fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
Size

1.1MB
MD5

6f2ec6c9b477776f718d435afd693fba
SHA1

1074b25456f871d730b4b24cf9faba3a2ba372df
SHA256

fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6
SHA512

24ccad2069179d5dae47cada57b2e968fb4057d1b1ab31c783f6d546c3f9a0b56bb91d117fb0a6d61776cf3ec49758239d0e82e7083851dddeb5914f187221ff
SSDEEP

24576:mqDEvCTbMWu7rQYlBQcBiT6rprG8aSV2+b+HdiJUX:mTvC/MTQYxsWR7aSV2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578376147858127"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
3212	chrome.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 3212	2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe	83
PID 2120 wrote to memory of 3212	2120	fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe	83
PID 3212 wrote to memory of 4220	3212	chrome.exe	85
PID 3212 wrote to memory of 4220	3212	chrome.exe	85
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 4840	3212	chrome.exe	88
PID 3212 wrote to memory of 2744	3212	chrome.exe	89
PID 3212 wrote to memory of 2744	3212	chrome.exe	89
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90
PID 3212 wrote to memory of 1556	3212	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe
"C:\Users\Admin\AppData\Local\Temp\fb71ee29f164d3c5ddcd1cb100fbb9c5cbd7427f7167f38f32cfdaf6bdd30bb6.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3212
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0588ab58,0x7ffa0588ab68,0x7ffa0588ab78
    3⤵
    PID:4220
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=2000,i,1894625563067413523,10761453243856024947,131072 /prefetch:2
    3⤵
    PID:4840
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2000,i,1894625563067413523,10761453243856024947,131072 /prefetch:8
    3⤵
    PID:2744
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=2000,i,1894625563067413523,10761453243856024947,131072 /prefetch:8
    3⤵
    PID:1556
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=2000,i,1894625563067413523,10761453243856024947,131072 /prefetch:1
    3⤵
    PID:2328
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=2000,i,1894625563067413523,10761453243856024947,131072 /prefetch:1
    3⤵
    PID:4836
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=2000,i,1894625563067413523,10761453243856024947,131072 /prefetch:1
    3⤵
    PID:1316
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=2000,i,1894625563067413523,10761453243856024947,131072 /prefetch:8
    3⤵
    PID:2336
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=2000,i,1894625563067413523,10761453243856024947,131072 /prefetch:8
    3⤵
    PID:944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=2000,i,1894625563067413523,10761453243856024947,131072 /prefetch:8
    3⤵
    PID:3020
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=2000,i,1894625563067413523,10761453243856024947,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4212

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
66b7ed06a8f10c4c668091d030313911

SHA1
ec0f103897c1c167c5f56567a39add31996f0a45

SHA256
c2828498d19d319c465606a0cbc8bff9bdd65cf3d1c2043fc3fe56797b59de07

SHA512
c9bec713d011f6df34ef1197d6086ec6a2647fd6a43049a5adb83e0f20865f4206c83134a58a241e1a5554bafb11288de4664bd793af4f261e35d9137d703e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6c2de8a1-7845-4fb0-891e-ec7a54228315.tmp

Filesize
2KB

MD5
209a82111154b60d576398009239e4fd

SHA1
c9cf925453a95154741160da80772c9f3b4ab4a7

SHA256
db2c625ec8e7b7bde8c9fe9511a08f661b960b6e27e700987a611afbb372729f

SHA512
d53d402f5d74b566715c953e4b5e7152dbab027908275201357d167157e23289377c2516e17bda87431d10c522d15d8e178c520e3be730bb6d94c564c0b36397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
66dfcc88557332ee8ceab42fc7ac7e54

SHA1
1a335aaba9e623b179ced02b4230ad9648d88939

SHA256
acc626f1a0c76bda3b2295fff1050b307e6df43973a10689b06ef1598f04670b

SHA512
28dd120e7c76eeec57ff31434b6dbbc8a4c7aaa5e4dc6d40058dded10efab3c6bc4a4bec784e9da77dc16b303f6174fb986163a94fc81af1dd89e96a167f5a97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
1246980ced1f1d1461273a66c0d347ff

SHA1
95b433890d016dc5a74875a59d2378a7ec298616

SHA256
48690ecdd45eb88ac7df577db7a78b99c32ac330d2d49b8c81ca02f5ca33949b

SHA512
c4207cbaa4147aedd3660ec276eacb4642e2b114a14d59eefc6a0b0cfddbca631abd7ee7117ec5667b76f3c8ea7228e61a4d1df6bc1cb3392b73e02f4ed09d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
853061a13e3f317486c2c605c02c2e99

SHA1
d89cf2effab8e4425cfae38ad24e24419c75789b

SHA256
59daf674edf95fe17915e178fc94840915171a13a7d2f17d7a0cbfcbf5d46d21

SHA512
5c2b7621874dbc2230ac2f80f1dd05fcd7ba7e15a34dc44bbf2e3b89344fbe17994fdd24760f85583d1e9af7281759f00f65294c1491e23b5a088c371d5c3b75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
6e9022135bb753273e99fc9e2a0e5fca

SHA1
1c08d4adbeb800e9dd0305f9dc22ad14246c9c45

SHA256
887977e3de0f8a650e50ad494164c6f28c52d2597161ff14054545b43ec95cf4

SHA512
e529676ec1edf1b6ebb142f8d654e211d589d4a490ba606de3fdce95eff26d60a0f4bbd5b8725a642208267704bee9769b818e0a1a2b7f5f4890fb8e39a4ff00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
1cefce450669dd3ba8db5bbade46b545

SHA1
9af98d21d0915a0c40a98a9575f2dcfe206d1c0f

SHA256
05c8c4940b027ef47621cbec09d9d18f30809369384025ab2e86db2dbbf54632

SHA512
bf5c9e48eb2e201e7b15b4fcca9f41e94864b86ee4d75dbd8703140944d8d50376c8ffdaa54dc506612646162825c968b62a78174ff9770fc2e1eb3db815a919

Download Submit