discordrat | 02bfbb334d865f9d3017805f497f796e2e196daac380363c66a400f703e24dd9

Analysis

max time kernel
109s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 23:29

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-24T23:31:56Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win10v2004-20240412-en/instance_6-dirty.qcow2\"}"

Report Analysis Logs

General

Target

i_like_women.exe
Size

78KB
MD5

5a5b6e53ccb50923996ca249327a7e9f
SHA1

61ac9c582c6e8b47575f7876726e7cd7a858b01e
SHA256

02bfbb334d865f9d3017805f497f796e2e196daac380363c66a400f703e24dd9
SHA512

e90a0aeede476c96d5b58dd01f92481725170de93096fab445a89d40da327553d989f7c15c726ef5bac98cb93e805d434b27174b03d6a11271ece8ab38e242ce
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+/PIC:5Zv5PDwbjNrmAE+HIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE5MjYwNjY1NDg4NjMzMDM2OA.G9UZ1L.0eBfljxuZnpbdAapktcja1jSowd2_zkrNq1bm8
server_id
1192606928027795548

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
114	discord.com
117	discord.com
11	discord.com
12	discord.com
27	discord.com
52	discord.com
53	discord.com
61	discord.com

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584750327188471"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2112	i_like_women.exe
Token: SeDebugPrivilege	2220	taskmgr.exe
Token: SeSystemProfilePrivilege	2220	taskmgr.exe
Token: SeCreateGlobalPrivilege	2220	taskmgr.exe
Token: 33	2916	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2916	AUDIODG.EXE
Token: 33	2220	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2220	taskmgr.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe
Token: SeShutdownPrivilege	5096	chrome.exe
Token: SeCreatePagefilePrivilege	5096	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
2220	taskmgr.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe
5096	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 2616	5096	chrome.exe	113
PID 5096 wrote to memory of 2616	5096	chrome.exe	113
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 2156	5096	chrome.exe	114
PID 5096 wrote to memory of 4364	5096	chrome.exe	115
PID 5096 wrote to memory of 4364	5096	chrome.exe	115
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116
PID 5096 wrote to memory of 3716	5096	chrome.exe	116

C:\Users\Admin\AppData\Local\Temp\i_like_women.exe
"C:\Users\Admin\AppData\Local\Temp\i_like_women.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2112

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffff9dab58,0x7fffff9dab68,0x7fffff9dab78
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:2
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:8
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:8
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5700
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff68242ae48,0x7ff68242ae58,0x7ff68242ae68
    3⤵
    PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:8
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4244 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:8
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:8
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4852 --field-trial-handle=1960,i,17960612528997966450,10974505177327621157,131072 /prefetch:1
  2⤵
  PID:64

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240424233033.pma

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
201KB

MD5
f5bc40498b73af1cc23f51ea60130601

SHA1
44de2c184cf4e0a2b9106756fc860df9ed584666

SHA256
c11b6273f0c5f039dfef3bf5d8efe45a2ecf65966e89eeb1a6c2277d712ae9fb

SHA512
9c993ef3ec746cbe937bbe32735410257f94ceb6f734d75e401fb78dc2e3ab3b7d83c086086f0e1230dc8dafd5328f9af664341eb781c72e67c4d84d1f6c1112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4c586d56d45ae7fed7f93b8eba2711c4

SHA1
707b5232d0eedf8dd1657d37db0ad15ff6609ccc

SHA256
59687325a7408489b9db6249b12744a41d8cdff4b9050c239df9655938332b79

SHA512
ee62586a16b52d1f34e39ea3d77f6c94ff8d0670c74c6067333a62789e1f341c55415f873d2538086449167281cd55ddc8a78d6721c755df04ffa2ac4e403d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
df38d6764a8c7084fb57d2fd73a71174

SHA1
bd1e3f8c99bf1bcd3f239497399ea9db2bd70058

SHA256
2c9f11536dc94eaed1e8d24ab405838a145b139000761e9073e21e4e0484b8c9

SHA512
7c8937c33a2ff5505aef1b7920e767f4c1a5be30cb060be81dcd772227bec01a19f4eab9f0159a31ebf933d6b377f5bc8129529d91c96607b8f60779ed950c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
acbefc176db8efa637ffe4af99daa306

SHA1
8edfd3dc8be738e4cc2585c26dfa9676b3883418

SHA256
f945c6e5988b34ad4cc840f6e417f0013276bfb5af26e30090ae6831fbe2ab06

SHA512
b3836b8aba1045a7a60f7ab5158bbb13d3a4cfa183f64645bda7993a65c03bb39df7b2f93b1aba70151b77da904dd7815b94b035a7bf034827d6559fb2e1f632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
62e9e97028ce6a896a40a11e85d22141

SHA1
f4f7765baa03c489fdb2353a1335a3a13f3b5ddc

SHA256
b33e7741eb6ab00ad2b6f7aa2a5379c72ba4def5a5d7a18594b9e7d23c656c31

SHA512
760cba2debd879b7d50c158a7e8bcc212ab72a815aa3b9ece15a4605779a755f82c1563fbd3c56fa7fab0019a996591b02b9e43a48e830451d82d2c4f0c44e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
249c23d3ef2c0a1990b588e3b6407249

SHA1
87456bb3851c261d9af9d34f2debf73f6a9068b3

SHA256
4bab1583102a27fe05ae9dcd99879cfa60ab85d0365b5c556c0c7e1a4d75bae4

SHA512
f99227a89b963f56de289254c95d812821f9095fe32ab1a6baeea07d1a039bff43927c1546280f50510223ab96924043569d279a2201b8819a877f5c504da4dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1ab863c19e6fd0fecf081339d42218fc

SHA1
0e3090ebcebbe2575e47e5ed3e6e15325563819e

SHA256
0d265079ebf178e6469b4e9ec02c516444be0ff62221f9b82ce39ed2d3fecc4e

SHA512
9b5f43875cf39f115aafe693e110facf00ab064a43fe30939cba6c1f78ee062e11f36e65376721a1c74f8574029b82d1946b89a311f8f1b62550c9c7109be0b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e3d21ed34bde01b48e8b7e5c1b136a8e

SHA1
ae016593dbb3a81598190f5263c1806c5b4485e0

SHA256
92534a5dd3d625037178e05152bae07283d9d1c73a48cf0b2648172135c4f540

SHA512
c50df28862ce680b7ef50984fd4b8d89c535c74544e78437238fe05539b839519635bbd05f6cdae2a12e69e604d49cb9fe03b94c57b83e072d046d9d170d265e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
d6d3a12cd9cae945b66143c267f1ab22

SHA1
9ab9e1d1d24e11948b7509d14b2082375c5754fa

SHA256
5ad2fb5ee4586fb5b29ec47bbae4d4e6a37960b9d43964b2dcde2fd84487aa9d

SHA512
8b6477be28d818e21804a8aff2bbe5af394da96c1fd959a996895046e4745b72cd7871f8f0b797e2cac74b2a8c2d7c15480a3811ed460dc3e7528eed18e074ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
a9815e28007ced0998b96c12f8205158

SHA1
143531df16831a17c135b94eda50b39460bc6c1c

SHA256
387f04e2a758c3f5935da4f03652069c67bd29002c8a98bb31f224c82958ec76

SHA512
1e472887cbe8ade83c3a275044d208b46eee371aafcafb170bad541d2e7ea9aeb5f5de39f5c85c3df27867d56ade1a01b3cb480fdb40cd7970b746e91cf8f601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
6db6c89e78d12d3e1d85e7fb4c15d2c4

SHA1
b75c2a9389dc5a8e6c2bd2d339fa19184faf4d3f

SHA256
2764cc2272c8355a87929774951124a664790d3fbf58d16f27487a1693c6806a

SHA512
c48c9c6e5bb1f18fa298caac2e1d5d4f12d9a83368daabeedb5839b432b403f3a6d10795f2835ecf0ed1279dbe2a150300990df68b78f9709571d891cbe9ed0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
24854e3cc05270a9488f5828e96099ae

SHA1
a8d65323cf4e10717142d05ac1f50452edb65fdd

SHA256
2d8595e3c43cbbbb70231eb7f042bf4293bfba439c557c46758e5e5d51069efd

SHA512
ae1edfa4efb75deb6e6af1bbc3b1039b9c50b7bb6d35a113a8bc21bd87178d73b8d32644f555df5e9217ee0b7b65f0a5498a1c0e1e32a9d733aa597e8fcb2afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584b6c.TMP

Filesize
89KB

MD5
a0abc10b799a14f04355381e5f421732

SHA1
2521eaca6c9ddb8046a1f3cc29e84e3acfaca5d1

SHA256
e08596f1c83e7bf9346181f7758323c484476bbba56de9e194ba92b78b9a9654

SHA512
6f2e8407c32d0fca001b4f7d81a7d903ec58012853da20b3fd5ea2517c7295dff0ce312ed2dac289f33f5a2e6793ebb04d35d3cf273edc82d953d42fea025f91

Download Submit
memory/2112-24-0x000001E969A50000-0x000001E969A60000-memory.dmp

Filesize
64KB

Download
memory/2112-124-0x000001E969A50000-0x000001E969A60000-memory.dmp

Filesize
64KB

Download
memory/2112-0-0x000001E967500000-0x000001E967518000-memory.dmp

Filesize
96KB

Download
memory/2112-19-0x000001E969EB0000-0x000001E969F5A000-memory.dmp

Filesize
680KB

Download
memory/2112-18-0x00007FF809050000-0x00007FF809B11000-memory.dmp

Filesize
10.8MB

Download
memory/2112-1-0x000001E969AF0000-0x000001E969CB2000-memory.dmp

Filesize
1.8MB

Download
memory/2112-2-0x00007FF809050000-0x00007FF809B11000-memory.dmp

Filesize
10.8MB

Download
memory/2112-3-0x000001E969A50000-0x000001E969A60000-memory.dmp

Filesize
64KB

Download
memory/2112-4-0x000001E96A330000-0x000001E96A858000-memory.dmp

Filesize
5.2MB

Download
memory/2112-23-0x000001E969A50000-0x000001E969A60000-memory.dmp

Filesize
64KB

Download
memory/2220-12-0x000001E367640000-0x000001E367641000-memory.dmp

Filesize
4KB

Download
memory/2220-13-0x000001E367640000-0x000001E367641000-memory.dmp

Filesize
4KB

Download
memory/2220-11-0x000001E367640000-0x000001E367641000-memory.dmp

Filesize
4KB

Download
memory/2220-7-0x000001E367640000-0x000001E367641000-memory.dmp

Filesize
4KB

Download
memory/2220-6-0x000001E367640000-0x000001E367641000-memory.dmp

Filesize
4KB

Download
memory/2220-5-0x000001E367640000-0x000001E367641000-memory.dmp

Filesize
4KB

Download
memory/2220-15-0x000001E367640000-0x000001E367641000-memory.dmp

Filesize
4KB

Download
memory/2220-14-0x000001E367640000-0x000001E367641000-memory.dmp

Filesize
4KB

Download
memory/2220-17-0x000001E367640000-0x000001E367641000-memory.dmp

Filesize
4KB

Download
memory/2220-16-0x000001E367640000-0x000001E367641000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads