75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
Size

1.1MB
MD5

e2c0063eabdf7b46878c33e5cb9c3c36
SHA1

5e116cdf76996369009e6cbfd6e4a2db6dd42f43
SHA256

75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e
SHA512

a1674e24774f505eaaed0b3053cc7b4d8c3adb4adf25f3593facd5890432bb99917f54601138227ed8e36ba5decd7b7bfeb8d5ec028bf6c0cd50bf2de7086425
SSDEEP

24576:aqDEvCTbMWu7rQYlBQcBiT6rprG8a3w2+b+HdiJUt:aTvC/MTQYxsWR7a3w2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133570872186167095"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2532	chrome.exe
2532	chrome.exe
3308	chrome.exe
3308	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
2532	chrome.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe

Suspicious use of SendNotifyMessage 63 IoCs

pid	Process
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 2532	1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe	87
PID 1116 wrote to memory of 2532	1116	75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe	87
PID 2532 wrote to memory of 2596	2532	chrome.exe	89
PID 2532 wrote to memory of 2596	2532	chrome.exe	89
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 3400	2532	chrome.exe	91
PID 2532 wrote to memory of 1152	2532	chrome.exe	92
PID 2532 wrote to memory of 1152	2532	chrome.exe	92
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93
PID 2532 wrote to memory of 1272	2532	chrome.exe	93

C:\Users\Admin\AppData\Local\Temp\75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe
"C:\Users\Admin\AppData\Local\Temp\75b83e31bf1fbd3c41b9f4d8d5dc7d8196b6f56405c05d254511c85bd7c4df9e.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa36169758,0x7ffa36169768,0x7ffa36169778
    3⤵
    PID:2596
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1804,i,12797036507136566552,469938159793965638,131072 /prefetch:2
    3⤵
    PID:3400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1804,i,12797036507136566552,469938159793965638,131072 /prefetch:8
    3⤵
    PID:1152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1804,i,12797036507136566552,469938159793965638,131072 /prefetch:8
    3⤵
    PID:1272
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1804,i,12797036507136566552,469938159793965638,131072 /prefetch:1
    3⤵
    PID:924
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1804,i,12797036507136566552,469938159793965638,131072 /prefetch:1
    3⤵
    PID:4560
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3784 --field-trial-handle=1804,i,12797036507136566552,469938159793965638,131072 /prefetch:1
    3⤵
    PID:2836
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1804,i,12797036507136566552,469938159793965638,131072 /prefetch:8
    3⤵
    PID:3748
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1804,i,12797036507136566552,469938159793965638,131072 /prefetch:8
    3⤵
    PID:4888
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1804,i,12797036507136566552,469938159793965638,131072 /prefetch:8
    3⤵
    PID:3900
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3316 --field-trial-handle=1804,i,12797036507136566552,469938159793965638,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3308

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9387fea87eb4f08f926ecdd92b380a03

SHA1
cd1d59429797c14fbe7a275696fa8204d059520f

SHA256
ef4b7820f2bab5ae4410d33a2a43749b21a383851270d30ec5b0d2cd03fd5a5e

SHA512
871cf9833d38ad270b225f7e01fca1532ccae2570e0d1b8c8ada61ca5f0e024deececc685f481801bf66f1090ddc062639127fd54a8384b514d8bbe52bbd437c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
150d6544fde33cfe155d3d8899f0bf28

SHA1
b0042601a823078b4c07773e15ce0d7cb9bf7177

SHA256
cec8d07d07db337176d6ee51f59b65b987a9ec0d2e8c43cc6c2415fb752f0347

SHA512
e740942855d6b0be0f5c2be1349350fc1c57bec0acd43cea2a1977bf0d3f6d2efa0808c6fe2b77666e7d48cfa16fae290d265b75d77607ce8434f012b5d27752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
44b78f1c77e3eae6f8ec5c85b1f4602d

SHA1
eec5e8bf2f690d243f90f15ce851226dd21f4654

SHA256
57c6d63b53aa0e8241ece7ee2748573f59ac3f7cdf6ccc990e343688ed6c6752

SHA512
021b27d4eabd4f42009ccc3c47ae0d206c3c5c62fa6ce4ec37997b477cad67175b015aa0157e94d0f325cb9783e46f3eaed71a8fca233153dbae23b3db102b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
48b8562aee95a1a8ff2420540a0b0901

SHA1
d0f4e179d4d501cf3081d4592d0c96ba3466061e

SHA256
618c8d4a914496cb5b2293d095417eafd42979c9ef4099cf92bc5b81084f4fe4

SHA512
a3e764fd0570ce5db977386b5545ca99943489cef310810853852c0b817c9d25db29e5d9840c5cd5b24d801af2aee612c5c77a59cea9c7fd5de8d453433e3e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
229345ed3c0776b9d377480c924ef971

SHA1
89a432e4414bfa482057629b7291210d1fa33e0b

SHA256
2b77ad7a40b45d6c40f8a5bd1b60af030a46ac043f98bbdac31030e2c8aaae74

SHA512
37fdcca8438b37235afe155dbab16e0ba8e141155220950319e27e1edba0bee2c6097676bfc2ad71ebe0766b260620875e2149151965eb170f6911c84eebb3c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
78029db09c797f9b4476edb989e1d403

SHA1
4ef03fc81bdf332b4c5f61b2d279d807cdd4ebb9

SHA256
be12c6487541ec0a7741a244a54e9b03b016e553767afc3e6d28ae8515cb50d2

SHA512
59cf5a90a954f29a9c0a8f16a3aa8ad61e7d8e192130fc196f7cc4c2a32ff7f1f9644fb5772cf9edd408323ed05215711b631fa488f166a0857ee2c52ed1c907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
5ae5621767703103403e276dbdd3de51

SHA1
ac73b96f154ef79679884c3506c38ea0754d8b79

SHA256
50b41db52687a7ee7333344d5141c3c66fdee4a26dac487703355253bbb4e00a

SHA512
587c808ebe2e303517309896aab2e5242bdfd95b073710504bed41b345067b75c858ba63dac15bceb54aeff7c6976344e2dbb7b9b5ef59e78e2985cda281fc80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit