d0d6cabab10e62f0261e2ca13daa453b4ec38c9f81880a55d1aca04c8ae5a3fa

Resubmissions

06/04/2024, 02:27

240406-cxlmyahb6x 3

06/04/2024, 02:26

06/04/2024, 02:25

06/04/2024, 02:21

06/04/2024, 02:19

06/04/2024, 02:18

06/04/2024, 02:17

Analysis

max time kernel
85s
max time network
292s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

compiler.exe
Size

89KB
MD5

dd98a43cb27efd5bcc29efb23fdd6ca5
SHA1

38f621f3f0df5764938015b56ecfa54948dde8f5
SHA256

1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a
SHA512

871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0
SSDEEP

1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1248	compiler.exe

Loads dropped DLL 1 IoCs

pid	Process
1248	compiler.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2308	7zG.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2632	2088	chrome.exe	30
PID 2088 wrote to memory of 2632	2088	chrome.exe	30
PID 2088 wrote to memory of 2632	2088	chrome.exe	30
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2636	2088	chrome.exe	32
PID 2088 wrote to memory of 2564	2088	chrome.exe	33
PID 2088 wrote to memory of 2564	2088	chrome.exe	33
PID 2088 wrote to memory of 2564	2088	chrome.exe	33
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34
PID 2088 wrote to memory of 2412	2088	chrome.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\compiler.exe
"C:\Users\Admin\AppData\Local\Temp\compiler.exe"
1⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6fe9758,0x7fef6fe9768,0x7fef6fe9778
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:2
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2100 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2108 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:1
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2824 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:2
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3208 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3332 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3440 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3092 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2200 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2456 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2484 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3824 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4184 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4332 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1124 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4432 --field-trial-handle=1292,i,17302541063552773348,8988154083122195258,131072 /prefetch:8
  2⤵
  PID:2304

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:880

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:2804

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\New folder\Ro-exec Executor\" -spe -an -ai#7zMap14951:112:7zEvent19855
1⤵
- Suspicious use of FindShellTrayWindow
PID:2308

C:\Users\Admin\Desktop\New folder\Ro-exec Executor\compiler.exe
"C:\Users\Admin\Desktop\New folder\Ro-exec Executor\compiler.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9e15486f-6891-4690-b593-861e0b26426b.tmp

Filesize
5KB

MD5
98b7f61e4a59dcf3f9c5878ad4114aa4

SHA1
1e885b1f3cdbc924c9e8b0152e41b1ed3467524b

SHA256
b0937386d33449137fb4c7f4f9fa6f7bce60aa31c8da4b33c02189d5a9bc4287

SHA512
f0d755c8dfaf0feac895a5cab9c273c7c818016cccaf7f906c66fb04112343ede1d2e81713cefff3116d2a753254fc146b5deb414377e76225c2c21a187e0570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4615bc3349fe330bf747106b716791b4

SHA1
54777d9d4e4ec3c669ed24d210adf09bf763b61f

SHA256
eda4b9b019f3fe8df2dda9878533eea72e0fad5d70151b0b0433cb0e8eba0cac

SHA512
308fe59e0446364d86986486b8682a0f2950edc28b458860976769be744aecd1f6413452b60cbdac57fcf89c5d840ebce1765d64e78e444570f1bf2683bbe117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ab7862f9c7f44b66dd2af720e223ca15

SHA1
edbe2a4b33423f56f849ef4958291762a791ee01

SHA256
aa500d0499ea64eb0ce77109b88445b09da5a7a66123b5cd2450d1bf0bfbe03f

SHA512
65d2a33954783d3b7791825403e7b34077ce869a1074f308a2563ea0256bc952246fc9e5bb3bd279361e4a13a0428c33fa2d25770a978df2bf0ac00fa9cf99b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
6281ecde4df8e0bfefc68fd2faaa2974

SHA1
a1f7a5b1952620e733e27ca05796e96c148cf7f0

SHA256
0b7c0000361c8c81e1f618caafc3b37e3d6094a4cd658697995fe003f9aa56ee

SHA512
da0bc6f051500eb0b8067364236db6ac002c72511562e8b66a84948cd6d9c1413cc3dfa9543da0d167b036fe1aea69ae61fd90cac5185a7ad482dafae8d3a2cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
223aa2260deefcc76081d024c44a42d8

SHA1
a489c86410dc88f03c2f7feedf4fbb328748a68e

SHA256
e12705e97f8de4e6b0a34a730b362cb3c051e5f0fd4679e1d5f8f91d60c8211a

SHA512
ac79cb1313f44dcfdab039c61ffd15b78b2745269ab7ab1033ffd299a0fd2c20a5a35488e0a7ac245914215f74e0932b89563c625d7ae7686162fe6cb73ee8f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
5695b6500a2a904be72693e5eb5189da

SHA1
ca973703046406a8fa5cb7574690f2b63d719c39

SHA256
d6d68b30d2a38c721cc08e34817fa1a09f3ac35973f8c3693b3a4d1787822e68

SHA512
880c3557244fc0645267ccd158ed556ade0940864cc3cdabfad67821c78361017f7180d1478837f6c19c3ef5255874bf74892903af3a4417681a8f66e42a23e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b9713e947d49b7b0b2001d88c7f32930

SHA1
f47d9bcb73cefe61ff630c92254a0b13d767e0ee

SHA256
0d6ccf56bff7eac5cb1411fd88f75a4bafc0ae5d0e41d4a6bba535ee2f589a62

SHA512
cf7ebc3d306c28bb9098b6d02777ae8c25ad1762553334d3bda6158c342a338e5fd0092d261b59aef84d8233081d8988a2222a06089d843303983cf71ac82c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
1b78aa0b7aa03484914f2cf73074fabf

SHA1
65a0b3ff61358452f33bf182aae0a5a3f5fd9242

SHA256
4b1878b7011980279afad86e80d0e5f63188d448a48678acacc2d0fce49317e8

SHA512
8a93262e3fa32af1330651ef297cfb3c78c93a38d19ebe8efcdaed654631196b06c65f8e18c33823e47fe0ae547dcb5db0a701930056c476ff83c67c5b5dba21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
491d59c5c9d230741339f1a3a53188ad

SHA1
03a0da3ced6aafefd97269ffb78184366f1c12a5

SHA256
19b3ba7a2af2ea5b1fa639ec04e7c9b301ff6596386981c1337c428a33c8e0a5

SHA512
767e2f1cb076b89ff5202ca815bec423d2354d6d0cfc44534d71b063641740aa9c5897537b3dd6b1b4728fecd1dd3ebe46b9b4026a6651dea377a693a2627c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
d1ba35a89c2de06a193655b09b3733ea

SHA1
bc3a533aed5d55c8baea2d1b76fc38d1b419a19d

SHA256
f3f183ed2154825d8bfbdb9c6435296a833908279610212a9b7879acdf7abd9d

SHA512
10cffaf9528b0cc6305bb002ef46f803f747115c139d3e9a2859e4d09199dbae41fda99bac16bd15637efec730a57314721e79df0e14b15a5f2fb604f9b13616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
533fab87d09545573f786566d5930527

SHA1
63ba4297fe74e820afe225e7546bb86a92355de3

SHA256
1c9c6069aaa9705d2b30b9da15bfa581cb88ca8f90fdd307915e277be47df74d

SHA512
4586bad8514c42ed93d2e6f9062b7a0d8744375f8bf3ebafe0109ab74c74f5a32d20592acebfa7e5b43e300e8128f2a4d2a952106f8b2bf573e4366160f13234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
400aac5609fc41898de8556673f7db5f

SHA1
2a9d13d15d9eff02068190d6e4abaabcfc3f9211

SHA256
a60ff11109b4aa402d2d2c7d343910ed39043b932a0c9f4f5e2173a62ac4651f

SHA512
5377f56a8e7b8f1936927c0e8c3c343bad98c1d3b49d919351f050f9e0cb0c69e1fb276051081bda03eeb822521ee84684206e1f78ec25fbe1295cf0f6590b1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCB80.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Desktop\New folder\Ro-exec Executor\compiler.exe

Filesize
89KB

MD5
dd98a43cb27efd5bcc29efb23fdd6ca5

SHA1
38f621f3f0df5764938015b56ecfa54948dde8f5

SHA256
1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a

SHA512
871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0

Download Submit
C:\Users\Admin\Desktop\New folder\Ro-exec Executor\lua51.dll

Filesize
592KB

MD5
3dff7448b43fcfb4dc65e0040b0ffb88

SHA1
583cdab08519d99f49234965ffd07688ccf52c56

SHA256
ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60

SHA512
cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394

Download Submit
C:\Users\Admin\Downloads\Ro-exec Executor.zip

Filesize
479KB

MD5
86711d8e3a8e9373c52040db6d438789

SHA1
a9a42faf7ead5847d727f7dd378822d656d58dbf

SHA256
d0d6cabab10e62f0261e2ca13daa453b4ec38c9f81880a55d1aca04c8ae5a3fa

SHA512
38e98b43babf3ba4eaf5d79f85cbb5049df7c17019a700afac52371de6f112a426e67c20d5cb37fcfbcf8aa78a4b4d1596ea0afb5843cbb93628c0540cee888b

Download Submit