hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

24-04-2024 21:18

240424-z5lz1ahg5w 7

24-04-2024 20:42

240424-zhc4kshc4t 10

24-04-2024 20:40

240424-zfxefahb91 7

24-04-2024 20:37

240424-zelljshb71 6

Analysis

max time kernel
66s
max time network
78s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
24-04-2024 20:37

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-24T20:39:40Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win11-20240412-en/instance_13-dirty.qcow2\"}"

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

bootkit persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

8 camo.githubusercontent.com
8 raw.githubusercontent.com
25 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

[email protected]

description ioc process

File opened for modification \??\PhysicalDrive0 [email protected]

flow	ioc
8	camo.githubusercontent.com
8	raw.githubusercontent.com
25	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584647130030254"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings chrome.exe
NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Petya.A.zip:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1644 chrome.exe
1644 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

1644 chrome.exe
1644 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings	chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Petya.A.zip:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid process

1644 chrome.exe
1644 chrome.exe
1644 chrome.exe
1644 chrome.exe
1644 chrome.exe
1644 chrome.exe
1644 chrome.exe
1644 chrome.exe
1644 chrome.exe
1644 chrome.exe
1644 chrome.exe
1644 chrome.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

[email protected]

pid process

4036 [email protected]

pid	process
4036	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1644 wrote to memory of 2828	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 2828	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4580	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4728	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 4728	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe
PID 1644 wrote to memory of 3804	1644	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd4661ab58,0x7ffd4661ab68,0x7ffd4661ab78
2⤵
PID:2828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1748,i,8785330492500202939,12879468434227532334,131072 /prefetch:2
2⤵
PID:4580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1748,i,8785330492500202939,12879468434227532334,131072 /prefetch:8
2⤵
PID:4728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2120 --field-trial-handle=1748,i,8785330492500202939,12879468434227532334,131072 /prefetch:8
2⤵
PID:3804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1748,i,8785330492500202939,12879468434227532334,131072 /prefetch:1
2⤵
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1748,i,8785330492500202939,12879468434227532334,131072 /prefetch:1
2⤵
PID:1476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1748,i,8785330492500202939,12879468434227532334,131072 /prefetch:8
2⤵
PID:3316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1748,i,8785330492500202939,12879468434227532334,131072 /prefetch:8
2⤵
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1748,i,8785330492500202939,12879468434227532334,131072 /prefetch:8
2⤵
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1748,i,8785330492500202939,12879468434227532334,131072 /prefetch:8
2⤵
- NTFS ADS
PID:4584

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3256

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1228

C:\Users\Admin\AppData\Local\Temp\Temp1_Petya.A.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Petya.A.zip\[email protected]"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:4036

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
a67e97a1dadab541a2fb59064a9abc07

SHA1
107297bbe5c07b0628b2809bc2f3100794b2e205

SHA256
32f763726a157fb344478beb11d38fa84226bcd8f8b1f57689e519ec11f8d6ea

SHA512
e22dd66d7f802302ddb7bbdf390fe9efac176ed834723ce75a9e3d03cf8c137a2d33c044172570b239c4be48492394e014be33475a674809081dc2d128341b41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
8c00f539b5afa5c66e8471562a0ebba4

SHA1
528df599f05c57b7b21045857b6990307f102ad8

SHA256
d676f67041b811175ef6150536fc2974dd181fe1e4bf0d120a83b3c1492a9363

SHA512
1d15a4ca27ad8f78a675a2fe98a85045c08598e1c31421e8e1bbd3d35a35e199ae4da4319482fb0d55987709a88ccdca8e9e3f4ac42bc1c3fb5c57f59c0eed32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9a006a247f5361716a6810f92bf7f15b

SHA1
f2796a4f90509a3b7e67c86902345badeb4fae4f

SHA256
a7fdba3ed239cd4ff23850a37691834d08bd2171fc60f3c6fb67628e0adacdf4

SHA512
7490b31a8a6c42a74d19567f462ef7f5f793fc918fe8ba70c0a9a75c5fe35392bb1249d31172c85b979854ae24e6ad24d01116020054b108977a54d5e7d356a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
899e1481586c4d6fd8cfa3f97fc9404c

SHA1
c910a0802c9ea845b2a3fe03bab68aba1c191349

SHA256
0adc1516b7dc4ce1aad24e5b625f413503f1938c2586c25535e3c0e33471ae97

SHA512
e51f9e936ebe1ca314aea3363bb564600ab145bead1d5ba3590bf575d6fbb4fe92a3116efc24098ed7023544d8d483f3c1fb6d6ab59b7c6eee1b9b5971e0d724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
79ea2f11326f24a6c38992ffdf778677

SHA1
193c3b8403b709d193ad614c73f116d6521ed362

SHA256
46245a0dc873b71ee217d34d4d680c8c1951630b68abe7a51ec81694f59efa0a

SHA512
87c4a6c1e56ca623765f0fc1439850ede342a5adc37ba1c14eac1206e33c07dfbe138525f051a91e6b0590ebdfee4c95c6262ac67b948ca9f1a0e1fd25d15436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
44b76269da683d299f1eff0b35cb0979

SHA1
13cc9718f8195ffa2481d0b5e2c831e8007cec5d

SHA256
e87a93f598aa95de92f4b32baab09def2eda28ff2d0bf2b45bdb1825facf0d44

SHA512
2bbd5bbf43a14d58a8f56a5db04b5471980600e054614f1a572f6f731047c7e57b2d29712bdd0eebd69e66b1dbef8b8eea6b642ec7e4ee23d9e004a895babc40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
caaf6637d935ef0b94bbee5fb9dd1111

SHA1
0e43f66902729cfb74af6a239846ce4bfe8fa610

SHA256
09dd246c9ab6c1102f6a7fdd272888952a8eef895dab4a11c2ed109acf307edd

SHA512
0a7a1b4caf0862b5129581d14252cd51d4a17e8ec3da8a558bded6e0498e848da124bf1ebdc8e6428e2a403e45618e9fd6e626866f33e34a39bc1a649f393b30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1f8d4f81784f0cec320178394896418b

SHA1
9ac5e6772bc54449328762c20e37547644081622

SHA256
67e8a55984699c4c65e58eda907328450d5266745b5d39e6add3485f13b9765f

SHA512
d1fe2b73d30745ff791280fe49117bdbad1eac1bcbc13639dbf15bf04bf50dbc886a2e12ece4bcf75512d42f3ac400100d9c2c22f74c300a032248928b5b4269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
32c6193170ac28cfa8fd7910ef11cc8c

SHA1
e690077f80a47465934f63a6a5d4505b846c752e

SHA256
d63bbbec34bdf1ba9ee58fbff9a83ffe8673f727b1ee4d7806a8e303f164a156

SHA512
c0f8afd66d2eed44635edad47fd3705e73d5f761bc6177cd2125df4cd6acd553c9dbf72a254092836c6478780b79998f6575a41c036e931eeae8d4e4d2b70138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
127KB

MD5
24696e9327dbb00f87dc31ace43d7d54

SHA1
91e087d4318dfc3c17fc5592b77654dd9d375253

SHA256
9aa5e5546f733446a3c424346fded69ef0bfe13170b098a3364b4dfd1eed9aaf

SHA512
9d0f176fb1946714f96f4508d0c975fb7caa4dd92191e95b50890ebdbdf8f249708cbf4eef1c22017c6d46e217faa1c0ae16c321604a6d243821322fff063d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
c282d5df145db70954f4714eaad48b46

SHA1
0790f8e5cc1ce456cdb5306eeda819632ca5b843

SHA256
c902780ed71fb8e1926f9c10b88172acd3f5b5b1560cc3fc18443fff9c7f5ec7

SHA512
3a5c18525c69dc35278376c686f5cd0efb25e9c82ac85db9265f149a85a628d20334ec82dd59969c1ee1a566c3d2b67f1b75d5a3b7ced4a938eda6a4b1c835ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585f42.TMP
Filesize
83KB

MD5
a88cf752c55fd813afbe97d1df00c4c5

SHA1
5dc7f1c6d04368dafe685d6f23441203f90cf60c

SHA256
b519c64a9c6601c049bddd4ea58201800900f0606edacb41cdf71e59eb4d9bd1

SHA512
f6bfc4be5b4c69b5a9bbe2a93aa4b7908e1f0ccfcc8e932eb98915c2d80d1a91227a6420511cd4b6ccac87ca61e6a838a4d5739e4782ea54a290d9c9d475c8b8

Download Submit
C:\Users\Admin\Downloads\Petya.A.zip
Filesize
128KB

MD5
1559522c34054e5144fe68ee98c29e61

SHA1
ff80eeb6bcf4498c9ff38c252be2726e65c10c34

SHA256
e99651aa5c5dcf9128adc8da685f1295b959f640a173098d07018b030d529509

SHA512
6dab1f391ab1bea12b799fcfb56d70cfbdbde05ad350b53fcb782418495fad1c275fe1a40f9edd238473c3d532b4d87948bddd140e5912f14aff4293be6e4b4c

Download Submit
C:\Users\Admin\Downloads\Petya.A.zip:Zone.Identifier
Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
\??\pipe\crashpad_1644_KTQRPPMRZUMXFMIS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4036-310-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4036-311-0x00000000022B0000-0x00000000022C2000-memory.dmp

Filesize
72KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads