Resubmissions
25/02/2024, 10:22
240225-mebecsac2x 323/02/2024, 18:31
240223-w6jz9afg3w 804/08/2023, 03:14
230804-drdktahb84 10Analysis
-
max time kernel
1050s -
max time network
1011s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
23/02/2024, 18:31
Static task
static1
Behavioral task
behavioral1
Sample
NameTag_Mod.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
NameTag_Mod.dll
Resource
win10v2004-20240221-en
General
-
Target
NameTag_Mod.dll
-
Size
65KB
-
MD5
6a8bb5dc6693d1cc59b1354346e14c32
-
SHA1
353fb6d921da3787dbce66580a569400c00f8d08
-
SHA256
e38e93ce4d34f2f83b0a07f5ebc7e14e15aad707da51237089c47b68fc5894d1
-
SHA512
5280cd48079697ee476e55f0a008e5623d50de055b70fb25faf108b9b580fe22dbccb0edb89d5cf52fb540fb2f2b8239b5fcba9c6a3c10c21fabd400842b3809
-
SSDEEP
1536:jF07uGyNJ9yYvqUGUsg1PDYHYRad1zXlD:xuuTNJCMDON1zVD
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
pid Process 1396 MonkeModManager.exe 2968 MonkeModManager.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 217 camo.githubusercontent.com 244 raw.githubusercontent.com 245 raw.githubusercontent.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531867807960458" chrome.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff MonkeModManager.exe Set value (str) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0400000000000000030000000200000001000000ffffffff MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff MonkeModManager.exe Set value (str) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Pictures" MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff MonkeModManager.exe Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257" MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" MonkeModManager.exe Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "3" MonkeModManager.exe Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\Mode = "4" MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000004000000030000000200000001000000ffffffff MonkeModManager.exe Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8} MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000 MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" MonkeModManager.exe Set value (str) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Documents" MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0" MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupView = "0" MonkeModManager.exe Set value (str) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents" MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 MonkeModManager.exe Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 MonkeModManager.exe Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\FFlags = "1092616257" MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1" MonkeModManager.exe Set value (str) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" MonkeModManager.exe Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" MonkeModManager.exe Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96" MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" MonkeModManager.exe Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3" MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3" MonkeModManager.exe Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 MonkeModManager.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2828415587-3732861812-1919322417-1000\{35055BAE-4270-484A-ACB3-B570A3EE4922} chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots MonkeModManager.exe Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 MonkeModManager.exe Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell MonkeModManager.exe Set value (int) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" MonkeModManager.exe Key created \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell MonkeModManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 = 3a002e8096f2fd3decdbb44f81d16a3438bcf4de260001002600efbe11000000f01188dcca64da01e1ecec5fd164da01e1ecec5fd164da0114000000 MonkeModManager.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 5100 chrome.exe 5100 chrome.exe 4028 chrome.exe 4028 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 1396 MonkeModManager.exe 2968 MonkeModManager.exe -
Suspicious behavior: LoadsDriver 6 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 656 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
pid Process 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe Token: SeShutdownPrivilege 5100 chrome.exe Token: SeCreatePagefilePrivilege 5100 chrome.exe -
Suspicious use of FindShellTrayWindow 61 IoCs
pid Process 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe 5100 chrome.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1396 MonkeModManager.exe 2968 MonkeModManager.exe 2968 MonkeModManager.exe 2968 MonkeModManager.exe 2968 MonkeModManager.exe 2968 MonkeModManager.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5100 wrote to memory of 1980 5100 chrome.exe 100 PID 5100 wrote to memory of 1980 5100 chrome.exe 100 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 4960 5100 chrome.exe 101 PID 5100 wrote to memory of 3564 5100 chrome.exe 102 PID 5100 wrote to memory of 3564 5100 chrome.exe 102 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103 PID 5100 wrote to memory of 3220 5100 chrome.exe 103
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\NameTag_Mod.dll,#11⤵PID:1412
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5100 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffabf039758,0x7ffabf039768,0x7ffabf0397782⤵PID:1980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:22⤵PID:4960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:3564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:3220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:12⤵PID:3580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:12⤵PID:4780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4684 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:12⤵PID:1836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:3932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:1156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:2968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5384 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:12⤵PID:4028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:3988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6116 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:12⤵PID:3796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵
- Modifies registry class
PID:1576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5656 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:4472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5396 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:12⤵PID:3012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2764 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:12⤵PID:3524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:2832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:1388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5808 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:12⤵PID:3612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5672 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:12⤵PID:3016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6184 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:12⤵PID:4312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5732 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:12⤵PID:2520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3440 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:12⤵PID:2336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5628 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:12⤵PID:2412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6420 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:2732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6572 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:2464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:3256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3168 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:4664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6668 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:4764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1876,i,11311416634584523422,4392900649066229593,131072 /prefetch:82⤵PID:3524
-
-
C:\Users\Admin\Downloads\MonkeModManager.exe"C:\Users\Admin\Downloads\MonkeModManager.exe"2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1396
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3624
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4592
-
C:\Users\Admin\Downloads\MonkeModManager.exe"C:\Users\Admin\Downloads\MonkeModManager.exe"1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
195KB
MD5873734b55d4c7d35a177c8318b0caec7
SHA1469b913b09ea5b55e60098c95120cc9b935ddb28
SHA2564ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA51224f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308
-
Filesize
2KB
MD5b8128461ed7727c1ce1829777f5d8fe6
SHA1d45b08158b599d4be0290ac6c3d4d619bd5e7ef7
SHA256fbce12f02de228d1a5958210c31a45f9cb3b923fb8fbe8d3c449de9b91b32896
SHA512fce6f4349810280a892ece4ee28541097944e59b7755ec90738497e01faeb439e8e714333205648bdbc05f495ae68f25436d2583db92ffde552da7bff6973fa2
-
Filesize
432B
MD56a66157998072f4fad60894706c8113e
SHA13941a12cc11c56a6501fef15659097bc2c6fd9f9
SHA25668241292a524b195d089c4e6e8eb5f34a31f09ee52ad002f5c410a850510cca4
SHA5126881508c30072b3348297c6ae5f7d2390c445323ddd46020dc1e1b58fd3db65b50dfd1aa1de0c22265b8a941f2c707821293a7bf04797f0a87b1c854ab0f860d
-
Filesize
600B
MD534e12ac55e8b692b03007129d33434fc
SHA11f3d76f1b2302c53e0087311adc7f397ff87d5d4
SHA25695a4683a44c99c1bc9d9c7c6d4a87b6b09c128e915750915ede805bbe930bec4
SHA5124feae6f4279084247f6ad0702a7d0943ce2b7cd2a0c298ea1830540c28ae98cfdab05745d099cfa7a989f1cca86adcff77e4379be229504f419d6858938d9d3f
-
Filesize
720B
MD58bdeb6f9281ffa3bcdc8745ff44d254a
SHA1bfea54ec5cfd93debd1a06ca46033be524de4496
SHA2560d53fd32256e281893c34df8571a6ec2be19ed57298a74f66c99bee371c8c1fd
SHA5124ed18778de7d1bd922e344ed98c7201e3439488227fdb3fd2c45acd8caba429156849b2a3b275647ddbd19da5d513ef9d96a6fd46491f7b9b95142351977a92e
-
Filesize
5KB
MD5841a033a28c515b49f991e55e4fe3a8c
SHA19b2fc8885cd539e440513af2874a027891e6aa6f
SHA256333c5066131867e959b4a63995258c03df1eb21d09202a1a23f576629a90de9d
SHA5121feea7a6d06bae99651dee7dacde86e5042a22b610c9b72ca761c48e84544edf6ef767963e57a7f195dfa44df05a66845fd5fc131a9a76a9f657e1a3998f8c1f
-
Filesize
3KB
MD5a75e7e4d7760811ef5678f761597bf09
SHA17c9d7395fb2819eda2ff1888e370aace34dc30a4
SHA25638173a384aa37c34bb8d98e2aa2b76664cad84af797053f7097ea6c0f0a9b2b6
SHA5122886bb9393c685fccd00b7626a00bcdf203f4a17571610d0cb904f1636a182f289112355892160fdfb8cf88ed6c7ccc5763d6dbd3b8e60448ab4325ef3fa0c1f
-
Filesize
4KB
MD583970aec4316af27d59d001bd04a1023
SHA1176ab71184fb76bfbebb6db548e2a919c744813f
SHA2560741b15a866f6216d354e0788c6658e171c117ec26f9e064e4cbf135bafeab0a
SHA512a7ddf6112ca5b09b372ba40b83b3a261744216fa6d8ecb2fd3865e142939f035e1ed2ba08b943cc65d7738cdd7717583b1464bf2f53400e6dab6f350d44481a5
-
Filesize
5KB
MD5acbd97d2fd05a13dce48547c8564c893
SHA1ba7628b7dca59b744afdc626419161efb757b57c
SHA25698cb2af3c786509d85456288a1c32cf81fddbbaebc97261d4f81e03dd53f7145
SHA51283b72722ae700079132b8202e309254090fc26d82070db67f8a048f5ec2aea6731cd76bc89897269239b70aec69c7e8460a39c6362159b6f3f5454921fd3d22d
-
Filesize
874B
MD57a446936f4d210192af0b3f1c70bdd71
SHA1ef7b157323580d8c488e993951ec434089460f6d
SHA2567304ab4d1e8cddf3e391f109b07d22f3b65bd62a523cc463b6cd9c8e6b67692b
SHA5122fca9306f75a3f089fc9525662775dff0550ec633b18b2adb88a5bd0a367cb6f83b107d8f82b51ae8217665eb28b27d553fe288822be6d0b59838840b830ef80
-
Filesize
371B
MD5d6e9fc1adb65b38201d9e15530e8ce8f
SHA1d4110fac3a34181335354d4ca97b8e3e383220fe
SHA25619bdb360285988b561a09d9c24b3b73821a4c15e0eed66078cda1e69a960103d
SHA512aabbe7e3d6d95fa067d381acded1025501971365b3a6ee43ed06a94cee86c0f1afcfc3875de425082f8a086a2a10529fafc96f3e21c202daf9c00a3eb58d1545
-
Filesize
1KB
MD558c4f95735b585e66c438edee7bbb782
SHA1ec45fc606805594da9a8145c5320aabff2103001
SHA256940a33a3a04010f19e102b8cf0a3ebf8e85734bc4ed36c6730844e766b3acdd5
SHA51276d8e3a7674dd8ec51b128c173685ad8dd8e907fbe4748516368b6fba998defadfae0632973ca959e04dcb73a200c53ed259c3b33a452e7697d861fb5191c35e
-
Filesize
706B
MD56f54879931494a7f7dee16dd490dfcf5
SHA1cc8eab6390909ca1ff5c359477de31a85f08ca33
SHA256f582f6dc2cf859943c4fce1932f634ea0d9a748777866a78fb3fc33000ab6d0c
SHA512dcb8928dd606276f1d0651425697c2d93dd9e42376ca8fcd891bd20d8467d2a194f5d88a3dfb2f396c9d5612e45dcd319c5da7729d559248bd862471a29bb5f0
-
Filesize
1KB
MD53625542f15fbea7250baa9e67edf3b96
SHA162168a69aa445f762d5cf5b7a9b8e472b790ebc8
SHA256bb1c033d69098ff17416036f76bc5885e0dca2f1274467f0571a5dd613c1c690
SHA51248367a846f8117350315a304e7aaa441975e5e569716eedf37c1520f2bb33ac40cc38fafa91bf1b54fb5da241f7c7c285f483b390bbb1b2d46c1e33eabbbc7e5
-
Filesize
1KB
MD583c60b3a5818951a7f8274f4eb3e8897
SHA179ffe3829e27f3388de8df555896d9df1d9b9f31
SHA2562463750cc87d81ee9af3849d951fcdc17a5317eee9021fe0febfcaf1180ef67a
SHA512c8abfab6c4799f7daa3bd719b67378a5db4949080be721fea3af89db887ced897d35f9ffcf9f5b8c518f0084ba4ecc9629f74e87d23c1c5ac60d351bbb045aa7
-
Filesize
1KB
MD5d272d1f3061f0b09da7f36e3ce71ca84
SHA1e2d08e7a8ca6f18ab0e8c0d1b528b8a58e6619e5
SHA2561ae31a7da0d6c2a1b0a9813f116f91198c6e6cd8d81cd853f82e71d84acd96c8
SHA512ca90a5c6c26c45147c2e3b79536e65332b4ac16bd014c3f1cb6734e5669c53efc79d263c046983dfa7b401540c88202a1d29c357de3a19a1492ce9aead19a3b7
-
Filesize
874B
MD5ebc68901342b9e489753b926089e91d5
SHA1f38a71716ad3186a09dd7cfaa8288d9b65161f40
SHA2564b7d785744e13224f68d0ee23ae3b5297f69999c62cc25f5b2b71b77f9e082eb
SHA512789b10b3f3de74c4b2404551806ffa0a8b714d29010c0c8ad691624e8a0d993ec43a88c999c6cf8d7c16eba1e7d38896af673b8e642c0bc93f0e64285d649257
-
Filesize
6KB
MD5e26c132ceb5bfabfcc2ae62fbd408cd6
SHA15c5a33d53c684fcb41115bb62f8a20dd6fef8708
SHA256f0abb073d2abfd192c2bb4c9c2263510c0eccf8342970935b394533be0654d27
SHA5127a991b5118ffdcd32ea2816361fdf2d697ebda325f130ee88c36ed8932d5ee26aba50193ff5c48869f17c7c25a85385a73adbeb645c1fc7231a3dc2f1e189c9d
-
Filesize
6KB
MD5dd86e8b0deeae203f95b4def68115de3
SHA10287670be44718144fe25f7b2a846899591e8b64
SHA256224720e42ec8bee625e5ebbefd82f480e0ea2f994caa183d7e697dd369d3a220
SHA512fb1a8c25ebe20ea629b588edb7b1f6a69149c46e461451a107353f8f77c23ce0ea7491f9e6e989bd258a7d62ed492cd41faba53e7f09e799b3143745eb7d9f8a
-
Filesize
7KB
MD55abd47f39d7a06064a17fc2a035a5394
SHA19b46dbd6dab7ec69febdd20df44851ac552265f9
SHA256db9016d4ee627fc3c0e6d7f30f859cf7ad5face391d27fbf0338dee18c5202b6
SHA512c296beaec9ccaefc55a3afbd7bfc33c372dc295b6617f86e59638c6889c4f5419bea2d411aea7e16ac02aebce28662023ee104ce225aaf58233c97c7e2c7ecfb
-
Filesize
6KB
MD50f1d6532222444d4476e5a4ace6bfdb8
SHA19ac0a22641ac46153d9c4b3e2abc73a3d49dce15
SHA2560ce6cd109f1ed51c0e4dd58ffdf2227f08642fd213db36bd84d540ea2ce7a18c
SHA5121e979d8247259b2259e35179fcbf6eac6c0874b93788305fd6914e3b34fc66b090564c9eea25fd1ddf64ba6f33675b7094c979372364e622105aa4b2e461b8a1
-
Filesize
6KB
MD55df0b9f3e011a6b0b123460f0b914bad
SHA16657b33435213e7ee3f8bcbfd1b92a2d03cac459
SHA256aab795425c66ece706d06b1f770563db65c9f85271d16e31b182887b067c56de
SHA512d74b11d39ffa7c3ba168b5e6fc7917bcef78c7cf4250d58c958f737e448eca50531fd0f0a45c3ef6cb8b54c1f5b1a6196c9f6e09e86fced875e95995718ad3f3
-
Filesize
6KB
MD52fc1efc8dcfbe3ef2e9a9df40216c254
SHA1d0fc6cc867e4a00c7ea3d34bef698e855ea7b6e5
SHA256f5329abeab0ccd98357c5da177d18e0c0d9667d3214c33ae162e26bd64d0b8f4
SHA51298ecdede1d458421de2952a51fbe44a323ad07075362e4e24407b80fc0b0bcce1261271ed448a5251a410dcdae96375f760dc6d62f46c77bb45c3538b24df73e
-
Filesize
7KB
MD543a0b64ad6be55c35f463cff3e2f9430
SHA128de77b391f25cb67900eaf87df592fa5414ffc8
SHA2561694f1cc47be8c495f9ce3baefcc6846480367b6983e45c3cb5a53985ef011a2
SHA512638540ab4f8c51c2c9a956bd469d873aabcb28d4fb4e8de6cf16844885602c8045adbd7f77b6efb9c28d850a6a83f7aeab9b5e5b5b50173f4c7ca99a516ce060
-
Filesize
6KB
MD5acf2c8272de121f32efb553b8c1c030e
SHA1c13c59796f3ca6e7967275df544470162f65027c
SHA256cf62f0d28a9d4a9d402c6d7d9706d608fede9602aeda06465e5c31775b2b8460
SHA51286966ffb20e73c217e81cfb412f22e79705c4dee8b32ff446dffceca7f786e8a0d9c9cdd816ada2c2fa07c06b7ef770e2775ebe56d4a049b5492e2608466e15f
-
Filesize
7KB
MD50d06c5c2aee99d4249b4a80349b06c3e
SHA1c2c5975e9f00292edc3c5dd648a0f06fcda1eef3
SHA2565aef2475dfba3184c607cda0882b0b5e3d506e671305b2e45c5cb8083d9a6391
SHA512270f57b7e50d7cfbd67053e6d8a2937db41e089e6913d18ce68a7fb4e78c1c7967167d8119f7bfcd0b02a9543673ec7d2b59e0e9f664b4229ec810556d255039
-
Filesize
7KB
MD5fe56e153e8aa84d21e8f590ea4ffe202
SHA15edda3da92fd9ec5b884d391fe0ab982c782d350
SHA2560ac1a37287461e26ae1aea4aef1440b0489c6c021d0a7252ff935d5ea9489779
SHA51209b07310281e7be12522547d1a01fb02ffd69d93f2e6c7b2fd6a27c40cf444d088e6f34f6c198db6aa6fc48395aef9f6757cf367889b12f3aba4e5d5d14c3c98
-
Filesize
15KB
MD5ceebc9ff65f5125de8f8c6962f6346b0
SHA1e7dedc5f18a3b40653a67749e2d67322d4185783
SHA256cb74637db05300415aa9ed76396f4207a942b47c1488b7ed983ab33e107a4081
SHA512c34d0957ea7ee7eff9522101884420d56a19f59c47c6e8e2080a53f61a61dacce4762b9b38d4d858ea06391448586e2a1b92cc88a1a88582b50c7d59a7f11a73
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5893b0.TMP
Filesize120B
MD57334743e560a1956894e4b982d61da8f
SHA1c4dbeee858be61c67bb392f6cda20a7e14d7a4f7
SHA2563115dd5ca2fa7235a3609448ecd850a234541ab27de9705969aab658814dc434
SHA5125c68f0124f489d2b8a2ac0dfc2b64860a8d44361b7ee567021159769089076319d462c7a6e04f38f769fe971d1c754760f95377ba6396e1ee8327aa59e96f1d7
-
Filesize
256KB
MD5d88df8200d4db0344bd5188dcf7265a9
SHA134d18926ad35925e8700e0df838eeec2d37cb969
SHA25687dd5630339bdb5cc56108192b69438d725f69e88b27440af9bca749fee1db3b
SHA512716f872225a5f75fd444cb98e04ec4482545fc20994f975adda3e371a53429a06ceb7ede01134262d5199851f19558baeff88721588d7060ee3c03c56ae5abaf
-
Filesize
256KB
MD59720f9149eec18e5d0a470f31334e0ce
SHA1a14ce88bccb6e7cefa4e693d8b912e9029d39c31
SHA2560789c17c8283dc65e2256d633aaf8a6cab1742fd19c2c2ad828308e5162aed6d
SHA51224d9d335e6bda6a2d49e4f2ba6d562e94b8ab8da9f70d222194418a17be3c26cf453c829f2453ae312607c8a4e71ac9e34e94c22ca2807b3c9e30c1330877824
-
Filesize
103KB
MD5bec15d16b4ec479f091319eee589e6ce
SHA1d6cb4aaad10f20bf56ce332b3e847cd579ecca17
SHA2567cb1b02dfd07a8119a7574fa10d15717eef780fcca703ec387d0c3fed5eb5bd4
SHA512ce74b20a4f9df80a73ed6289ff219b8e3b40491a265f2f069ea45e17225b083a0066c2b051a51bf260ac2412c925f83564da0d81601ddb9d35360ce7e70d76f7
-
Filesize
42KB
MD567804070e68f5141974922a54c2ef934
SHA1e592158bd17db1ce537ff05849cc08d9b00629a5
SHA256ee0d8edc1dc6128dbf2d7149c3a74dbc0dc83af637e6e793906cd625e48a591d
SHA512bd5e1b5a1c5b570305595bdafff0564d85d3584cd0d1244dc860498e739c877a43136cf5ce28c9f98c91242edd570537d73771f16fe19a63f13de503a88361fe
-
Filesize
111KB
MD51089df22757a0794c60db79a4447cc7b
SHA1e59aac85e7b5fc7cd2bce47ebc35f88c6aa98076
SHA2560eb5e49ecc8fd1cd40fbc9b51171f9cf341156fe8b2dd09f9e4b3ed5af1fbc6a
SHA512dca410887812401a78bfe9d06311affe272577dc360193826d1617b0629cc228cc5c3cd69c57a14d55bf1fdae08519d72966d5180e2690e9f6cbd4bfd12da9f9
-
Filesize
115KB
MD53d2518e915fe2250df5a94582f040416
SHA1b59ce78fb235d9050089b805d6a90056011070ab
SHA256a6f91b981d0dabd58a9e897ac762c7915ee2877d415cab5ace4098df07560e71
SHA5123afd756833f32aae768c439ef13375ba9e76685cf8ec3218eafe7d5d6ab5cf609ed77aae411ae03de0da25075d3594a9e128325f68df1607ebbe1cae8d2501a6
-
Filesize
98KB
MD53e6baa4e04276f8b8847d81545f95f00
SHA1b3f7c5c3b7f4a18ca8c5b91a7354a158e3d5db97
SHA256c11f1cdbdf0e8eaac381dd8beb21017fe74da1d57f7da160615547779af9525e
SHA5129065b36c1efbdf7d56ec602c6cc348952916f867aab0e19999c69785a1d884d25a0fd3121e7d0da048137c8e50cc3e61c492f72b2294216743fdb3a4b251a6ac
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
217KB
MD51d62aa3d19462f3d5575fc54159911b4
SHA1b37eab86c0075245fcc517a280f0705f6dffb852
SHA2566acaae0fb470790102a338e23dfe2263f31e529288e4efe51b34bca30371cb36
SHA51278a9501d7920920577a586396e5d9e2278a7c926448c9a98d7844db9032dbd887df90d2f389fe1754bf5a2071a19dfd5d40315624923e903ef9ef6cbb214b1df