fef2c8ca07c500e416fd7700a381c39899ee26ce1119f62e7c65cf922ce8b408

Resubmissions

08-02-2024 14:09

240208-rggrdafg97 8

08-02-2024 14:06

240208-rehkwsfg86 8

Analysis

max time kernel
144s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08-02-2024 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

build3.exe
Size

299KB
MD5

41b883a061c95e9b9cb17d4ca50de770
SHA1

1daf96ec21d53d9a4699cea9b4db08cda6fbb5ad
SHA256

fef2c8ca07c500e416fd7700a381c39899ee26ce1119f62e7c65cf922ce8b408
SHA512

cdd1bb3a36182575cd715a52815765161eeaa3849e72c1c2a9a4e84cc43af9f8ec4997e642702bb3de41f162d2e8fd8717f6f8302bba5306821ee4d155626319
SSDEEP

6144:2neDcgRQv5VaNT9DW7a6dtM9VstSttuvqIT:2O0v5VuT9DW7hdt9tKt2qI

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 5 IoCs

Processes:

build3.exebuild3.exemstsca.exebuild3.exebuild3.exe

pid process

812 build3.exe
3256 build3.exe
4456 mstsca.exe
2016 build3.exe
1320 build3.exe

pid	process
812	build3.exe
3256	build3.exe
4456	mstsca.exe
2016	build3.exe
1320	build3.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

build3.exebuild3.exe

description	pid	process	target process
PID 4436 set thread context of 2996	4436	build3.exe	build3.exe
PID 812 set thread context of 2016	812	build3.exe	build3.exe

Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeschtasks.exe

pid process

5104 schtasks.exe
3012 schtasks.exe

pid	process
5104	schtasks.exe
3012	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133518750248128432"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

4344 chrome.exe
4344 chrome.exe
4344 chrome.exe
4344 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4344 chrome.exe
4344 chrome.exe
4344 chrome.exe
4344 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

chrome.exe

pid	process
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4344 wrote to memory of 4872	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 4872	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 1708	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 4364	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 4364	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe
PID 4344 wrote to memory of 5012	4344	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\build3.exe
"C:\Users\Admin\AppData\Local\Temp\build3.exe"
1⤵
- Suspicious use of SetThreadContext
PID:4436
- C:\Users\Admin\AppData\Local\Temp\build3.exe
  "C:\Users\Admin\AppData\Local\Temp\build3.exe"
  2⤵
  PID:2996
- - C:\Windows\SysWOW64\schtasks.exe
    /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
    3⤵
    - Creates scheduled task(s)
    PID:5104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8aa8a9758,0x7ff8aa8a9768,0x7ff8aa8a9778
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=584 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:2
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5572 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:1
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5284 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5344 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5948 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 --field-trial-handle=1944,i,11617885407981441837,3629858888563985320,131072 /prefetch:8
  2⤵
  PID:376
- C:\Users\Admin\Downloads\build3.exe
  "C:\Users\Admin\Downloads\build3.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:812
- - C:\Users\Admin\Downloads\build3.exe
    "C:\Users\Admin\Downloads\build3.exe"
    3⤵
    - Executes dropped EXE
    PID:2016
  - - C:\Windows\SysWOW64\schtasks.exe
      /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
      4⤵
      Creates scheduled task(s)
      PID:3012

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2164

C:\Users\Admin\Downloads\build3.exe
"C:\Users\Admin\Downloads\build3.exe"
1⤵
- Executes dropped EXE
PID:3256

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
1⤵
- Executes dropped EXE
PID:4456

C:\Users\Admin\Downloads\build3.exe
"C:\Users\Admin\Downloads\build3.exe"
1⤵
- Executes dropped EXE
PID:1320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f37f4cc5ce22b183f0eb5514e3750341

SHA1
10def3c418babfe87581b5a607261930c5687605

SHA256
f678e822f5d30f364f6a48ac8cfd63f29f65eccb1e3685c0159d5f0fdb8ad95c

SHA512
3b339dc995f10595ebe93c55a9af460f539dbce8010e5df185e345a0352f693fe4d9c7449b20b0140c7b07cd72ef5458628bd8842be8aeca24162ad827cd0e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
9c4e3eb5ea6916779e76289747bf2988

SHA1
b642125eb9209e5d889726559ef4f0b1cf870237

SHA256
90252a6ecff0abd0230171b9e7d4fcf750c0f17490a6acf78450b83ecefdfa6b

SHA512
80aaab77a47304a1e4535863cb6e0e2cf242c107badeaab8a6c1019c1e03e584f8b614af12f39968fec66af23b44ebf28c1c92b8f01d370225b39a65242e4b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7dff6b4c570db1ccd494f9520b57abfa

SHA1
73f7049afe166574079c709a530cca940d6841ab

SHA256
35d27afcff2bf3d8e16f3145de3e1a618e3397f266bfc43e69d6a381fd615b26

SHA512
875d95a8d09af257bcedeadb13d3e4fdf247727df6719ef3b5fd89862c289a26a9ec4c8fb35f4cbef18aba8329d656cd7f3b7e7f7697486fc966f6f705e5401e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
baed5e3346682ffc701ee34b09acdc4f

SHA1
86feff554675417528da29ef8947027dac8f19f3

SHA256
24f78234dd219f5dda7d8f06bd254ff3e7626130fd1ecc2c77a348bf3b744c65

SHA512
7e0cfdf152325a9f4b2e0e8a4a297a0475dd92e24e2c5435ab3a66bb95a8a1f827fae43efc99db163f7d26c1254656c064f17aea31d10fa61654799016d25b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1cd9f55e46a15f3d63661e011b60b28b

SHA1
d57ff2c05e72102e351e40a9bf99363a9ce10416

SHA256
e484ac9e8c3ae64553f999dfea17dfe436bfc1517f139dc442e3508c8f8c2e12

SHA512
a13aff2f09a9ca620accc6e54a5a3082a165200eb740532a14b9d81a52222f9ef624d97d221dc7c077af7b865ccca51f2cbc2302cb1e5080eac47ab111a85da2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
269KB

MD5
46690a266fcb0b77e6bc515a4b2c8a3a

SHA1
d9c6a1b85fe78dd68907925a2866364be41ed0f4

SHA256
a0406529d0562af0d9c088f58c8b5a792f0aab1115ba2287fbe346c03469ff97

SHA512
1dc1fa53483a574076742185af0b4801a9cd7e5d9b0881933027f51e1f001df97adb929d27ae0d3463560ca3857498cfa009d39c5724bbf5dc00f3ac01da5174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
5be600c5154f0497686442d0ae4fb9be

SHA1
4994b2d2c59ecea294f0c2878654bc949bf4f52e

SHA256
4331ee4bd6a3b6d7425ffd030f8718a0ab86ca40994c50bd8227711247783f8f

SHA512
74af669c817b140f37b196457c58c862491ed5925f7c0992607faeb6f8f3485c4b68bb8e566c2ce99e711b934b544b72e007ebea7644f09defa843f9f1ed057b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
241KB

MD5
156c80da2ce79398af52d781e8a9e25f

SHA1
5aca38ca8623d6802b7550fb2be4eeb446cf9f5e

SHA256
341a9217ed4dec882e27d964c713ac744aef3235a3afff7cc37901fee34cf167

SHA512
38e348643609c577a60192c4a3da705e1b08ea317a7e560d46b9dc42f46b81e455e4f693ff493391981ccc14e0d40eb3be9ae5bd2fe44aa802a4b5348180ed80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
c42c1912e8f804e5e096918c18b3499e

SHA1
73ed74d27f412c1dda168214a1c7f5d13512ea0f

SHA256
d3c0122843bb68fc8b400ae013d15b1fb8ae4348b48069d1449b178cb749a122

SHA512
7e2eb0c1c8f5fb24a3aa29b91c33ccd15c23807399e377cf1e2c8dcc6b69772c2b2cb6370f36fb1b1728e30c3a8de9f3fb09524e13598b0285b2428e18994bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
b41df706a26763e2dd41219b651e5600

SHA1
468d114472727d7aad6512f1a0e97c5af96fa9cd

SHA256
ddd48f42fc12f0920014e3e0534b8d23c9c3d5ff2bfcc3cc47ac9a2efd4c3f23

SHA512
ef866029dc2abd07aa008fddc4fe787f432da12f80a10caeb8844b85f49ed14449206aa7e6bede3ea390a8f8a1e4caa2e509016f11501282c2d5f52f34ac787c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
fce8e228a31f85d4b09199d93814044d

SHA1
d29bbca72c51d4db9dd9298588ba6b1e051b2dcb

SHA256
1c136953f39a28b4168289a006da70a4dfe8b24282c2e8389276d3bb9510061e

SHA512
8ec854e5796e74e538489b6395d6443283f22490726bbd961df953864d93e9ee29144a18e28e1f4c4ea3d2cc12dc3d7a483dcfc937d8e700fe83da7e84e5c87c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588f6a.TMP

Filesize
98KB

MD5
261467084061b793e6d19961654829c7

SHA1
c51759ff62362b3777e4636692e711ef30967e92

SHA256
5bfb75111f5b8216b49156254dd024ea8bddc80f9c32b7aea37da1050ed6fb6c

SHA512
bdfc3550299d2d1d944d442bd6330e285880c8a891ed66f6f102f0d6bfbd680505d01c020a215cae666df8fbbe36ec3e006e41a3c3e945c8e0b9611de62efc79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
32dd076f0f40e272836d16d7ed841e96

SHA1
6c9f779046d34f7c28511b63e5f9b4606bb42a0a

SHA256
51baa60662d05bc30a9370bdb4dc0ce15404493361481ad0213546135f8bf9c1

SHA512
fe846d68662901f3eb73c57b17b8f1cf24a3e248278ead957363a4e0dd2b7f6e92a309907889c2d843dd44ba649f781bd3db65ac80e82e0b6d9f1cf859f0f6db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ffc71059-4285-46e9-8533-ca2c37e3dabf.tmp

Filesize
115KB

MD5
522cb8228f4fd49d9a80df735ef9a89d

SHA1
b17f0248dea3938c5d576941f0b91f8b0f8a8df5

SHA256
399630c2e79c8c856369cbbd776113c121d4dec47776b3722131bd4587ad01e0

SHA512
fdccf9ac21e2eeb4c88c47055d2b19c2600b6bf16115d28abd0e56fdb6564f97f76a48c9d176712175148de3e019862f36c57a4383286a9b82eb5ed0d1118be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\build3.exe

Filesize
139KB

MD5
fc60bc7a582a50e9125ff8aae3a68bba

SHA1
2087979142aaceb8b82cfe3e0e20e3c72e2ce50d

SHA256
032f98751174cca2918bbcb1870661051bac75ad19c60f39808da3817ffb06a7

SHA512
a81ca6da0167b5f59818c632646325a672b1b3755222b1caa15bbf03151b734959ebc5d507d3aba8caf495323cc56a90e42d92cffb2c5cb0e57e7f4bb28a6c11

Download Submit
C:\Users\Admin\Downloads\build3.exe.crdownload

Filesize
299KB

MD5
41b883a061c95e9b9cb17d4ca50de770

SHA1
1daf96ec21d53d9a4699cea9b4db08cda6fbb5ad

SHA256
fef2c8ca07c500e416fd7700a381c39899ee26ce1119f62e7c65cf922ce8b408

SHA512
cdd1bb3a36182575cd715a52815765161eeaa3849e72c1c2a9a4e84cc43af9f8ec4997e642702bb3de41f162d2e8fd8717f6f8302bba5306821ee4d155626319

Download Submit
\??\pipe\crashpad_4344_BNPGJMBZBYEZKOXT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/812-165-0x0000000000A70000-0x0000000000B70000-memory.dmp

Filesize
1024KB

Download
memory/2016-170-0x0000000000410000-0x0000000000411000-memory.dmp

Filesize
4KB

Download
memory/2996-118-0x0000000000410000-0x00000000004D9000-memory.dmp

Filesize
804KB

Download
memory/2996-119-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2996-115-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2996-114-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2996-112-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4436-111-0x00000000001C0000-0x00000000001C4000-memory.dmp

Filesize
16KB

Download
memory/4436-110-0x0000000000AC0000-0x0000000000BC0000-memory.dmp

Filesize
1024KB

Download