ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe

Resubmissions

12/01/2025, 21:28

250112-1bdbfaznay 3

07/03/2024, 20:31

240307-zavzesdc37 8

Analysis

max time kernel
356s
max time network
358s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 20:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Monoxide x64.exe
Size

330KB
MD5

692361071bbbb3e9243d09dc190fedea
SHA1

04894c41500859ea3617b0780f1cc2ba82a40daf
SHA256

ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe
SHA512

cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e
SSDEEP

3072:7/yvAAdLz9aha9RMXtdf+IBC2nQ4oUehONFlT7vJ333AlOi9E3AAqgm:z6dLzgiMXzBTJTDqlOi9E3AAqgm

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
932	Monoxidex86.harmless.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133543176248228927"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe
876	chrome.exe
876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe
Token: SeShutdownPrivilege	1980	chrome.exe
Token: SeCreatePagefilePrivilege	1980	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe
1980	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 4368	1980	chrome.exe	95
PID 1980 wrote to memory of 4368	1980	chrome.exe	95
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4800	1980	chrome.exe	97
PID 1980 wrote to memory of 4956	1980	chrome.exe	98
PID 1980 wrote to memory of 4956	1980	chrome.exe	98
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99
PID 1980 wrote to memory of 2892	1980	chrome.exe	99

C:\Users\Admin\AppData\Local\Temp\Monoxide x64.exe
"C:\Users\Admin\AppData\Local\Temp\Monoxide x64.exe"
1⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0x78,0x128,0x7fffc7e29758,0x7fffc7e29768,0x7fffc7e29778
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:2
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5416 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4092 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5964 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5876 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4132 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4376 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3804 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2976 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2384 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 --field-trial-handle=1880,i,7271527773781826600,2843728479440920644,131072 /prefetch:8
  2⤵
  PID:4772
- C:\Users\Admin\Downloads\Monoxidex86.harmless.exe
  "C:\Users\Admin\Downloads\Monoxidex86.harmless.exe"
  2⤵
  - Executes dropped EXE
  PID:932

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4696

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x2ec
1⤵
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5941df473ebebe12a658d471fcb1c198

SHA1
e419f53a15db94d999bbcc2e22aa53a220eca1f1

SHA256
e86747ae9f09c12d62ca8a164712dbf028da4d10d1b64111a92c7d240ae82144

SHA512
367e43e3079adc7ec5f8d2ec12360fbf1afffa8c051bc2f12ae23eb70767cd433318abd2c889fabed68c5942b7c20c54afe2648e374e0ca344f6f404aa5b8fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
798f509fcb6b119f949b6edb5ac5e874

SHA1
1e8967f47efc52bc5f760223898a13d459f9c215

SHA256
758b7c60f05f78bf41dc9b87949a32930269d9bd90aaeff123f5996ef3ea5982

SHA512
133c59e722c162f94cea39f024e850808fc66691765f2edf0fd47424446a714e6df80844e650d603844ee886f15d5ff1ab1d9ce9409fbea978eab16e432a1365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
65173452c7722bb530a4f301b4730801

SHA1
3add3a11887aadaf3131b0eaa4c3410701b1cbe1

SHA256
94d3b66934bc8ec43a4725ec5c63cc34c3a5ed74e4691b61e61076fa1b1e7abb

SHA512
d443a6a7ed426b83cb03a4ebf96c256fb6d50dee429702b2cefbd84f68436c96993dc1c58e053a787e5322f803b5e219acc3272ae41f70f63bfe3ed2a938b9d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2f5c208d4cdf1a84559553b73e915078

SHA1
e3dad18ab30d2ef411c00639e37d7453934dad1c

SHA256
c0b6cad822e63f5494dfb45b1544e547969353fc1dab17d570384cee0bf8f915

SHA512
b0f1ba365d7c9f47534a0eeaa0b93418de3103073f3be8f7c3c66cc75f2634dc5dfc28ff45cd273ce7971497f6df60c739c500b6caf63275ce293fe1c82a3022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e4022af948766d720fd58edbe3b86c29

SHA1
873ece824db7bec665548a038682363d1f86b4d5

SHA256
c94b8de35c62be33433e810c3208060b63e73fbb9792dbcb05fcc9a144b881ef

SHA512
da38846153c41cbdb5047722f10301290b5d9de1a3a84ed4bab967f807e3b3a27c4e612a849b0cc3d7912ccf20e209b920dc021824723e972fcddc2908d39e94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
570e1e0da14b22d887add87c728e11ab

SHA1
59fd12860543bfc0b779548e4552d3d533336b05

SHA256
d3eb485fe5a59243724233374fd61f1f98c15b3c9eda09d40c49659f22ad42be

SHA512
665fb86078b49a0241894f9d05075657920a03c78de3eeafae34612b9ee26c64e9fc2d5cfdfef0769a598652915612a8460be2054b35fc46908e9ee13b5ac55e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d83dddfeba71c7e359a9b952aa1120f3

SHA1
50bc9057aa2016d0c4c125e6edd304a5f820774e

SHA256
2f21391a24269ad2cf28b42239bbedb63c59f5d07f84ddde1a85f3dfbcc1c1a2

SHA512
da401f470db99bf433d9bb931ef2dd9cab9956b98ffb0a3724b79f937df78e183ab004fa9e28fc17ff975743bbf8851f057ccee73a58274678ba2057e615df6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d111418f848ac076a01bb1768c5a40e8

SHA1
dbfaba19d36d8f6c52b52b7d56566a3bb765f071

SHA256
7c26921a3576217fa09e5ed1f9b32b0e4a1ad7233b9391afcfb5c8da52f358f7

SHA512
4c3604d9add8844e860bef531b9a32dd65741a9b7dfbb2ac1edd8702c838b25f640b84a38d3660704345cfbfc905620b400501d25f4f75faf881eb68b23b5d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
3a00acae4b423dc83fe830a504821dad

SHA1
1ced017f4b1057b54f9bd70c59dca5e4c0435c35

SHA256
040229a9726187853bbe799b1082f2b19c74fdfc08dd0afabef53bc791c25a8c

SHA512
267b7d0d4d821574e3622fe086b654df50a9be19670d75026dfaaecaca6c5f002d952c0dce99ee9e0d5b20b56b228cc784a023cf569511aa6fb4d17eb88fdf09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
793c83ad9e1fda718c811f18613f8638

SHA1
a7547ed4100f88cb2ab50be1863184243870fb6d

SHA256
745f862e0153fb4c3dcc31ed949213409cac4ff0ef1cc81dcecdc3cf7105180a

SHA512
8316fa5878dc3b38f3dc649ebe5734141a2ff4beaba9d0ea052fb5a6638a656362eaf3bcfb7138f2f99d6b638934f103fe0f14e75fb4a7b1af051554daca3121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9840d7fe58679c11471969fbea299972

SHA1
e8256a90593ff0d8595b7115b722f184968dcf15

SHA256
9ff5606bc2506b4bcc67c54731f6a43d4ce4bc4f52404673a639956a3b7bee33

SHA512
faa92c25175d05b115b858fb965857ba382c11264f802febe62d226446796961b4845bfb248dbe9c04b2411d92cdc27a4fef9b19941abdab2d74eed227210234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c19a187303212467d27c5ec582b942b8

SHA1
2842225b8a0856c7b7ae0e61e213eef14ec48a5a

SHA256
64afa0f5a0cc0308afb4340a9cfb3d1902f7fbe8ca45d6012dd41f46a08f0ded

SHA512
892f70b7b201e89150446a6c0e5389cdf6ff079eb24bd20eae00a5ad0a9cb7c22f0b3862d36786e2a8ddd5892a132c1ecaab4512ca14afe223112c53fc2994be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c3d8a0f093c800587cfed99bd64d084d

SHA1
e11dc3734fba24db430570817426998f25d34b6e

SHA256
a3507eee44cb281c95128006033dd53aaf37ba9eef757fa7b4e4bd51c5d3a89f

SHA512
1481a8616863ec2981564d48776bba3ff51e30ab345831c29037100804a045940798a3ac1cd369e344f7d2e9a57169e5ccda2851aba7f33d6bea8087a5468c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
eb9a442479d5e0099f202b0acd85af15

SHA1
c469e630df09da0442665cceb1e9002f5765b560

SHA256
3f75879878595e004185326a66a0a3b139c75b9182060b03c04f8d0a10b3cfda

SHA512
74262706297fc7cb57188326aad4e6ec70dbaf0c57fc259c7d63b64cddc9a498f60c2553bd7bb3dd725f97de971bd037d31f38f6714c4d288995be14d4556139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
31a954df7da9442ef06028eb6a215dbf

SHA1
e8576dc8486fbb2529e221afba3f545656212788

SHA256
9ac4c38bd926e779a6c0765f4b522e7a34258ac451e9dcef280094fa209780f8

SHA512
56c3825c88666b676087cfba0e62988af3f397aa883250b3386df4e96f6f62cc02e5789316de2ee86fd05bcf14efe5a5c823a440beb213a838882f3272114139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3619fe61ace484ad3c7d3c5a56d51288

SHA1
657222b60c3242d57b44109d59c9985e9d91c2f4

SHA256
8e06620d23e2a4946ea41274d0bd1fd36a4fc716f47d5f7ab95996bef7c1fd30

SHA512
855f1d0e0125a0810b592bb532b9b1c6292a4f4a20628e978f80a01786a976a45d641e2de8d22840cfbd5e81004ec7391fc4b28348936f7132ce6ed697eef35f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f5036b1af033e607e741184fe0624aaf

SHA1
5238f959bf83aec47c2214de144c8fd1fe782068

SHA256
6705a484de23dd9a2bd64a6264197ccd7ad315f12c5109ecbe466e3ae9d9460c

SHA512
8e578db6212c5fe434b93102f8a85a481b37ed90e3db19c00d74f606e32b02d56469dac4262441695b78f3679592a3fec33b4eb50c50356eabf2ae1845f9cbe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9e8e1508fc8a27c4c20dcbec6548f674

SHA1
6a75afa126e7d273ff1235265a432ea3d972f9b5

SHA256
488569e27ddca9d3150683b63b8ad7bb01382fac821c1359b2b3e94d76d7fbe4

SHA512
51745b417f97650a634e5a9422b2f578f70b2f7206f04cb4f1dc9d50e596a9ade22b0d1a9bcf9e2043f2902a62e392c03d5851f53037e41cc0847cb8c59d419c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
45106229821d2ef72c6b69dae518b275

SHA1
3ac4106ba2398912633eac22b60450ab6a201d30

SHA256
d7740ec0af7449c2f28e31364b6225229db81e3a623fbd22e87a1c858dbe3b10

SHA512
c51f52cd90fc3376b094adccb531ff9486b2028fd23650a72e1474c785d315dbc00403d14bdf04eae730f2b5fef6c1c4fcf0c43f8dcc1668498f7755d815e2d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5bb717.TMP

Filesize
120B

MD5
daa4f33f7de9f89bc60d4103895d8e25

SHA1
2e07e1ecdef799bba7882b1f1d6a2b8e1540f0a0

SHA256
57a8d4086b8e6be69f6522038055668d0ed6f40a92c2c058e4d1fae0dfd08dff

SHA512
3c74850f855364a067da7f8eecf934437df8b6b9fb91c8d34fa0752ce2e5bfcd8bcf2db7d7e7c0c5b0a3c015c3a65b672bfedc692dd9804daddf437966ba8ede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
98f7ada07a360a7173a5b1f1c90641b3

SHA1
17800c0d25786cfc31c0a2fef03770c5bdb6de61

SHA256
52c322197b2c58a78a0e8359c5667b1715b7bfb9a8f99be37e82ef646800a946

SHA512
f596cd0316e99c4d939efdb0115da78efbd4e7f6cbd89df23dec4c39c2302a243c28e1b9b7926366004540b17326b319c38f6cbd18559370498a276647e2dc00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
42d1f9e5ef4cbbf886489e0ef0ab9851

SHA1
8fc02c91993b4267e91039af4e7da7816b8cdec7

SHA256
e747aaccde257e15e669591f12d3c1cac3161ec7c941a832314ba581a0edf8d6

SHA512
fe99d498866f6670c0566a2be24dc7e8e2ac2eb89b790df578bf9bbe4a876cf8b83eee2b94c2b2dbe11bf96610f17eb8b509dcd0ca43b91680830e7c76f07df7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5c483c.TMP

Filesize
97KB

MD5
ec2e59cd8d7fcb5e349d9329840dd066

SHA1
1349eaa371c6f3c69b0ec18e69573f638f160f8e

SHA256
0e5860f94cd48095da8b64f0c00563e79b7d6adecae8631d2f577aa237b2e5e5

SHA512
14d3f375c5c77cd9c9cdc92b63c78ce4b8dc7d2d3b52deba7b84c6b37114c4e8258e4c7e9fb07dff30676d1a00b3f61e3a764b4ca042f54bed3f0a68d424ce48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Monoxidex86.harmless.exe

Filesize
131KB

MD5
bd65d387482def1fe00b50406f731763

SHA1
d06a2ba2e29228f443f97d1dd3a8da5dd7df5903

SHA256
1ab7375550516d7445c47fd9b551ed864f227401a14ff3f1ff0d70caca3bd997

SHA512
351ecd109c4d49bc822e8ade73a9516c4a531ebcda63546c155e677dcff19708068dc588b2fcf30cad086238e8b206fc5f349d37dda02d3c3a8d9b570d92e4d9

Download Submit