Resubmissions
17-03-2024 13:25
240317-qpfzdafc72 116-03-2024 11:53
240316-n2tpwsae21 116-03-2024 10:31
240316-mknlwabb86 116-03-2024 10:28
240316-mh4kbabb46 816-03-2024 09:43
240316-lpxvnsgd3t 116-03-2024 09:42
240316-lpqflagd2y 715-03-2024 19:28
240315-x6vx7aha7v 815-03-2024 12:26
240315-pl6j7aac75 714-03-2024 11:42
240314-nt9q5sba9s 614-03-2024 11:40
240314-nsz6baba5t 1Analysis
-
max time kernel
350s -
max time network
329s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27-02-2024 15:13
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
lumma
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Signatures
-
Executes dropped EXE 4 IoCs
Processes:
EVIL HACK.exeEVIL HACK.exeEVIL HACK.exeEVIL HACK.exepid process 2944 EVIL HACK.exe 4984 EVIL HACK.exe 228 EVIL HACK.exe 4744 EVIL HACK.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133535204419907583" chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings chrome.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
chrome.exetaskmgr.exechrome.exepid process 4368 chrome.exe 4368 chrome.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 3476 chrome.exe 3476 chrome.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
taskmgr.exepid process 4904 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe Token: SeShutdownPrivilege 4368 chrome.exe Token: SeCreatePagefilePrivilege 4368 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exe7zG.exetaskmgr.exepid process 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 1392 7zG.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
chrome.exetaskmgr.exepid process 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4368 chrome.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe 4904 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4368 wrote to memory of 3908 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 3908 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4692 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4024 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 4024 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe PID 4368 wrote to memory of 1156 4368 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4368 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6bf59758,0x7ffc6bf59768,0x7ffc6bf597782⤵PID:3908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:22⤵PID:4692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:82⤵PID:4024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:82⤵PID:1156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:12⤵PID:1740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:12⤵PID:1260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:12⤵PID:1016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:82⤵PID:2524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:82⤵PID:1940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5140 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:12⤵PID:4200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:82⤵PID:5052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:82⤵PID:3980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:82⤵PID:2900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5972 --field-trial-handle=1816,i,17426770134591006297,267103395214097693,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3476
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1720
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2144
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap7144:76:7zEvent292181⤵
- Suspicious use of FindShellTrayWindow
PID:1392
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k SDRSVC1⤵PID:5052
-
C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"1⤵
- Executes dropped EXE
PID:2944
-
C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"1⤵
- Executes dropped EXE
PID:4984
-
C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"1⤵
- Executes dropped EXE
PID:228
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4904
-
C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"C:\Users\Admin\Desktop\EVIL HACK_\EVIL HACK.exe"1⤵
- Executes dropped EXE
PID:4744
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
195KB
MD5873734b55d4c7d35a177c8318b0caec7
SHA1469b913b09ea5b55e60098c95120cc9b935ddb28
SHA2564ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA51224f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308
-
Filesize
49KB
MD54b4947c20d0989be322a003596b94bdc
SHA1f24db7a83eb52ecbd99c35c2af513e85a5a06dda
SHA25696f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180
SHA5122a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59
-
Filesize
24KB
MD51deeafca9849f28c153a97f5070355d6
SHA103b46b765150a2f308353bcb9838cbdd4e28f893
SHA256b1639f4ce0285c41f4bd666f3fae4767094e3042b0379646b5ccfe04ef01ec19
SHA51252122b7e3ca9b58eab42fc652c24b4b8c17c43970f88860372d8377c49c540c31ddc81b519f4d59d34e199571758f82ab2fea0737ac1f847b3d4dd75d7acac19
-
Filesize
43KB
MD54b4d8982bbafa622e9dc9f2d794f964c
SHA13786c77dd5cb7d7853a5c24ce9b92f84792b74f0
SHA256af0a5509a81b5b5ae6a1f55283a33f62955e1bd644786818854f13a64a3cfee4
SHA512b629256ec91938011669484c521e88321c5b40299f3d6915517a6e8bb718a7e410fa53ff47607bbcb242621c20b68c1432952ed81b72cae1c72ee63e00dc24a1
-
Filesize
23KB
MD5bc4836b104a72b46dcfc30b7164850f8
SHA1390981a02ebaac911f5119d0fbca40838387b005
SHA2560e0b0894faf2fc17d516cb2de5955e1f3ae4d5a8f149a5ab43c4e4c367a85929
SHA512e96421dd2903edea7745971364f8913c2d6754138f516e97c758556a2c6a276ba198cdfa86eb26fe24a39259faff073d47ef995a82667fa7dee7b84f1c76c2b2
-
Filesize
2KB
MD5f6711cd8cc8ffc15d4b145299d38eb6f
SHA11d425141817f7795594f69b2a091188236de8dad
SHA256377d224157f3915cac77f858e0e32fba114e10cbcbb8f756f83d16bd326934a3
SHA512746c9644102d9ac0ead16654d7ecfca1150c6658b7edb6098eff3179902b7881345039319c0f018cceb16ec149e19f2deaa681d80dac6d2a46dbbac3188cce34
-
Filesize
2KB
MD56bb6d5b73f35db304d8bb0318a030501
SHA1a2ec32d79b55c447b27093735209b6ff2019a07c
SHA256ccca467e7c6d3c5f3c9d875d1fb99000cb3058b70abf90737c2e2c6ab00d3ffb
SHA512ec82728fbe19580eb413efdbbd04ec69b1015abe86c8676f3eea9f8dee1243080566be4c6e2345d59f6b566f92a8e9a66d38ccdf5b71d73d89678651bbabe8a7
-
Filesize
2KB
MD52fbdf4a4219a335ba77dcc0bad647c06
SHA106ff875fa142aeaf5a38c1ee6cb22dcb2f7750cf
SHA25638baba4b760ce301acae71dd1696ff63def1e842d245901030aed82284ab5771
SHA512ee6419b3f51ab641c96626d7851c721a1e9f0ec7a26d0cfc6fb7e9858ec21a8cc943733f021587fe1e5b67aabb030e529c0c0c5b8e68e997a9638141367e48fb
-
Filesize
2KB
MD5d2d4cee6deffb02fb826dd3910e9e0f9
SHA1a0af6aefc119356dbf1bd2a1931e4eaafad32a8c
SHA256c15dd0b35e1c0c75a2f737bbda3849915f55784c77f37d8522dae0a7bebcbfd9
SHA5126db658302d6f738dc36fcf1f2e791886a7d8c875cb7f72047b4b967abc3305fdbdb11420d6e9cb2b6fee807894b828aadd4c3bcec02e1ad13fe88daa2a423f21
-
Filesize
1KB
MD5908138be80d0c7c85e94c268b559c8cc
SHA152ea983edb152d740868b9fd5cac702836fb571d
SHA2562e52a36630f459b90a483979e23a2aff96ba3f707f66eb48fcc588406ed1583b
SHA512ab975b28c3a29904b65ed362ce23af81172cbb430439049013205720c63461244ef5440c2f5bdbf57faf5e4a8949508a70d70486dfe0d8f2c18da1097e4ed92e
-
Filesize
1KB
MD5003053a8c7a1ec0ea99a0f0b758be19e
SHA1a6099cda8526a752a5c77d66232606b83e52d448
SHA256ad7c25267ee2af5cc4e7292c94fa94bd9430fcd64657f5d319599f188f4d270d
SHA5122243a71fa6c1d35f8c7d11cd3ceee08257313c8c5b76628b36f975d0d966f1c3b8430e58eb70b01ad83556f4226fef8147c23030849f0cdc4c11929433af008b
-
Filesize
1KB
MD5c8b4222410300530763d2e50fd05cc04
SHA172c9f4056b72406cf4545ae5be63bd2be6d2126d
SHA2560ef02dc1141b0716eb98dece5346cd37dc46797358cf7587f3beca6a7c4e331e
SHA512aab1a96dc3b26b892d35767c4099d46cf30e0e0c29cd71e521a562f1e7c64d0ca61f8a0de282d041c069f0a4059a16162977efc33edd6662b90a4fbb6e49cf4f
-
Filesize
1KB
MD59c8c87016bccc14daab8df1c105011e5
SHA1ae038043df40dbfd3e7cde15deb71ab59911063d
SHA256a247fdc9aee3d3633f8f9fc72d663fc372e251ee16d972513640a4ab4fbcb8ab
SHA51203327faf480ecd81494ec4b5213fe4b39074814c910d66a71b89a355451e180c9635cc6ca69d290fc37d7840b65d745fdc4faebe557805a9b673634c71b8f260
-
Filesize
1KB
MD5935e576c37a7f76d3003dd558de9de38
SHA1e95794d14ee813ec68f226e532cf1a7136c8ce25
SHA2563c2e97fd9e990f0a593d44c7a332bb093cf1d7a2c7934bca4a15eebce4905f40
SHA51296c37e98529d399fd131ea6b7c36396a8f69dd0f6f2f26953df81269ef829c82e49759bf663eef2484dc83223a297add28e4b3358e9a4f770f850bd85de9b851
-
Filesize
6KB
MD5caff23d78ede7a6938ab2b6d451dbf86
SHA10b19880c1bb888bc84e8a4ce4c632945b5777142
SHA2567040a15356a3fe6ef6ac0909967cea536abc93cf2bd153942aee19c4d6e3df0e
SHA5125735ede6618bfada342e60d123b9f64a6455183900ccb49f573f76eae18f06f798479aad6b264a3223448b502e1ee524de1d1a49e9bab70f1dfc85df9e8fedbc
-
Filesize
6KB
MD519cad71674f01470e1f30d1fc1701c1a
SHA1771fb60e6794f9f546db8fd3c261fb262459fd85
SHA256e200842fdadd0afc41defc83a5d3b308778ab6fb35f3e9a9821ace3e09babd9c
SHA512552e2afe879473154a2b5144311578692b6c42763d78dea74677e192815acf2cd4eb5b6c309bf24f6f6be66d236be076c7e535e146e78a20094d506db1ff0973
-
Filesize
7KB
MD5baa33bbf564a6b7431e1d2f98a5e567a
SHA105df34039572445691fe306de36235b418e48909
SHA256c325942046841cdd607b2f79041fd25e95aaf5bb2e5d364d9628c40e9b82d184
SHA512102a8d787d853e36e93d5547ce5506fe8967fc8e8a77ee6d852cd2fe7d496a9875aa8b5e227996ec5ffccfd1f557f1a2567644470004c3a9b8d99e784403f953
-
Filesize
6KB
MD5097a275cc74f59ec65b5e10b7ea5f737
SHA1477b54cf312b4dca24ad057bc8549e3f37f13e57
SHA2567af20d8615f827766434213f4b184e41445eb05fc84132255fbae91e13de7e56
SHA5126074201b6b9cccd84d5e08f5f51452767411f69d864cd89562b774ebaba89b4a801fe45b02aec16db7222c5374e8ab9e1346bd1f6e634481cf2ebe8e6b1582d8
-
Filesize
128KB
MD511822e0a47942588f7ed6745012509ee
SHA1175ce4a7164dbab202f2aa16b1b5a27e8525781e
SHA256735357eb357f50f8adf2da0d1d4921b9ea3e26db354724b288e7e9ac5b94f35d
SHA512924643a4d09fe449ea86d15f8c21facb7e86f097e1b2b64fbbd3120ad2884fdd111ba9949f80534dd06582bc75c4392698cf12252f38a65806db22824f5b6b02
-
Filesize
106KB
MD5f893755437b89fd343a061029f6f2bb6
SHA13dc6da2c8c10350ba4693cef1afd940b0daed360
SHA2562b6d252e073c315220c77a76a0191f7cf2207b1183abec0c98c11d19da458d31
SHA51250fa5305425b2e8717b87fa04b71dfaf35429e43df2f43e54714002bfd5c7fb25263cc2b9b3b798dc5eadba75dc9e6cedaebfe31ed93bd7846b5a12d236eb0b7
-
Filesize
97KB
MD5f4891b61c71a201ad29ee5cccdcb61ef
SHA147039ddf7477dfe20ed21ac0002dbd0e43dae5c9
SHA25660f650888a4b920b71b5ef71ac1dd6831c85e4b041564d6923cb0841ffce523e
SHA5127cbd4a8c49eaf30279692339ac4049139c463b367e05f170e94fa2521891cce0579990160fbd908ba42a93364e95ab383c5d8a741f6873d082ab2093a78d6592
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
479KB
MD51582c91ce3295398d82e5f24c7ee3bcf
SHA12ae5bef7f43dedf03abfabde7b1b8137226e1cfd
SHA2563244aa3cca2f7394edb843d4b444d4ae90356ca2521da2e470e6476ac97039e4
SHA5129183886fcf786e0601e89b2d1460c0c94f3e212b16c76c8000d9ccef9433e004aba8e49992465826f3310c147803611f83781848cf74b37e1cb90c73b78f8a49
-
Filesize
267KB
MD57649763bbc438362466b7f120cbcae10
SHA1364c5baee16acb8cd0ec3b886edee4ac2d885927
SHA256d480a98bf15a408ba207c0adb01d9edbeaa9ae6878442a1bf4143a8fc43c7c57
SHA512176a5560ce13dd88cfbc33142170317da542392b7532dc492d9e6c8a5969ecdd5c1dac2bfab271de195735b83f02167f380d37610a8b9583155c10a52d80c293
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e