8fb5890f75d501936e90d1891cd97c8b23396525842fd741f9b9a441405cd01f

Resubmissions

26/02/2024, 18:15

240226-wv4khsdb8t 3

26/02/2024, 18:01

26/02/2024, 17:58

26/02/2024, 17:47

26/02/2024, 17:30

26/02/2024, 17:25

26/02/2024, 17:07

26/02/2024, 16:42

Analysis

max time kernel
209s
max time network
216s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/02/2024, 17:25

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

gato.jpg
Size

54KB
MD5

cd869039e351b02dde534759ae627caa
SHA1

8c227c8532a3106c82009117500a53fceb8adcda
SHA256

8fb5890f75d501936e90d1891cd97c8b23396525842fd741f9b9a441405cd01f
SHA512

81a5b30497bb3cf7b6257728ef5f04b2e45d1ec23e159035210292b13514a82313e19c68878f50bd10a9382ed5b6a83c6356d2d2c0607a79ec2e8afbc9bc3fc0
SSDEEP

1536:g6taN+v7AZswe0Q4qKjLkvqwWsXcWQeldDrVh5Bh0K4:QEAneazLaMWQWdDJh5vI

Score

8^/10

evasion ransomware

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	000.exe
File opened (read-only)	\??\G:	000.exe
File opened (read-only)	\??\J:	000.exe
File opened (read-only)	\??\M:	000.exe
File opened (read-only)	\??\P:	000.exe
File opened (read-only)	\??\S:	000.exe
File opened (read-only)	\??\W:	000.exe
File opened (read-only)	\??\X:	000.exe
File opened (read-only)	\??\Y:	000.exe
File opened (read-only)	\??\V:	000.exe
File opened (read-only)	\??\H:	000.exe
File opened (read-only)	\??\I:	000.exe
File opened (read-only)	\??\L:	000.exe
File opened (read-only)	\??\Q:	000.exe
File opened (read-only)	\??\U:	000.exe
File opened (read-only)	\??\O:	000.exe
File opened (read-only)	\??\R:	000.exe
File opened (read-only)	\??\T:	000.exe
File opened (read-only)	\??\A:	000.exe
File opened (read-only)	\??\B:	000.exe
File opened (read-only)	\??\E:	000.exe
File opened (read-only)	\??\K:	000.exe
File opened (read-only)	\??\N:	000.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
80	camo.githubusercontent.com
101	raw.githubusercontent.com
102	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\Desktop\Wallpaper	000.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
4744	taskkill.exe
960	taskkill.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	000.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3270530367-132075249-2153716227-1000\{FAF3537F-66D6-40E0-A733-FB8B9E035CAE}	000.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3756	chrome.exe
3756	chrome.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
3568	chrome.exe
3568	chrome.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe
4984	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3196	000.exe
3196	000.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3756 wrote to memory of 4936	3756	chrome.exe	94
PID 3756 wrote to memory of 4936	3756	chrome.exe	94
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 3648	3756	chrome.exe	96
PID 3756 wrote to memory of 4476	3756	chrome.exe	100
PID 3756 wrote to memory of 4476	3756	chrome.exe	100
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97
PID 3756 wrote to memory of 3080	3756	chrome.exe	97

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\gato.jpg
1⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6bdb9758,0x7ffa6bdb9768,0x7ffa6bdb9778
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:2
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4608 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5168 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5112 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4616 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4752 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4744 --field-trial-handle=1896,i,16319617681053344463,12331326359305926902,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4316

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4984

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3848

C:\Users\Admin\Downloads\000\000.exe
"C:\Users\Admin\Downloads\000\000.exe"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
  2⤵
  PID:2840
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:960
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taskmgr.exe
    3⤵
    - Kills process with taskkill
    PID:4744
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' set FullName='UR NEXT'
    3⤵
    PID:3468
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' rename 'UR NEXT'
    3⤵
    PID:4016
- - C:\Windows\SysWOW64\shutdown.exe
    shutdown /f /r /t 0
    3⤵
    PID:3472

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3916855 /state1:0x41c64e6d
1⤵
PID:1220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6f2c4e44beb01ab0_0

Filesize
320KB

MD5
464aeca96d4042eff2da83edda99fdd8

SHA1
1a7fca8f03777c89eeddcb7d50c7d17e44af1f94

SHA256
b60584bb3aefaf98675633c4cc6b9c3134b108aa0880a733514562cd87964a46

SHA512
fbc6e547df828c880d84be95ea8731c6c0ed8bf1de04951cc9d94e1837474a9165060159ae7fe30890cc8ed53e079190ba58c193c8ed2f8858e55ffbb41b7b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\738184b4bb16e32c_0

Filesize
2KB

MD5
78e848d21ead52902eed23d9829d9664

SHA1
468a238ee059c4e5725bfa32bd98d7e1f27c4d76

SHA256
5c065779cf0f2a6f4e1e4cfa4bec2afeab79cef62ebac341b41320e4bd039c8c

SHA512
6abc827c65304b7dbb19e260de12653c88c83ad79814e1f0288e0c253684a7d3cc084936ad4d2e927a735146d8da4e976ae18d71e591858f869dae18f5d11ba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8869765962a93d50_0

Filesize
289B

MD5
985d41f72d5120b6be393fa6c9bae5e0

SHA1
fc2d5a95107f652e654b403c6bbaabd30b8ad92e

SHA256
626759557ed3825928e758c27c7297faa6bcb620556060ff710d143095803658

SHA512
a9b989e792e2b64ce5ae36cec8335d084ddcbdeeb166d48b4c89ee2fbe4573d81ec8a30e543c590dfb1fe6291d1e56652c93d63c5edafc52a64eff0fa778f578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\aa7d1ab363d0c010_0

Filesize
280B

MD5
e3909f86d8998fca13c30dde296631d8

SHA1
f0b15c42de29812d9094919e03544cf45622be3b

SHA256
00c5e75f8ecbcd631d01ff66a3dfa49382f1c4e25cbd0dd2b2d9906157259695

SHA512
ec78183e547d9e52f54c988912a48d35a9db188869370d4421d2d50da935819702181fb06694e8cd0410454d6b5ef666ab158b7eb0da90c63f7181347da9031c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c058656c3fa92103_0

Filesize
18KB

MD5
7a598c463f47bf222e2119281d91f083

SHA1
f9dac9b79cc4c8c691f95cc28063df301bab9e56

SHA256
2db5b4b17d34e551f108593c0fb69ab3e7b89ee22344623321835577cf73ec2f

SHA512
253788aeed17f8a97bcc972aae479c189ec6705ec653df517618c859326f83a126c1c4e36d5004d2cd75cbcccfa5f344760df9d4a408ba2fc7a382c87505fa2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0a33f7b9d9d39a7fd70fe49ba6c78917

SHA1
b08c44c353f6d180fe18f809934922cabed6e40a

SHA256
3af85a33ea8e13d34aa7f84b8eb8de5e264713aaa45a509e56205e1fb77e511b

SHA512
82bb93d0f1b0c8c0b9e9175b674d452b3727f8b1969b00596e670a72e027c1ee618872caccf449598223b61d58e9d727b589b1431626d57acbc2b0b2d0223031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5e0a7d50-9b7a-4df4-a0b5-1e83b0a3e580.tmp

Filesize
371B

MD5
b093e45f53c8df6f55071b1422cb6de6

SHA1
8fa566c1f7fba23f061f090bab7fbcbae43f87e6

SHA256
9c44055edc558ddc95858d483afa7817300c504b23d6d0bef340e54eb0cb90de

SHA512
12e11c2f2cf3f97f35dd86446b02b98bdfdec8d39249d3adaf5ba45846e04999800ed7897f65c1b54498cf9dc0e0b3d495c3b96198b18d71421a8b54ac5aa1db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5b70c398891355588eb1faa1ded98aed

SHA1
2a5ac1536edb98018fac3503051ded097ea52f33

SHA256
54bdd8a200ced4c03f544cfa56475d582e3c0f68cbf0b5f9f95f095e6e0b2962

SHA512
127ec8d07f79fe5902587126ac7678bcadcecf1ca5a2c42f46a641821205a72f5369168c9ac5014c0539c5ad644fb541e017afae4bd938fd42d80bcb1f1db573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
627224ae43037110f07393bdd616007b

SHA1
51964a966a6648925798bcd19f58bb3fede23a91

SHA256
1e88ed8722c47ea587da4c6514b4c1a85194664af72db99c45b1dcf5b4b2267a

SHA512
641819c2fb8eb9055986bb67762573f9e1b8dc30d52a897cf81789d5c3227cb52c8697655c9c972664cc5f3b8b047c34fae4ec44cfee45ce959ef8c6346f3220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
e0cff2c4dc77739efb7e06af7b33ef8d

SHA1
4efcf4b8394a90429cf90e14878df854a451960d

SHA256
771af30fcf424ed0bc227c4e071963459a47b0b0bd4254b5a9e4c5b6221de998

SHA512
11872873a6d5a91f58740012c8194d157ea62169d8883d9b3c89671aa2c337cdc0d74cb63f3db0cfa81831cb4967f82862474a119e30c09fc3a9c86a28d6dbc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
426a0b213449902f49d150293dc776a4

SHA1
0d3a38b91ed0ee380ae4af1841da3116deeebffe

SHA256
f30d973720aacb536c78ad10fee81f4e9393efbd699d98746cdf04528c7bdd65

SHA512
8868175674bd332e4eac8a61c0d51389439d293c3d83fe91df9f6546ed7373bf3691cf4157fc74f585d71c6db395e6837eb156256e12aa7b2679d1c936536928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a6d6cba964a4c4ca59a82b3c124b5cb

SHA1
25c1e1a546a7931eb63a26eab400cb19b303a695

SHA256
cbfde15986fe387de15049b96b3c92ba8854f387515759899243728c1d08a859

SHA512
0d8ca564abaf60e00a3b79fa702d017bdf079600547d153ad816a3df2e567dc9cb41710f77d9dacd58a59057d8511e7b150ee2c81864656578e26d12ff5f9fe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
09f3889074ac01d79b18ba4d6bc37542

SHA1
db5b515ed531afad78a6496e3e379969890b3249

SHA256
7f39076b2074c5fb39125733a19004e871112c1899abbfecb99f5bf035408a32

SHA512
26d4cc835f090b1c4a8d3a2f29e984ca0f14827b9a6a19f10f2fd0ff42116fc636611ee2a88ed08bba84e97a436556e871afc5d265cc2cf8f26e2fac2d35eed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ca892c1a0917542554b330cad96ada83

SHA1
f207039fb4a814b0e92ba8516db629a9c689475f

SHA256
687cc880d3de62dcd3fb8ded83b28f836c73850b2ea5dff9ef6ee94f6ea175b0

SHA512
049d8f15193d9490569ad7b6d759c590c9fb2a1bb87bf1b9104f898006d8ca22eb7d8f9e01517835594a42a88e3b54d4e47a58f18a20bd68addcd93a9a25bb8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
718d5747d3c47380487a9fc595f9e260

SHA1
6adb485940343a058eed241cd9286f24e86c89ad

SHA256
e61659a9f5b025ea976d30ffd958f2c95962250ee865062128126aae1ebcca56

SHA512
ac2dccfcada5cf248a8da227f95ba2aaf9bb60dbdc643c934fea8f8c768e8f8d8f23c4892063f8a23558fa7625bc14c620f7eb123a68b500e9d4d467584dcd5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1f05e61aa90fef95594fdc7f286762c

SHA1
fb9c3f6d4d60b77bba595e4afe8a8d1b5ac3a4e8

SHA256
555779c54f1db5157b9970b35d4caa7814579aba92857259eff9675f8ad32122

SHA512
3b043181146d9d03c099ec4b58eaff20f85cbf7b93727dd7708684a811f5c9292e7b7707d1fefb76cd8550928a6fa9f6690e506f66f6eeb19836f2bf975310ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0abce0c3b5e55930744a6566e09d5cdd

SHA1
be5718a036c4f4d6e5facd0081b2bb4ce1a50371

SHA256
e09599c107ade8c7fbf1024b45e626cbe4012ab3ac1cd9f0d922b8c24593fce1

SHA512
386061d7f33e80b9509a8bb79ffc9babd374bc6a21fd24b36a266be63feec0c90cba45e0e75ca9adc20a92b719875e13643842584d415d6a3dc9c99a9fe2ff17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
96612178e528fe9837f1920c7feab93d

SHA1
9302e1b2940b79e57cf46b5a94f8157bc02f8a6b

SHA256
40f0330df846cab2fbaaf99443862cf0cf5f75b289958e67c26ee082d89c1ac2

SHA512
19460a862dd0dda855b904beb53c1de8a3ad3b51f832c9f009629df96da07800c1f969d4051025060c9b45fa4e860cf53012340690185c9c8e3731197e33b918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5ee269359f39dca27bad8029cde68b31

SHA1
fc29475baf2e3647d7c7062247d4701f20c8ac26

SHA256
f01d9b5a6843a47afbb025faffa0bce3b53bdbff0fce260cdfbacd7d5f988d4b

SHA512
f4ca09b6f2d0dcb3b1d3c04035376763c8470c4fea0ac94f04f09d63f29181f3eafb9a8d53f2f5112d88881a132b891b6fb2da62e74ba8d651936d15e6685c1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
bf6447233e61dc1412dd5fd62e7dd8ef

SHA1
42fe0c57decf4227f3661868fdb3752d4daf8eb5

SHA256
f555e3244ffa019630a7a44ae3095a066578f2805e9875f624fd0f14a0c60008

SHA512
9e334c1b8f3909442e0cfb9bff87923ebbb7ea92a2c5d91be911402cee81275b056b7e754ff88d80a89d1a17f225126dc7f27f7ff9b94bd1a22462b3ab812c79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
1d927baab061ff51531e84eaf919d417

SHA1
268b5cc14718ab9f48691168cd7f1f6653472313

SHA256
9ca11310dc8c12165b4b6f4cbe18cc0ea3995fd3cf634607fdd0ffd024f4d4fc

SHA512
cbc4e31c20462ad73d887a3ecde9366453e1ed0185c696a6498fd1c75850ac6f743cea0b7d8ef642fa34d198b86309ab514b6de61912974bc9dff17c9b3651f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
c28b2203ceda8db8bf52a77dcb1c1261

SHA1
25fdd4a30c6eb9a4cdd4202782bc3db1842535a2

SHA256
d8550af0a7de779d86cf1b95270d5bf7255557fdeaae97a181013176a5255689

SHA512
b33b4c7bc34e0a43259df6324dfcc700528356f2615391e2d2b762e46d4be808a2c74108e14c0675487c0c7f3bd60e0c4a5011f347864db451a08c13b6e8ca4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59020a.TMP

Filesize
96KB

MD5
5222cb352658f79866be7dc865a27529

SHA1
c6eec2889b5d4aaca0e38d96a168dad8614d1bf0

SHA256
8cbf702a76fdbf9078d6287e5070665a868d151fe8268fb7bde2866db60ce87a

SHA512
1b41621dab72f5ebec38fc64a4380e4f732a9f0a232f0bfd536827d0c45ef5617adf8c9c4af7d5949a1c408d87ff9ecfc292d32480d03a11b0712aa3a4516037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
247a686b9617619612160f15ca884eb4

SHA1
f228f22b7b1f96fd5fb9411136a7dca3b822233f

SHA256
50012dcc7cd3701f13ed2a1cb7b916fed1c8958978654d9f9acea2f55d20efb6

SHA512
4cb507ee0142135ff10a60a952a04f154d0a200cbe656be70375d88e01ce13089b047aa3dfd11b3d15b5f84c9b5797420dc89383f97f133b4448215845852100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\one.rtf

Filesize
403B

MD5
6fbd6ce25307749d6e0a66ebbc0264e7

SHA1
faee71e2eac4c03b96aabecde91336a6510fff60

SHA256
e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690

SHA512
35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

Download Submit
C:\Users\Admin\AppData\Local\Temp\rniw.exe

Filesize
76KB

MD5
9232120b6ff11d48a90069b25aa30abc

SHA1
97bb45f4076083fca037eee15d001fd284e53e47

SHA256
70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

SHA512
b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

Download Submit
C:\Users\Admin\AppData\Local\Temp\windl.bat

Filesize
771B

MD5
a9401e260d9856d1134692759d636e92

SHA1
4141d3c60173741e14f36dfe41588bb2716d2867

SHA256
b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

SHA512
5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

Download Submit
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\Downloads\000.zip

Filesize
119KB

MD5
d113bd83e59586dd8f1843bdb9b98ee0

SHA1
6c203d91d5184dade63dbab8aecbdfaa8a5402ab

SHA256
9d3fe04d88c401178165f7fbdf307ac0fb690cc5fef8b70ee7f380307d4748f8

SHA512
0e763ff972068d2d9946a2659968e0f78945e9bf9a73090ec81f2a6f96ac9b43a240544455068d41afa327035b20b0509bb1ad79a28147b6375ed0c0cf3efec5

Download Submit
memory/3196-549-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/3196-539-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/3196-1391-0x0000000074990000-0x0000000075140000-memory.dmp

Filesize
7.7MB

Download
memory/3196-508-0x0000000074990000-0x0000000075140000-memory.dmp

Filesize
7.7MB

Download
memory/3196-509-0x0000000000BB0000-0x000000000125E000-memory.dmp

Filesize
6.7MB

Download
memory/3196-510-0x0000000005B40000-0x0000000005B50000-memory.dmp

Filesize
64KB

Download
memory/3196-511-0x00000000062E0000-0x0000000006884000-memory.dmp

Filesize
5.6MB

Download
memory/3196-565-0x000000000CDD0000-0x000000000CDE0000-memory.dmp

Filesize
64KB

Download
memory/3196-519-0x0000000005B40000-0x0000000005B50000-memory.dmp

Filesize
64KB

Download
memory/3196-564-0x0000000074990000-0x0000000075140000-memory.dmp

Filesize
7.7MB

Download
memory/3196-530-0x000000000C710000-0x000000000C748000-memory.dmp

Filesize
224KB

Download
memory/3196-531-0x000000000BC50000-0x000000000BC5E000-memory.dmp

Filesize
56KB

Download
memory/3196-535-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/3196-534-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/3196-537-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/3196-546-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/3196-540-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/3196-550-0x000000000CDD0000-0x000000000CDE0000-memory.dmp

Filesize
64KB

Download
memory/3196-544-0x000000000CDD0000-0x000000000CDE0000-memory.dmp

Filesize
64KB

Download
memory/3196-545-0x000000000CDD0000-0x000000000CDE0000-memory.dmp

Filesize
64KB

Download
memory/3196-551-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/3196-547-0x000000000CDD0000-0x000000000CDE0000-memory.dmp

Filesize
64KB

Download
memory/4984-459-0x000002468C5F0000-0x000002468C5F1000-memory.dmp

Filesize
4KB

Download
memory/4984-469-0x000002468C5F0000-0x000002468C5F1000-memory.dmp

Filesize
4KB

Download
memory/4984-457-0x000002468C5F0000-0x000002468C5F1000-memory.dmp

Filesize
4KB

Download
memory/4984-466-0x000002468C5F0000-0x000002468C5F1000-memory.dmp

Filesize
4KB

Download
memory/4984-468-0x000002468C5F0000-0x000002468C5F1000-memory.dmp

Filesize
4KB

Download
memory/4984-467-0x000002468C5F0000-0x000002468C5F1000-memory.dmp

Filesize
4KB

Download
memory/4984-465-0x000002468C5F0000-0x000002468C5F1000-memory.dmp

Filesize
4KB

Download
memory/4984-463-0x000002468C5F0000-0x000002468C5F1000-memory.dmp

Filesize
4KB

Download
memory/4984-464-0x000002468C5F0000-0x000002468C5F1000-memory.dmp

Filesize
4KB

Download
memory/4984-458-0x000002468C5F0000-0x000002468C5F1000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads