hxxps://www[.]automacrorecorder[.]com/auto-keyboard-presser[.]html

Analysis

max time kernel
296s
max time network
302s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.automacrorecorder.com/auto-keyboard-presser.html

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
400	AutoKeyboardPresser.exe
1552	AutoKeyboardPresser.tmp
1856	AutoKeyboardPresser.exe
2340	AutoKeyboardPresser.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\AutoMacroRecorder\Auto Keyboard Presser\unins000.dat	AutoKeyboardPresser.tmp
File created	C:\Program Files (x86)\AutoMacroRecorder\Auto Keyboard Presser\unins000.dat	AutoKeyboardPresser.tmp
File created	C:\Program Files (x86)\AutoMacroRecorder\Auto Keyboard Presser\is-VJG8A.tmp	AutoKeyboardPresser.tmp
File created	C:\Program Files (x86)\AutoMacroRecorder\Auto Keyboard Presser\is-E9JE8.tmp	AutoKeyboardPresser.tmp
File opened for modification	C:\Program Files (x86)\AutoMacroRecorder\Auto Keyboard Presser\unins000.dat	AutoKeyboardPresser.tmp
File created	C:\Program Files (x86)\AutoMacroRecorder\Auto Keyboard Presser\is-1LAMV.tmp	AutoKeyboardPresser.tmp
File created	C:\Program Files (x86)\AutoMacroRecorder\Auto Keyboard Presser\is-LBR9Q.tmp	AutoKeyboardPresser.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133576238217936432"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2332	chrome.exe
2332	chrome.exe
2236	chrome.exe
2236	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2332	chrome.exe
2332	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe
Token: SeShutdownPrivilege	2332	chrome.exe
Token: SeCreatePagefilePrivilege	2332	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 4336	2332	chrome.exe	92
PID 2332 wrote to memory of 4336	2332	chrome.exe	92
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 3340	2332	chrome.exe	94
PID 2332 wrote to memory of 228	2332	chrome.exe	95
PID 2332 wrote to memory of 228	2332	chrome.exe	95
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96
PID 2332 wrote to memory of 4420	2332	chrome.exe	96

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.automacrorecorder.com/auto-keyboard-presser.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee7ce9758,0x7ffee7ce9768,0x7ffee7ce9778
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:2
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5252 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5460 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=908 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5136 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:8
  2⤵
  PID:492
- C:\Users\Admin\Downloads\AutoKeyboardPresser.exe
  "C:\Users\Admin\Downloads\AutoKeyboardPresser.exe"
  2⤵
  - Executes dropped EXE
  PID:400
- - C:\Users\Admin\AppData\Local\Temp\is-CRV6P.tmp\AutoKeyboardPresser.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-CRV6P.tmp\AutoKeyboardPresser.tmp" /SL5="$801D6,235045,53248,C:\Users\Admin\Downloads\AutoKeyboardPresser.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:1552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.automacrorecorder.com/auto-keyboard-presser.html
      4⤵
      PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2864 --field-trial-handle=1848,i,8686616982166386826,8501181556466356203,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2236

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:1784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5148 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
1⤵
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=3844 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
1⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5704 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5460 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5568 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
1⤵
PID:3324

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5408 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5996 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:432

C:\Users\Admin\Downloads\AutoKeyboardPresser.exe
"C:\Users\Admin\Downloads\AutoKeyboardPresser.exe"
1⤵
- Executes dropped EXE
PID:1856
- C:\Users\Admin\AppData\Local\Temp\is-06CS9.tmp\AutoKeyboardPresser.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-06CS9.tmp\AutoKeyboardPresser.tmp" /SL5="$8020E,235045,53248,C:\Users\Admin\Downloads\AutoKeyboardPresser.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.automacrorecorder.com/auto-keyboard-presser.html
    3⤵
    PID:1552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6088 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
1⤵
PID:4628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AutoMacroRecorder\Auto Keyboard Presser\AutoKeyboardPresser.exe

Filesize
469KB

MD5
54cff20fd93a6a3aa59fe629b2213d2b

SHA1
b79ccbd968973cf02113ba7b9d9c5c28e70f5d0b

SHA256
268533802104a011621a303505a5e3e730fd1d0d4e3c61ab45837f1159c91570

SHA512
6d65ef9065f7a18b3000b9eddb8a551d686627c8bf2360dbc8f1432aa5d0805e873577b4306ab1c730ed5a2a3a724c5f050b8605716d5ed9ebd3dff566cc5d1a

Download Submit
C:\Program Files (x86)\AutoMacroRecorder\Auto Keyboard Presser\unins000.dat

Filesize
2KB

MD5
3f9313959e58cb4694d150c7e579723d

SHA1
73520c98e2e086ddadcbee852d18636c41dcb8e5

SHA256
efe3ec1df7d10800db3aadfd02e68e6374f4f68a54002ef26a34b2a37b7b5e83

SHA512
8a1c2fb117b42e00860b853c81b978b31e62156803a26f7ae692a9fcd07edb0de9845e001b819f561c4f742bf760e7643087cc40836f35bd33e15894e9617a98

Download Submit
C:\Program Files (x86)\AutoMacroRecorder\Auto Keyboard Presser\unins000.exe

Filesize
679KB

MD5
60af9c1e7bb3b4d7a871358b078b4646

SHA1
8dc898a542b7fc1609359d361ab38bfa120d2f24

SHA256
3d1fd769b03114eda3fbf56c010dbdf16d068e963666d4218f292fc38b51fa2f

SHA512
f734bc87bbff448dcd666616dbf54da051cf6e7a65d1c5854f934f9886508ca26430bc86ab66d2065458bfcf84ceb6aac42e4c5058f28c106d472ceff4cd5585

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Keyboard Presser\Auto Keyboard Presser.lnk

Filesize
1KB

MD5
8b6053d900fe302c54812749092188bd

SHA1
f3afda4d88bc85af6de63f707e3c92d08e496483

SHA256
ed469183468154fafd81ce943efbb76b9a3bd047e5aec69987361c3108c0ca06

SHA512
9ca13dde50d3e61eadc9bb1eba6a1193145482faaf69421c238ee2f6a4151b0b5ca6119c2d4011d903f0cb45e5d9e61e70a8170f2e6055f03b9bac155debe036

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Keyboard Presser\Uninstall Auto Keyboard Presser.lnk

Filesize
1KB

MD5
625e1313fac3b4eb6e3fc0ca4ed931d1

SHA1
ad1e3d2dd46ea451e7767b0756ed1660ca6b2fd5

SHA256
83d992a531c1ee728a2b198c711fa1fe1f01f8a84d76843956be82d0c72f257c

SHA512
772a6092752ba5660e318a15f1885abad9ab49eca965d9a5bfc45c3a2928a860c16d6ffbc00e60d8544df9c2d305d5f993918d1779a63d99a37c12a7541f3c8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
86d3a909588e858dfa952bc02b640eac

SHA1
592feb6c1daf509552c36fdce8e19cb2182c16e9

SHA256
45d0973ee4535869b32f4c1ea98bfe4d1c4fd6324977fdd106add1ad025388ab

SHA512
934d7f40f47e785a08a038b81808a88944864a83ae56caa56562205324dfb5a2c63302d4a77fd1636366be8b50646556dc73d1f9f8aa7b0e2f8fb7ec8f84d922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
997B

MD5
81fea4d3fabc9a611bb7dda144104de2

SHA1
09edb375d4285c13395ca6eef0471ea9307dc164

SHA256
0147628aba18ea45fa5b13bdea026e2f8429335e6132cd6a775effba38bb0677

SHA512
6dcabc85ff4d0f8735791f390dd1db2b599997e5315f7b90ea539f7e5c00b80901fef743e9be335562bbb602d1ab8cc97495f515a8cd9e99344acbcd3ab9b32b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
f7fc35f035c91b8a65f86fdcb522a9c9

SHA1
56386e18b673f8cd1f7594b5a12e8b11e5a4e929

SHA256
e8de1e844876875bde42250467a946311ea08d7ef28b0cc4940ef1043310fa91

SHA512
d4abd2166971bc8a5abf633a6155e18b10909291ccb2b638471942c973a096456ce03b4c2b9a0f1d35baf2a7b5fd5c335e12f22c37a73638b910582af2d373fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bba61c93cdf238d60cbf5af4543756ed

SHA1
cdcdcca3a6b6c34fab55758344613bdf18a5aec7

SHA256
41e23e368a0bde3e4be3fcb9a6a8544a999974622df595e00e7ebd5d84fc614b

SHA512
8903aaf95354c956130989aea5059fd0cc8b6cca36fbb89c766ccc5df3b2584b4f99535c527dc401f35c11d4bcf45429982d3e9068f71e979a0c30184d331a04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2572ce956386186e2c37938d95d528ce

SHA1
84f84302fca57a8745f91f14b39143ad65446444

SHA256
e775e479dc1786923b74a6f180b66ca65124ef72ea38f3e9c56e0285f1214037

SHA512
6a7a3cd21441fd8785f17eb81ad626b11a53e05ed144d953cea41ed15624b607cafe72267f32db7a193b3679268228644ca88c4d2db527ab1bca40624bd5ed19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c37da81590eaef2fca71d1fa5135028c

SHA1
816d76225a76764904b45e9ab6c379029ee47d22

SHA256
0063d213eb3831a75b7911fe6ab6c889b4a31d737f6764d9c032848169d4d53b

SHA512
88542ed4e5314808cb3f17e40552d4275589a6afbaefe3863f2d51d027dd943de62d94f56258c29b6ab2c05f0174a1ee05478d8bfdc9b1594d66881b0c869612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
4ba00c8e748af98fbb791b0d6dda54e1

SHA1
03f527d48cc451276f5be524e178c3ece250e5c1

SHA256
00a55e8a65cc4fe5f8fe23bc01972ce2537963eb2484dab4b53a4ce7b52d902f

SHA512
efd5a3d4c5f265ad65ac0aac4ebf7edfd23d071406350328a8b973ad5bce6cf9eec6025121f0344a2b473c3b33f883d846661c8b1b233301e05ad12acfcb7e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
7bb25ce5c3f440f442bdbbb928ea8c84

SHA1
f279d217740f9e845754d01062f2e096d9dae663

SHA256
cf9aa764def3ed718cc619119c1aad26c6b14141198a12bebe27eabace61caf4

SHA512
52b6cac45f0d9dddf55263855b52e1be70ee4723592f78fdc12187469b9d25271bf847a221c8ecfaae2d00c53bdbe920df8fa53b873926ee246d8f7ff769b527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
9f2917d2f6ba117df47434252d422229

SHA1
28ccdd4069e9ffdc8ff17713abab8aeaa4778456

SHA256
eed3f4b9c12a6130f0dea956846090ee560989e45a55166a95f68932817e7851

SHA512
88bb26894d469f93bc3bfb537758bbfa62047eb2b765fc46f2f1ffad5d6cd708a12067dc7b6006d6d166ba0535dfbb6e2558bf668b8ab9db7d7d2034dd7aaac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588d08.TMP

Filesize
97KB

MD5
af0c1cb55cf3d4f5abec0a2db42d4cf6

SHA1
95752d55d676a1d0864d8397b7a0a93cea4f175a

SHA256
6866f4246fa596da5ac81ea2012fc2e60a9bed53a5a86246404905bb5574f060

SHA512
105a77a7b4284b4e4785999c40314333b76301339d1f4c11c63432a542e74922f85c98210cad4fb23be63ac7adf1f1548923ff09a2ad1212044580021e71936a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7Q9E8.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CRV6P.tmp\AutoKeyboardPresser.tmp

Filesize
669KB

MD5
52950ac9e2b481453082f096120e355a

SHA1
159c09db1abcee9114b4f792ffba255c78a6e6c3

SHA256
25fbc88c7c967266f041ae4d47c2eae0b96086f9e440cca10729103aee7ef6cd

SHA512
5b61c28bbcaedadb3b6cd3bb8a392d18016c354c4c16e01395930666addc95994333dfc45bea1a1844f6f1585e79c729136d3714ac118b5848becde0bdb182ba

Download Submit
C:\Users\Admin\Downloads\AutoKeyboardPresser.exe

Filesize
460KB

MD5
e2d950a5efc2dbb51ac2a0d45e7cc0f0

SHA1
b318542a1db053519a5a357521a7d48e28714143

SHA256
e37ce92151a73d56e484377bf577b18866915595af88aa52de0c2d4b8108b0d5

SHA512
c886972537a642dee743e1a7b14409015b0c972068571fdacd98b7d571ed371345f265df20c5109b4163377de1a9ea866d1f201f1f45b16a372bac7bf50f8109

Download Submit
C:\Users\Public\Desktop\Auto Keyboard Presser.lnk

Filesize
1KB

MD5
7da30efb4a1bc4cffc753c50770b7fca

SHA1
fbc2cbae3da6353218cb1e1255019237b36787f5

SHA256
f6c8ec28ff23a565d9c69abdd65e5aa5e16ee74bcb1b1feae5f5555d85f146b7

SHA512
e5e2b2e353472c1c3604a919b7e9e4f2af015cf46d55329289a564b225f4aef0c0c8ed0549c0d10746be820f545ea7126c2ce90499d29b035c1d4d303c4214dd

Download Submit
memory/400-125-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/400-193-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/400-102-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1552-139-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/1552-192-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1552-188-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1552-135-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1552-108-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/1856-217-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1856-205-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1856-241-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2340-216-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2340-218-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2340-240-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download