fb106bdcc87af611308e809356192c7bb934a8621a07d7dc7e1876e0cea5eb1f

Resubmissions

01/03/2024, 15:25

240301-stvz7sha8w 6

01/03/2024, 13:53

240301-q7da7sgg62 3

Analysis

max time kernel
202s
max time network
202s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
01/03/2024, 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

destroy-securly-main.zip
Size

1KB
MD5

f21cb50f02c17639a0cba452ec59ac71
SHA1

6144a9847955a414cdb4479d77b0da6d0777df2c
SHA256

fb106bdcc87af611308e809356192c7bb934a8621a07d7dc7e1876e0cea5eb1f
SHA512

8102ec1acd4429134a29e298b4c0c827c081f3e1f5142b05f175c6813ea1b52b9f5ed4494de89d76f397b72df54bef38c4730026c13493a5c673089d37dae29b

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133537803696367133"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1200	chrome.exe
1200	chrome.exe
3492	chrome.exe
3492	chrome.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe
3056	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe
Token: SeShutdownPrivilege	1200	chrome.exe
Token: SeCreatePagefilePrivilege	1200	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe
1200	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3056	MEMZ.exe
2732	MEMZ.exe
396	MEMZ.exe
1160	MEMZ.exe
1436	MEMZ.exe
2732	MEMZ.exe
3056	MEMZ.exe
1160	MEMZ.exe
1436	MEMZ.exe
396	MEMZ.exe
3056	MEMZ.exe
2732	MEMZ.exe
396	MEMZ.exe
1160	MEMZ.exe
1436	MEMZ.exe
2732	MEMZ.exe
3056	MEMZ.exe
1436	MEMZ.exe
1160	MEMZ.exe
396	MEMZ.exe
396	MEMZ.exe
3056	MEMZ.exe
2732	MEMZ.exe
1160	MEMZ.exe
1436	MEMZ.exe
2732	MEMZ.exe
3056	MEMZ.exe
396	MEMZ.exe
1436	MEMZ.exe
1160	MEMZ.exe
396	MEMZ.exe
3056	MEMZ.exe
2732	MEMZ.exe
1160	MEMZ.exe
1436	MEMZ.exe
396	MEMZ.exe
2732	MEMZ.exe
3056	MEMZ.exe
1160	MEMZ.exe
1436	MEMZ.exe
3056	MEMZ.exe
396	MEMZ.exe
2732	MEMZ.exe
1160	MEMZ.exe
1436	MEMZ.exe
396	MEMZ.exe
2732	MEMZ.exe
3056	MEMZ.exe
1160	MEMZ.exe
1436	MEMZ.exe
3056	MEMZ.exe
2732	MEMZ.exe
396	MEMZ.exe
1160	MEMZ.exe
1436	MEMZ.exe
396	MEMZ.exe
2732	MEMZ.exe
3056	MEMZ.exe
1160	MEMZ.exe
1436	MEMZ.exe
3056	MEMZ.exe
2732	MEMZ.exe
396	MEMZ.exe
1160	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 4044	1200	chrome.exe	85
PID 1200 wrote to memory of 4044	1200	chrome.exe	85
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 404	1200	chrome.exe	87
PID 1200 wrote to memory of 3156	1200	chrome.exe	88
PID 1200 wrote to memory of 3156	1200	chrome.exe	88
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89
PID 1200 wrote to memory of 2532	1200	chrome.exe	89

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\destroy-securly-main.zip
1⤵
PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbce269758,0x7ffbce269768,0x7ffbce269778
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:2
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3228 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3248 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4544 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5028 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5164 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2300 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4556 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2632 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1816,i,8858327128315396623,1440590645061477003,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3472

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"
1⤵
PID:4016

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"
1⤵
PID:240
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3056
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:396
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2732
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1436
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1160
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  PID:2012
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
47d1cbe36f6bdde4f964715e76251256

SHA1
aeea78e42fabaf7c42214a50af67280f87311280

SHA256
a96cb90d3618f4282fe67d5b103768957a976f0cfffd1da78305e7f177287777

SHA512
74cfd372ba485a7819457b626cb2aa4f9e511f3fbde1d99d7756daad7ab1406b61308aee7219a0ca914cab1e3cdec3de1f268a4290eb4a4575e6aab6cf46bef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
d0bf0ce8643e9b97511d548885e7c9d9

SHA1
0aebac882bf8d7abc37e1d6fd1459c901aee359e

SHA256
ccefcbc2cfc70d2cc03ef28dbf417afc615c22563d3b16d3812ff6049ec8a432

SHA512
6fa9adf12d3a4286725e77e3b680a24078a7d90e71fe351d4a1e8f9f4443857ec901c9156584cdb4f7667b7274d9d351769a45b19925226397235b6150a34bf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f41e1002f0a35fb03e2019dc30b5513f

SHA1
926ea67288fdc78e4920461419abe8f04d0e9829

SHA256
28e6d0c1c3accabf47ec1eabc0915e2a10d33ab27bcaa80a6265ad356f5757c6

SHA512
d61741057bd09050c1b8a8b5481d680aef277630dd367c2b795ce17971c65897a73fcd32928ffcbe7424e09a90ffa234542c6513dc373a7f83ff3d6084942dce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2992475d6c67df29cd460d8d797153d2

SHA1
8b4da528548ec124a7795b6f12cb0186b8e576cf

SHA256
e3d47a7a8a6c2cebfb0c7acf02b6129cfb5497006381dc381fdfabbb9f045c00

SHA512
577a2ce0e0cda407fb318516275ccd66571eb366af26fbd97ad5468e237f60ebd24878599cbd362010b529ec4783650a85ef1b70003db605b7816e3b7a1723dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
59b7e80358b6540c1288995ecf856eb3

SHA1
4f13a82f24e55ad2c0394406fcc527117f05492a

SHA256
7c47344effafa7e4a1e60ab008b01eeda42929541a2a56565db54cd74b660993

SHA512
0b814c2368e20ac7ef8481927f85ef10e2343771d8de424452accbc2099bf57cf874c7afb5aea4376ae2abbfc1b9dbff8e2f2e023836c900c2ff8f7534c1101e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b19c09b9c6167780352e70e7f4524665

SHA1
c9d0309123a475e2986f87ebb828abb9c5db3523

SHA256
789a4a82de827051ef42b08f48224adb235879249a1e20325cbce209b1a62d87

SHA512
786077fe0c96bd63b633c019cbed54c815bd72ffc4aa0583a822088eef4c85dcb080fe3e2d7d10c9eaa5e96a541225d141af5e3af67c97002e19d7cb65fb34c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
adf69e2cf07e6edb7b194976d7302d76

SHA1
706648f08e00eda29538c2d0274514d713354a52

SHA256
1fdf551283bd1bf8576ab656a5643a675cfc91c440727caa2435cb1ee461b27d

SHA512
dfed3d89a8ab61bc18116788a921be4ceec372659f781e4b032dfd31aef3b13bcf4be511fb26c689fb8698b59a29fda94df63b7ac8b3f0c512599a194645bb87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a021a78f021be5c0be6ebb1c40361f61

SHA1
1a4ffdcca01a0e322892d7d7799c6cde2a5df9b4

SHA256
1e12a43d58f6ac0a3b61fddf4ddd7c1c3496eba2986a596605cf9f84c2a3db91

SHA512
512e62019f370d69cce5b6bfc7ac1fb600bba284211027380436f1c2485478109721d34ab3468f23c9799bfe568e298ecb5a3016d41bb1d56e4684acf3fc886f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
35b957cfebafc32d51c7c3ca6d83315d

SHA1
ce69b45f554f7d43dc5d0fb1ff9fbed21c11d0b6

SHA256
353670c835ba05cf1da180d8e42c3fdd14eb544bbbe5945a695531d97985dec5

SHA512
d8131c55eb8e8681e666a2d8612137ff35b6b93f5e2c8a9f6fbccafca24b8507351e18bced1d14c443fae67b7ff59b7a5bbf5db7d488e5252390556bd9e7bccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d4101f33a89158b53307bd695bcac9c8

SHA1
bfb3f94cc4bf71daf44ac76b7ed72a960155f112

SHA256
4b57b92a71d837452025e1c5bd2252e56b5859cf16a64db8f17137d4269840d0

SHA512
e15f0551ce13b2c218f7692889b473d019c6c2a8b365c4ef84dffca481962c2a3c48f6a8134e05b3b6e3b179cfd58bf992236bdbedb5579ffceac27657a3ed6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
04b41841f7f43652480ca629445f43ff

SHA1
ee741b87ad9d7dbae10c2f49cb06893dc7c8ebfb

SHA256
99e1a3e4c07f771268413f8916ba2503c4619eb7c62620dadb5ad9da399c92a9

SHA512
e9a41c749d46e5c895e3aba843a5464d9c9cd6222907dd75e4e806d5b7f66a1c0e52293744d421154ce98674389e62868ee6330112ca961a4c3feb061c20fefd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9a4eff3b3b5b89c8045957ddb07a8ad1

SHA1
1d102c88cb4f044f3eb3f962e41d0fa90a8a269c

SHA256
91b6590f38f3abcfe7b3fd2a8fd8dab1ba21e77bf906fce54d92e12d1f5c046d

SHA512
93039e617e1217faaf21a64731d90314039ba698dd8c82f3c096abdb0eea7aa7198cfe70a2bebe3b65657f44692e91e9707887993405520510d9bea3ce29056a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bb16efb27bff4274750fa27a32e8c403

SHA1
59f1f599931251fdc65669ca95b24e851ed37a9d

SHA256
9fb286cd012881d3875b74ba97572c3266f16d1db58518f891dc7870c8baa288

SHA512
20e3491d8ef1231f822ddb26de821b087dcbfe68c298642e59c7ae231867a38fced216c742f676d82ae8003eb2dfec80656c63386b86ad646f20c9babc487970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
78cf99cf59160c8eea1405568f7540f5

SHA1
527b21e7c5f0490f63f14b9954cfecbadceb2f47

SHA256
dad298d02fc11236d4a635c6159e2c9d379dba5eeee2397d518eab71b08b9906

SHA512
f4fcdca10a7c3c5e611dc04ec6c0327d833f5ff84818b2a7ac3f03a661d84c553408bd58f999588271b4a173b2f8ced29f44f53ae3073e8cd868ff622d4ab1b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d8a44cc86e0fdbbae076c7998f43e7cc

SHA1
7250c8fd0d5135c8c0d49845b99d040a80b567f6

SHA256
de7bd83f94d640ff48743f75674011f18dd8c354c192581d3875f35acb4f37a9

SHA512
72bba2dff93b9caaf70b2131cc9464fdda8e9f1c78f7874fbfb0745fa1815d6599a30323f34a0239b7e96fd793e26d3372cf20055e941771aaa41b4dd0ea8bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a3f5395a92d7311582e86d992d7b07ea

SHA1
b8e5b4986fb1abfe9c36ae5dc114f9b4820e5862

SHA256
b6aad7a805dc8287e646936d9a7bf083d5d065cbf9b0a2ee248706f524424172

SHA512
d8fff69fe5f443147b881f7ad5b6f8ee246a7cb98cd3a114dbb4e618a22c4584b4f38f9124635c2d9c497d3f20700848279c49ecc7f2e58f12e3495c8cd73f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
9524e7a0ecd6c053b01d07503fbe9324

SHA1
0cbd240ef9fe30a183f746568643be86b54b2868

SHA256
c10847cd331d7e61d06f308c8ac44fb458c4b0b81eaaaf213a993e77b249abc1

SHA512
178c433957a3aa12f30cbbc4fe5f3726390a807af4d382c8164edd3016d28f16408b8e571efb2fece15201d37af663b7228b2351c4385c1e30de72ea37076d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
38684174d2a10251e58b70fd934ae4a8

SHA1
6ba1a2b84e7d161bc181de5d7cbb0284873712e1

SHA256
8d86c652ff664fdf7cfdc70a5f20e035fb87bcc4a428b71eca91a1415f390f11

SHA512
7550b3e63bf9ae9cfd909f52ce732c2f26bc600528b4d0f15e0ea6a5ff6abb29f4ae5bfd813a610a930ba700e48121c88b3225776a76930638b1f15239655278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5988ae.TMP

Filesize
88KB

MD5
83b7b0ed1d490ab662a9a74855ce1941

SHA1
c5d12737cca334475c240590dffff02df5c74865

SHA256
7316d5179a82dc4d1b24c4ef00bf9518b02b8ba5e8967cfff5c5c3c761ae0e84

SHA512
05a59d547fcf65b36e227bf3153907ff4da3698e1d14318940b0f1fe578eca69f2bc35787f01ad846893ee1cf216901018305755da4cb8ead368a8946f16dc76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\MEMZ-virus-main.zip

Filesize
8KB

MD5
a043dc5c624d091f7c2600dd18b300b7

SHA1
4682f79dabfc6da05441e2b6d820382ff02b4c58

SHA256
0acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a

SHA512
ee4f691a6c7b6c047bca49723b65e5980a8f83cbbc129ddfd578b855430b78acf3d0e461238739cd64c8a5c9071fe132c10da3ac28085fc978b6a19ee1ca3313

Download Submit
C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier

Filesize
151B

MD5
c0aaf6dc437b95d10bb053831c3cba7c

SHA1
f3b57f1b2dfc8a4ca0f366b7d1051d68f59110d7

SHA256
5d3db06bf246f33b99bfabbac16d6142e6bac695092228d5367b3cc03959653a

SHA512
9effe9ccb34ac61508648e32efb4f7fe8dd5ce195259f60707c720ac4cb9ebee0f5e944bda0ebd804eb441a8a32cf56336677389a9ad59a8c1d4402c164f2ff0

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit