Analysis
-
max time kernel
600s -
max time network
564s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28-03-2024 16:03
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule behavioral1/memory/1704-344-0x000002DA50180000-0x000002DA501E0000-memory.dmp family_umbral -
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133561155862558539" chrome.exe -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 928 chrome.exe 928 chrome.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 2456 OpenWith.exe 3980 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 928 chrome.exe 928 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe Token: SeShutdownPrivilege 928 chrome.exe Token: SeCreatePagefilePrivilege 928 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3176 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 928 chrome.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3980 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe 3176 taskmgr.exe -
Suspicious use of SetWindowsHookEx 18 IoCs
pid Process 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 2456 OpenWith.exe 3968 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 928 wrote to memory of 4936 928 chrome.exe 87 PID 928 wrote to memory of 4936 928 chrome.exe 87 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 3108 928 chrome.exe 90 PID 928 wrote to memory of 2356 928 chrome.exe 91 PID 928 wrote to memory of 2356 928 chrome.exe 91 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92 PID 928 wrote to memory of 224 928 chrome.exe 92
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/AOUgkC7T#scMCKBs4QT6rfXVCW9zlLSED022HWEQbjYlx3Ibk1x81⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb19309758,0x7ffb19309768,0x7ffb193097782⤵PID:4936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:22⤵PID:3108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:82⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:82⤵PID:224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:12⤵PID:4468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:12⤵PID:4768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:82⤵PID:1088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:82⤵PID:4512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5192 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:82⤵PID:2760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:82⤵PID:512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:82⤵PID:3372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1884,i,14630147934982243541,6778526556259778319,131072 /prefetch:82⤵PID:400
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2492
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x300 0x4701⤵PID:3616
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4216
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2456 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_BTC Flasher.zip\README.md2⤵PID:3812
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3968
-
C:\Users\Admin\Downloads\BTC Flasher\BTC Flasher.exe"C:\Users\Admin\Downloads\BTC Flasher\BTC Flasher.exe"1⤵PID:1704
-
C:\Windows\System32\Wbem\wmic.exe"wmic.exe" csproduct get uuid2⤵PID:4288
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3980
-
C:\Users\Admin\Downloads\BTC Flasher\BTC Flasher.exe"C:\Users\Admin\Downloads\BTC Flasher\BTC Flasher.exe"1⤵PID:2832
-
C:\Windows\System32\Wbem\wmic.exe"wmic.exe" csproduct get uuid2⤵PID:2612
-
-
C:\Users\Admin\Downloads\BTC Flasher\BTC Flasher.exe"C:\Users\Admin\Downloads\BTC Flasher\BTC Flasher.exe"1⤵PID:3216
-
C:\Windows\System32\Wbem\wmic.exe"wmic.exe" csproduct get uuid2⤵PID:1632
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3176
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BTC Flasher\Time.txt1⤵PID:4988
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BTC Flasher\Amount.txt1⤵PID:3864
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5d2fb266b97caff2086bf0fa74eddb6b2
SHA12f0061ce9c51b5b4fbab76b37fc6a540be7f805d
SHA256b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a
SHA512c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
944B
MD56bd369f7c74a28194c991ed1404da30f
SHA10f8e3f8ab822c9374409fe399b6bfe5d68cbd643
SHA256878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d
SHA5128fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93
-
Filesize
72B
MD52a76e103b3e1d50aa12f10ba4f21329b
SHA1ce9281d83912020e7cc24a32a65873594cfa93b8
SHA2560379735e18cadaf931360785b59959f2f654121818d5ccff4b30cdca86ba7a4e
SHA5121d6fda2fa7e4f77148af5648547b13cbe232d30c3c5e3016e2f203ed9679a2e74aa27314f0b8e3599995b25a936d7aac7fbab0c40f1d80461bceabdf95f1691a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
962B
MD54397d8e2e4e3be762c5d354fd4cedad9
SHA1c478c70974db4c95344a5aa808e2fb12454117b4
SHA2566731fb611b1c4cf0b13fcf9cf4fbdb90da1f9e9ab67e039700182c50ec2760e9
SHA512e050bafbaf650d44e00a1cf402296534250243534e5bb0f62b179aed0e3cfab05f261d70b4509f8b8d2f84c4f2f885ad560dcda2926a5edcae4dc89b52dbcf1e
-
Filesize
538B
MD513e045aaa44ad960ade9f7443e741d8e
SHA13ca221e996411ae02d431c9fb90595b3f280bdc7
SHA256cff88865a453f628bc0a40c71ca22fdec9a1068872d4806df170849d9880c30c
SHA5120a5090a248b9e2b124c53a5b79006395afe589063a0a2c5cb425d3a8c420e621d38834f51125d7b84fde0817d1d1b2e964c31be8c920f3a3f493ebe993d1e852
-
Filesize
6KB
MD5672b2841b9237adf24e63c0f239319d2
SHA1d5d57e0a8b1ab7523de2a2c30399c31e630f13ad
SHA256e98bf3b746b9e5c94756fdc153274e0e8e154f2f6b7193f8ff5df5d6eef54600
SHA51265fcb988ee3706fa51afceab4fab08c529add877d197eb08a21a8a1be92c71d1bf64f00e65c51a671c8b8c61d719f6057ae39791fd53697ed31e02314516ac50
-
Filesize
7KB
MD5f45800ce1491197000c2219877aa70ff
SHA1063b364c7935c46663ad9d138873dd596d466e9e
SHA256eb14496dbdc324869da597ddcabcab66a9cfab6a8278ee9f203c313711fa52d2
SHA5125298c794d42334ab83631d90009887f6e031bac3dc248ced3b94a96df5c3566b03bd474e5e3aa74efca4d45d3a6b38a655cf704b78c4044b8759ff4b70176032
-
Filesize
6KB
MD536adb0aaa6adbe025392318c0f0121cb
SHA1904629c1e36f5b02090ba5057d2e4326e301980f
SHA2565c829e9b606486a15cfd220e5f575d12de43ae9d23d34766eb1694dfa94022c1
SHA51234fcf55e9d3ab6cd81a5fc01c12e21e32e0b5a0d96947f46ae80965bb877c13b9e6725c83e7c66b61067ed056ad4606c41b43e55d7bd8038f48130537609d573
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD58893db548e6bfd5cf56d63efcf6b4c2c
SHA10a05a435790dbe4fbc078e5caa2c5445b05e9e03
SHA25655cb67b7ac0acbf20d1c205ad93c8bf76db7029f91524d4ca2aa62d3e8dffdc1
SHA5124e89daaa9c29ffe8f37b36bd30f73d3315a0ab6b9a6b8afb2a2c3061d2191874d4df112713437695965b8d9f5b784e45664b475c7dcb5905bf4309efef417495
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578bf4.TMP
Filesize48B
MD5208d3f9b1478574665f7f677d286d6a1
SHA12bc57c6b94e9606694320518d41a1cdca336d24e
SHA25623cd71bf9d84081031f1345abcaf7a2fae045d4eda6d39a8749145fbd81d737c
SHA51284d12298b75a5b701399ec99d66cff039e2e00c6abb7ac5c3332072480e29a50a46d6ac4583494c9d23aca6ed50c978bb49903bdfa078d88c37b3fe9214e065f
-
Filesize
128KB
MD5cba4377865add2947fa6d9bb94a98abe
SHA1785259c0dea28b499734ed9d393f430dcf24d546
SHA2569190e5424f13e4b9f30e7f21d42bd91b0e466c075df47ec4af985be489e256cc
SHA512b4a1cd3ae021a1b4c20763690ebec377dd238929e64ec01d92d2b6be4031406a5021d24d11863ad2ee12ce76cb10df2a186bc576f3d3e3597b67a65a7e04dcde
-
Filesize
128KB
MD540a16a785a9a8be99eb50c6e4d4c34a0
SHA175b00038bc15c1ad34e7b18081e38f979fa82027
SHA2566427f9d3400f7ab0cd4dee31d285c2cfcafa027a3680791b0cdcd9a6f9b8c21d
SHA51279096c08b202bf69eb23161bc40cdc94268ab4cb4b79cf18a9e93b9b84aea7c09ba3d3e9d7e3beee6f8bcbf2bfb453c42bf77a182b93c0cd65be20cb19ea975e
-
Filesize
107KB
MD57d559be6b84840b28cd590855f7fd287
SHA1f35369618ee423b07144662ca4278c8c4ffed01a
SHA2564c95a7ce5c5da2980a6bdbb5914f7f7fd3ca66397bc24b149d6ee361cc0b2987
SHA512dd164457d926fd20272608f8557fcbea6ac8e301d9dd18e8697ade878cd5d15cdda894dd17b2d7833cce4f44dd9e400559428a47599705372f0d9b2a9b251010
-
Filesize
110KB
MD53c85327e83a6697ccbc0feabadc1848d
SHA191b3bb4f453a39a23743499f8d05e03b6853aab4
SHA2567924386fc4029f161e3e98abf39bb70b5eb6c6d5ac09a0ecaeaedf10ef98f003
SHA512e75a04c3bb5544140cb1fc58924bac85cf58a727ee6eebe53f43f724d20fe1b781043c8b9bb410658e8d58debdb54ee0c8eb3d3c780b0facbab87b5c38d3e2fa
-
Filesize
101KB
MD5bfa16c75247b47a431bf5a3bd5358dfd
SHA1335909cadc529768c2c41511db1ab8283a762b1b
SHA256cd8a150358dcb4099be94f06e146494c2330bc4b1760d521619c1d5f3c65035f
SHA512e5899fefe380ab047af195b566722086b6655f5acf3867c3361bdffd11256eb85e8804a722ea727491c351ffb6f69f400c1c11d0eaf3dbaf607164460e0cde71
-
Filesize
264KB
MD5862301ffa6b97bffa8ccfbb5afc1b5df
SHA14e7612bad606b5baa2e675fe0289c98d105fcbf9
SHA2561734a84e01ef41217123e0e75fa87751cfcbaefd666ee2e8ed989887603438a8
SHA512935bfafcb17f0e99ed4ace017c1b452b0b08aef8dfd5f75237b713d4e0d39ae8b71620813b4f8ebaae741e9cb9b7d73f27c02aeebfcffd40ff1e8cfafa25b9a8
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
1KB
MD58094b248fe3231e48995c2be32aeb08c
SHA12fe06e000ebec919bf982d033c5d1219c1f916b6
SHA256136c30d964f4abbb5279bdc86d0e00578333782f15f05f0d2d050730dcb7a9bc
SHA512bf27a3822008796370e2c506c910a40992b9240606ea1bc19f683b2fee86b81897660ac0cf8e746ca093dae9e408949e2e9002ded75678a69f020d3b0452801f
-
Filesize
150KB
MD5c48f821f44c791e37c17a8a8b93534dc
SHA1e5a78bea20cde62110934034859b9358a9bc76a3
SHA256f26afee7a25b28f3d1c7982a7291333987668f39a2dc0eec9fa6d05ab25d2b4c
SHA512e8e110c5f3761cc74096ae40d30767f26845da17d546f0f48ff4444dc96e7388719c25d2f8b33d6defb91047cb537d53626956e33bf793f8c0f5ae40bd056abc