1ef9f6f47ce297fa50fe714562d32ec98773acddeec5b17b956e6d4b94bbd14f

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aridek shit/spoofer.sys
Size

8KB
MD5

c879d2a58aa3fa9f85c5d482fe5c216a
SHA1

4b79c5419e89e9ce346082e105f79465231d7d23
SHA256

0aaf411faadaba7419d6fc53a4e8190163619ca502946e8ad98b1e34b5d8188e
SHA512

c54cac910e28e47493ab289eb78130219a2ad632280c95dcf28ada5e93800b26367a515572efa01f0cf5e5c785b00f98d9b931d9f7776f1cad919e16bfcda49d
SSDEEP

192:ouJiD/KYvRfX/4b3ssYc8nKe+qn0LFzRh:r9Yebcs5XZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584420197341243"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2068 chrome.exe
2068 chrome.exe
2632 chrome.exe
2632 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

2068 chrome.exe
2068 chrome.exe
2068 chrome.exe
2068 chrome.exe
2068 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeWMIC.exe

description	pid	process
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeShutdownPrivilege	2068	chrome.exe
Token: SeCreatePagefilePrivilege	2068	chrome.exe
Token: SeIncreaseQuotaPrivilege	5296	WMIC.exe
Token: SeSecurityPrivilege	5296	WMIC.exe
Token: SeTakeOwnershipPrivilege	5296	WMIC.exe
Token: SeLoadDriverPrivilege	5296	WMIC.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe
2068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2068 wrote to memory of 2788	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2788	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 4300	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 632	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 632	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe
PID 2068 wrote to memory of 2504	2068	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Aridek shit\spoofer.sys"
1⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Aridek shit\spoofer.sys
"C:\Users\Admin\AppData\Local\Temp\Aridek shit\spoofer.sys"
2⤵
PID:1392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcff0ab58,0x7ffdcff0ab68,0x7ffdcff0ab78
2⤵
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:2
2⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:8
2⤵
PID:632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:8
2⤵
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:1
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:1
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:1
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:8
2⤵
PID:4252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:8
2⤵
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:8
2⤵
PID:3456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:8
2⤵
PID:3960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:8
2⤵
PID:1260

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:2636

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7f3c8ae48,0x7ff7f3c8ae58,0x7ff7f3c8ae68
3⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4924 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:1
2⤵
PID:1080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4968 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:1
2⤵
PID:3604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:8
2⤵
PID:5704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:8
2⤵
PID:5728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1904,i,11621833213519521048,8894673059771979936,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2632

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_e8649aa0636d23562b1a0219d086c144-edac1a87c84e310aae2d9b41f6da0f91daa10a43.zip\e8649aa0636d23562b1a0219d086c144-edac1a87c84e310aae2d9b41f6da0f91daa10a43\hwidChecker.bat" "
1⤵
PID:4800

C:\Windows\System32\Wbem\WMIC.exe
wmic diskdrive get model, serialnumber
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5296

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get serialnumber
2⤵
PID:5352

C:\Windows\System32\Wbem\WMIC.exe
wmic bios get serialnumber
2⤵
PID:5372

C:\Windows\System32\Wbem\WMIC.exe
wmic baseboard get serialnumber
2⤵
PID:5416

C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_computersystemproduct get uuid
2⤵
PID:5456

C:\Windows\system32\getmac.exe
getmac
2⤵
PID:4792

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
a5f751e46445554a68fdce66c2822d8f

SHA1
0714f0f49000d1abeabb41b78596f78816e5c227

SHA256
54b5fbaa837517dcde2ecff8fcdd4598043b86fe0ba4d4341b2c4898e988e8bf

SHA512
74913ac5b986480a9a2d54f0eef8163cd0ce9253a3caee52fe791e30da3562f00269bbacbe0a06c44ee61bbe61aead25dcbb8b8c5d724b4012b0dbb39131312c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
ce63855dfc0724df20295d5bc28c2395

SHA1
037a44b4116a540486fb7e430f9138c26a4c8a52

SHA256
86fb9952d9e6fb02d05befed992c78e60698ec1ea40618b5db70417dbf4602f7

SHA512
a706b28f75e526996131cfe2990963d8ade15623626030c015fae76d8aa3c42cfec0bbb2e068feaff8ed68e2593ead4b0ad119dab807942f40ff6dcd11cd4bbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
67268d5a1ad0182ef9687794120cfa5b

SHA1
5dc14f6a8a93ed8a61eef583d3acde654e497deb

SHA256
925847f9d47295a3031ebd8da8e05a475fbcb4e5242ff3c96e31f046062b2402

SHA512
b34b151f8833b00a0b80a1eae2534916efe5865ce089316241ca3dc7639167c84e4b007fa1e732c070447648eb718e742ea93ef96cf5098a97ede8f152a2e361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
3ffcad83087676fa6ac22f6c05ce0280

SHA1
736d3e68805944649d999fe6867b45511a25ecfb

SHA256
0fdc6cb6b0d0f152b0548e3956197e5311ad84e69b4da87934899a1fa5837113

SHA512
520e6a41641fec3cb1ccf3355dc5770379f9c7be9200df1e9b9ccf5427f37ca1e576b3c45bae3d7f69352c1ac9be22bce00a783ccfc852079ea9114ae8d412a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9dd67f08da818e9697cec8548a8bb23b

SHA1
c9c8da6af0afcd690854479f4c886f86d66f6a67

SHA256
8a865cb83b5b6c784274335441b7f074d70014258cb3f0d54d1dd7bba5123abe

SHA512
c07a20b78ee462be38e1a9b1083084af43a9cd427941d728926f7f66401b659716d47ad77e769b1d2b636a9adc714ce8409af5d798a6a06a71d29483df442dcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b28e4a53-b9d9-4e71-8d9e-5b62671c13ac.tmp
Filesize
859B

MD5
40e7d3f95132074015c8b69f5f7402ce

SHA1
85747147d5851b25773081f0dadead2bb4dcd35f

SHA256
895e9daa47e73b6b8b860fe517cf987a765e55efe65b476be11db08387f78422

SHA512
718677ff9598d39ea2d8bcbb8c9a8ec1cec7d82c9d06d5f8cb99a3d9b4a7601edc3e0e6462688455fb8afee8b1f07843490e2c651e4272c8dbfe6dff92011272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
99eefb77fdc1a6eba4ee06c8fafbbde6

SHA1
11b4ca180c99fbbba8efd40ff8a1cc1799a88c03

SHA256
a53bc046836e6fdd9e7be54725083e56ca953fce2b83ec630cc575aea72d0c03

SHA512
4475b54449c25b8454fe3860a032c61eb2eec533ef14ce2ec03dcc51371b02c957bfb0a8be9b5580aeb192c2a779e61cc0d835f6162278fa5c762bbdc7c47fe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
63f8291cb527eae290c8d8fbfc5c8c97

SHA1
bf51587d08a44831a560e4b9e416752e2a34b24c

SHA256
9e1f623e9a57de838f5a5e37900ece3a60a301e888b3019fb17df01bb98001ac

SHA512
4a5a2ddd73f2d8501c1cef1ff1807c72f3949656a2c2f017fbb8bf4328350a11ac116a8488d67a607f9c3dc8fde599c167ef3b21cacf7ed444e19992a490d958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
545d865e426b382cc14d461942b89f9e

SHA1
34928b4fdd916d6cd26bee4da0501a306ee8896d

SHA256
0dad30ab257d2526be70f8f9df9ee987433e8fdf22095b2fb40744193cba1ef2

SHA512
d5eb88d5e0311efd700866520afd475219225c52f1fb96f85a723300649e878cf0f246b369372ff3ce0a5e9f962879503d57c13410ab71533d677eee43915ccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
96KB

MD5
205846cffe8ccbbfd4704f3cadfc00ff

SHA1
c2e02a144fc6e8315fd796d69d0d9b02669bd219

SHA256
8333e5a189c013bbc7277dc684b9176c14a6177750fe369ae76d29adbfd61725

SHA512
d37814170d5174b97cfb0883d2918813230cd83975c01103f0a524e4d059a41968a4b6ba163af2ac96491798f7e36c21582b99724186f8fd065b79318d50443d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591709.TMP
Filesize
88KB

MD5
733538c9764fbbefb4ce180834ed70b3

SHA1
a9179d233feeffcae9867c7cea6eceddf69fa06e

SHA256
c4f8ffd74a1b4943bd238917470b9ecc1874cdd4e941ee0e5d2d123629ee3524

SHA512
8e4b3d14945cf02d985cb0f55a5b06ea3fa368210f50c2227c60d9ad4af011c2d3337bd13b0ca898458adebda56c281f6469d7942236cb5985edc385227c6edd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b6db1f1d-845f-486d-bdbc-b6fa0b8cca39.tmp
Filesize
252KB

MD5
6540782a945d9c744bdd231efcab960a

SHA1
7fed8f8b003c7a9856cdf892259f1ebea6f8562f

SHA256
36a76af2d6b53e4a935f8afb0b7be2a23a170f929ddad71bb143f3de6c51b343

SHA512
27077ec2347a410ad7d5f52ccca2d956ca29dbd00774fc35366791c28a29a30f00341b7081ba4cfb057a332ae28c2f2940e9c6064c7b5dfe31b6c2391f39367c

Download Submit
C:\Users\Admin\Downloads\e8649aa0636d23562b1a0219d086c144-edac1a87c84e310aae2d9b41f6da0f91daa10a43.zip
Filesize
804B

MD5
7f80a9d297dc00eed190cc3ea963dbd8

SHA1
ac41a2d161707caa071cda497b8788c3efab032e

SHA256
085fa323b02303cd693e8373541fd10ae4632a929a20c709c205f33ff6dd0bd1

SHA512
bc9b5597bcd057f09d3cf816024a816e60042d06a7e234f10f1c1e0befbc0fd1a9f778c33aef1b41a46739224e4a088cb604d22c4d34331d97bd6d864a79dcad

Download Submit
\??\pipe\crashpad_2068_SAINXZJKFIMQLHPL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit