719c5ba4d992eff1bc8fcc0dbd14ebdf8

SHA256
bb209df8794fc71c321aa8904e172dfa4fa08d1979968fa4b301e21e957e4232

SHA512
52c8b8e246888e85d5f3691795d02f6e4d61d891db4c2aa74ea1f472c815150d96e1d8e3b26bae52df64acc6f8634da126e79e4e72e3ab6734ecb154f7073843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
e368a641a8aecdb9cc69fcc7fb4d22e5

SHA1
9b4aa23297a708874d97a720d16bdab8da0243ff

SHA256
a5b8a89e465802cfa8fcafa772b7da6477b1f563849c649c567609f63f9fd9fb

SHA512
72d2ad001068ac455362fee694d9ba3e359bc891e39a74e1522f57248a1306d6138e4241207ce2170ff071b4d09b1eddb1ac427d9fb2687e92ebec60225ed03e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
a2fb453acfbb72f9d790d800ff6b10de

SHA1
2e31c1e393f5dc788d81af0ab2d479db1316e5bc

SHA256
bb90771a63b007f93f92931904a37fa916636be1d72e69f176d343f754862841

SHA512
18cc58c2eb770f785ff6c992a8f78f35b78b67b4c0c770a634a3c24aa0c104419bbb2daba6b0d1496ebcc114cb013d49b031384f865329a22a4b586e8e9c68ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
9fc605376bed5c5cfc802144efcd7b2c

SHA1
101d0e7ce28ad07d111d952b36bf95ff9703ef11

SHA256
fe007c75883c376914cd4f28a99f1d748394c8976c84fc0b711c1f4692ae1d71

SHA512
b35875bea0c906b6df09482304e851df1aba2dccdc7d5f1d78bf18cb50a8091d4c71050bda9ad6d267923ac20c7a7129041e539afb491c6f3476c90ff7cc2baf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
badb891393fa0534bc889ed91c55f130

SHA1
49b047eac8c469fa758c5a17013245c7995b6d32

SHA256
82a3e66b01b51d4c5f0d151d94aac03c0239f4cc3e629bfc4b77cdfaeafe8b22

SHA512
0d4416574c0e0065f566c457b9e6c069fa398c7556700780dce19119935258049be737233af13c74d0718f2b40dc45e85e75eb7a1a2af9e00d394acbe4310118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
46db336fdbf054fd6789aeb9c600c745

SHA1
d5c00453c5358806b171b41a5fd9c0da3a603c94

SHA256
9a431ab969c34b64be07422d44db28cb16292a094fafee779f25b8b8575b56dc

SHA512
07afa3e513c7eed4620323913e4f9eb494416757d957fa0309b9137df7b26c5351a864095a7eca68107cb244e203980cbe9e53f639931d2d48dbe7081aa12664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54a8f059addbc3cd55d019630070b679

SHA1
669c51aa3c97fb0efa810613debc12d220d70abf

SHA256
807e551e16e88b0e171d94cf42221ca2dc351bb4839320d3ad9830b267b1f437

SHA512
4ec5e6a63a5bed4fa2db983178287a1ee046227d87b5ba2c72c7d61771039cb86b830c98c3b56f82ba097840e6fd6c7ee37603fb86496bc9f11652a23290185f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\bb6b4f7c-01ce-40fb-ae5c-1d23a42b2d89\2

Filesize
13.8MB

MD5
c83a2a02aea9d32201c72475f72bd77f

SHA1
f0f04963c9c6d6f95c359afbaed30345fcaa6ba5

SHA256
56aa8dc1ee3c92a0b4b1eaebe3e093191136bd7d5efaa928089ed8ab31a516ea

SHA512
283fed31893d130e4c0bc049c4099e236f894c2956a6db629acf57e73e026b01493a2cd8d6b8f4abf62a23b1af07453f4dacacc6c5800bfb5481f18d349c6d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
1c4898f20f1801adb52fb41adb189c12

SHA1
78aa102a26781cde4b923e08eae47c2c45ecf2cf

SHA256
e72087fb4012b7c85d88a152c5c2dd05882e738fa73a35b0beb110bfe176cd97

SHA512
e458c28cf68c625f24df6327e61d9220e81e85f02f762cdfe0d6846d3c3f555d24b242fdbb796602ae7f68b7c0c22ae4691d5158973584dc0709af85106ecf19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
0415b57a0a0a6426ab6d14e4c4df2274

SHA1
c112a4a1a8717eab31196267c5b150cb5ef69ed6

SHA256
eaeb22fecdb0b421b62711c3c6168a3dfe52f4207d16ec85712ff499c298942d

SHA512
07e340dffe9a7d08edccd11dfb66e0054ec5fc5bc6c84405fc9cb9f113b8c72865970ead3b139856b7d4c70acc755bad9e640bc17417a235b703611d407239c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/2108-90-0x000002208E280000-0x000002208E281000-memory.dmp

Filesize
4KB

Download
memory/2108-99-0x000002208E280000-0x000002208E281000-memory.dmp

Filesize
4KB

Download
memory/2108-100-0x000002208E280000-0x000002208E281000-memory.dmp

Filesize
4KB

Download
memory/2108-98-0x000002208E280000-0x000002208E281000-memory.dmp

Filesize
4KB

Download
memory/2108-97-0x000002208E280000-0x000002208E281000-memory.dmp

Filesize
4KB

Download
memory/2108-96-0x000002208E280000-0x000002208E281000-memory.dmp

Filesize
4KB

Download
memory/2108-95-0x000002208E280000-0x000002208E281000-memory.dmp

Filesize
4KB

Download
memory/2108-94-0x000002208E280000-0x000002208E281000-memory.dmp

Filesize
4KB

Download
memory/2108-89-0x000002208E280000-0x000002208E281000-memory.dmp

Filesize
4KB

Download
memory/2108-88-0x000002208E280000-0x000002208E281000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads