49dde0850864be9fab68a21d89d2bea3bd681663c5fe04edd9b8b7f8f69011e9

Analysis

max time kernel
49s
max time network
60s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
13-04-2024 12:35

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

dctroll.txt
Size

23B
MD5

e20921a175a773a7c0c4417c5e4ded0f
SHA1

6bbe9628db2772a11cc7a6f51cca8a8d65dc6c96
SHA256

49dde0850864be9fab68a21d89d2bea3bd681663c5fe04edd9b8b7f8f69011e9
SHA512

e78674458084635846eab87e869b36e8b564671424ae8201d560a77738683c9284f84a1d6bbdd6ad14999742754e59c064ada32b673c884d0c3a1997115406cc

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

Processes:

cmd.exeMiniSearchHost.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier chrome.exe
Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

1428 NOTEPAD.EXE

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier	chrome.exe

pid	process
1428	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeMEMZ.exe

pid	process
4916	chrome.exe
4916	chrome.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe
3944	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

4916 chrome.exe
4916 chrome.exe
4916 chrome.exe
4916 chrome.exe
4916 chrome.exe
4916 chrome.exe
4916 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

MiniSearchHost.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
4272	MiniSearchHost.exe
2888	MEMZ.exe
3944	MEMZ.exe
476	MEMZ.exe
2240	MEMZ.exe
3944	MEMZ.exe
2888	MEMZ.exe
2240	MEMZ.exe
476	MEMZ.exe
3944	MEMZ.exe
2888	MEMZ.exe
476	MEMZ.exe
2240	MEMZ.exe
2888	MEMZ.exe
3944	MEMZ.exe
2240	MEMZ.exe
476	MEMZ.exe
2888	MEMZ.exe
3944	MEMZ.exe
2240	MEMZ.exe
476	MEMZ.exe
2888	MEMZ.exe
3944	MEMZ.exe
2240	MEMZ.exe
476	MEMZ.exe
3944	MEMZ.exe
2888	MEMZ.exe
2240	MEMZ.exe
476	MEMZ.exe
3944	MEMZ.exe
2888	MEMZ.exe
2240	MEMZ.exe
476	MEMZ.exe
3944	MEMZ.exe
2888	MEMZ.exe
2240	MEMZ.exe
476	MEMZ.exe
3944	MEMZ.exe
2888	MEMZ.exe
2240	MEMZ.exe
476	MEMZ.exe
2888	MEMZ.exe
3944	MEMZ.exe
476	MEMZ.exe
2240	MEMZ.exe
3944	MEMZ.exe
2888	MEMZ.exe
2240	MEMZ.exe
476	MEMZ.exe
2888	MEMZ.exe
3944	MEMZ.exe
476	MEMZ.exe
2240	MEMZ.exe
3944	MEMZ.exe
2888	MEMZ.exe
2240	MEMZ.exe
476	MEMZ.exe
3944	MEMZ.exe
2888	MEMZ.exe
476	MEMZ.exe
2240	MEMZ.exe
2888	MEMZ.exe
3944	MEMZ.exe
476	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exechrome.exe

description	pid	process	target process
PID 704 wrote to memory of 1428	704	cmd.exe	NOTEPAD.EXE
PID 704 wrote to memory of 1428	704	cmd.exe	NOTEPAD.EXE
PID 4916 wrote to memory of 1792	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 1792	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 3932	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 912	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 912	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe
PID 4916 wrote to memory of 2080	4916	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dctroll.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:704

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\dctroll.txt
2⤵
- Opens file in notepad (likely ransom note)
PID:1428

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd429eab58,0x7ffd429eab68,0x7ffd429eab78
2⤵
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:2
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8
2⤵
PID:912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1
2⤵
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1
2⤵
PID:236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3804 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1
2⤵
PID:2988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4328 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8
2⤵
PID:2400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8
2⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8
2⤵
PID:3640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8
2⤵
PID:3168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8
2⤵
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8
2⤵
PID:448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8
2⤵
PID:4092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4804 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1
2⤵
PID:4636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4824 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1
2⤵
PID:4628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3168 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4188 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:1
2⤵
PID:4152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8
2⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1820,i,18170843194105684492,4477677345451167777,131072 /prefetch:8
2⤵
- NTFS ADS
PID:944

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe"
1⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3944

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:476

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:2888

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
9357091fa5749852c83f3ffc0fafd83a

SHA1
0ac7212f62e8aa5686d3959aa5a78a06d24d8cb7

SHA256
778c5a52ef87c43e68b21f1473ff09a26f249fcdfcc40461f669bba3503db05b

SHA512
194ce2429e6519e78cd6f6ca5a5768ff1e429a104e1959b552d0ed29631d07f105735d871032027e1287164f710bc3b17ebadd97796ed257d40826bbd4b66566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
582934f0992e22c7ee5ea6155cccd217

SHA1
31d1325d93c0bdc61c29247f8d32cc8dc3171aa1

SHA256
e8c3d0a3d56ab34d18d0deaa3feb29cdc6044dd8b3c9fad75ee179b49408ae49

SHA512
226c7781b71f2a3503d59faa91db8a0aeb953c558ecf53a799ad34cd5c5027b6a94a9bfac81bc3da20a38e104776e816f55b80d008a77d2c202fece59bcc608c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
4660f87abd01c5dda8445e38cebdabe3

SHA1
baa4a9169508797c1155ccc79f92a183e811e10b

SHA256
fca62c523d497c112ca2bf196fa1dc9e83bffcc39f4a848bf4953350b2e3bc46

SHA512
339ee1d3a2c68530b354bd47fadcdbb7be9538add409c785102b880caed3e675c2262d94c91213ef4b363c6b868020c1cba08e727f5709808a2e9c89f1024cfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f18df366121e6e7fbd2d6662341a54d6

SHA1
38f3f32cf9abf29942eb6639f0ce85c4c2259f2e

SHA256
ce6c930f623f2deecacf060e132d5bdc19745df625d43748add5aed0e527254c

SHA512
90692264c1cbd2feaa11703250d8cd6df18ca15c37361a1e43c52a8257cbb54f2e200050f929b22d61ecd0b05e73ddf1b2f71ff098028bed943d5cd0eb54a0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c405540a923a7f521e672c8b399b9c09

SHA1
949e4b0453af7df4fa15f15bf2fe77c3c4ccaec0

SHA256
cf3c62fca03d889cedb6361232795897ca2269b78821f6ea179647c26a63538f

SHA512
75a4c5873099688c0fae8063ed30e310832870f0c3250dcf29f0c36c0863e557a5dc8c97e4983107821055969e5bc998bfd90018392b39c4979fefa0a9c1b164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
101b6db13eadd65161fad950953d435a

SHA1
7d28b08dedce36444d542b76439adb8cfc023ada

SHA256
4a1220a1d71748261b804880962ce4a30ef01c0be51cabc284ca122a4e511aba

SHA512
fd5f1d85861b1d176fcb4e2aaa4f4df167131f27a0c94d277112f0eb438e99fb4841bed248bf471b5725ffd4e140462a9a01f05e3be2b03c41436eec226dba7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57bedb.TMP
Filesize
120B

MD5
f317ab18347b333a79ec297e5d2ee225

SHA1
a880a8b5a5467d2c3fb9612fe012fac0ecedbda2

SHA256
b1dfb05f987da23483cf24419e2c4f4b09abac0cdc52791fb4ef8e0f4bf73083

SHA512
d7463e3aa4d5e033d282715b7f0fdbd2b4e060863c403572d96b4525dc6e744748e2478e05947e91785ccb999289dce4bba917d1226772f228a8a85b1189ace8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
251KB

MD5
6c9babc4c55b0b2864096e22b2962c75

SHA1
9077fb0e3081171f43a57866fe4858dbacda91a6

SHA256
70b4aeaa0f39edcf4d3a2a8016b0727cda08569051e3e380bb840d97bd767b84

SHA512
3c5b592e59f85dd555122d9dc4ebed9d60c9be7426d57c1dccc3d04779d5f9931f753cdd1cb17708f359aa85168fdeb65c309be5e9ee483c8c4c83349cb0d8c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
404d44449d3c6f72c97c9035bc276c08

SHA1
7d6f250ee8ffcd92453bf34c6f1d269b947a1bd2

SHA256
df02300d5b009010cbd3731cb32b1249d16c0020ae5f2502ecf92da7ed944df4

SHA512
11df6611b154f9544390f3562e9dfd3979c1543e57699029ddae4c8a3ec0c921fdb0607168d64d258d53bdea7b38625e12a2c0c82155d53327392476ceff6af7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5804ae.TMP
Filesize
83KB

MD5
0fd7bdf05255079dacb935c0b6d48074

SHA1
bce0ba6952ffa3883c74ba7cc430b5f43ed95652

SHA256
6c34da41065c55f933950403ae333a1d4490682790ee932ceb36088c18637934

SHA512
5a563210b496016243041d6919543b14c3d7312f3c8f52a2ef3471d865dada4fb1aa4ed76de23e77d750a988e12851139f0955e4a004a75ab40111405a1a5797

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
e8197e68deaabec1caac808d8a1b1202

SHA1
3b706ac97224e95f5db57eb60acf067ccf2d4c95

SHA256
89d5da8ae7c25fce8f1b74b2a02f4cb9d524dac5b752b35e511d399259a26d66

SHA512
609e6013c4683519b1d7448c2417ec3f528a0764f1ae9c9cedc213ceec2df497c187164e7b713e4a78236e17f6fc9680630551a7fec98c2432e308a48b8e66e0

Download Submit
C:\Users\Admin\Downloads\MEMZ-virus-main.zip
Filesize
8KB

MD5
a043dc5c624d091f7c2600dd18b300b7

SHA1
4682f79dabfc6da05441e2b6d820382ff02b4c58

SHA256
0acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a

SHA512
ee4f691a6c7b6c047bca49723b65e5980a8f83cbbc129ddfd578b855430b78acf3d0e461238739cd64c8a5c9071fe132c10da3ac28085fc978b6a19ee1ca3313

Download Submit
C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier
Filesize
151B

MD5
c0aaf6dc437b95d10bb053831c3cba7c

SHA1
f3b57f1b2dfc8a4ca0f366b7d1051d68f59110d7

SHA256
5d3db06bf246f33b99bfabbac16d6142e6bac695092228d5367b3cc03959653a

SHA512
9effe9ccb34ac61508648e32efb4f7fe8dd5ce195259f60707c720ac4cb9ebee0f5e944bda0ebd804eb441a8a32cf56336677389a9ad59a8c1d4402c164f2ff0

Download Submit
\??\pipe\crashpad_4916_RMFXHREOMJDBXIKT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads