Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
153s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
25/04/2024, 17:27
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
11 signatures
150 seconds
Behavioral task
behavioral2
Sample
d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
Resource
win11-20240412-en
windows11-21h2-x64
10 signatures
150 seconds
General
-
Target
d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
-
Size
1.1MB
-
MD5
a661734007ae07c121ba825477b4c52e
-
SHA1
8012675c31250264317d7819ceb31a61181c0f20
-
SHA256
d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2
-
SHA512
e28be33541276a021d860097a570458fd1e3e0f5390438aba6fd8ca260a2680ef61161f279724a8d2cd1cbe4108d8ea1101ce11c6ce5e17541433b011571145d
-
SSDEEP
24576:BqDEvCTbMWu7rQYlBQcBiT6rprG8auz2+b+HdiJUX:BTvC/MTQYxsWR7auz2+b+HoJU
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585396706610730" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{07CFA12E-95EF-425A-BC04-A6FB97256FBE} chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1212 chrome.exe 1212 chrome.exe 2140 chrome.exe 2140 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe Token: SeShutdownPrivilege 1212 chrome.exe Token: SeCreatePagefilePrivilege 1212 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 1212 chrome.exe 1212 chrome.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 1212 chrome.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4992 wrote to memory of 1212 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 90 PID 4992 wrote to memory of 1212 4992 d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe 90 PID 1212 wrote to memory of 1000 1212 chrome.exe 92 PID 1212 wrote to memory of 1000 1212 chrome.exe 92 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 3312 1212 chrome.exe 94 PID 1212 wrote to memory of 4608 1212 chrome.exe 95 PID 1212 wrote to memory of 4608 1212 chrome.exe 95 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96 PID 1212 wrote to memory of 3948 1212 chrome.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe"C:\Users\Admin\AppData\Local\Temp\d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe"1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4992 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1212 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff971c29758,0x7ff971c29768,0x7ff971c297783⤵PID:1000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1848,i,14766696277160669763,7472927110726932897,131072 /prefetch:23⤵PID:3312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1848,i,14766696277160669763,7472927110726932897,131072 /prefetch:83⤵PID:4608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1848,i,14766696277160669763,7472927110726932897,131072 /prefetch:83⤵PID:3948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1848,i,14766696277160669763,7472927110726932897,131072 /prefetch:13⤵PID:1352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1848,i,14766696277160669763,7472927110726932897,131072 /prefetch:13⤵PID:1436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4644 --field-trial-handle=1848,i,14766696277160669763,7472927110726932897,131072 /prefetch:13⤵PID:4592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4800 --field-trial-handle=1848,i,14766696277160669763,7472927110726932897,131072 /prefetch:13⤵PID:808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4964 --field-trial-handle=1848,i,14766696277160669763,7472927110726932897,131072 /prefetch:83⤵PID:2592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1848,i,14766696277160669763,7472927110726932897,131072 /prefetch:83⤵
- Modifies registry class
PID:2964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1848,i,14766696277160669763,7472927110726932897,131072 /prefetch:83⤵PID:556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1848,i,14766696277160669763,7472927110726932897,131072 /prefetch:83⤵PID:3560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2732 --field-trial-handle=1848,i,14766696277160669763,7472927110726932897,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:2140
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3992 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:81⤵PID:4524
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
336B
MD52af170e09f8670b84ca951b5e902fcda
SHA13795aa7cbf3c5e49f25083cdb674d8a4cebc9027
SHA25640251498b79c0d6010629639fd88e4048873ea6c645f82ec412049a4a8d52afe
SHA5127698f775aebb2de9860588e303d135e908c3921fdb38a016839507482618cdfb9d8e3cc20d218b9ff6d15c13e9687dabec2f012c4727a881fbc7da3f1ceb2af6
-
Filesize
2KB
MD5d5d42adc6c8d599b8db265d38d20c749
SHA1358c06d442cf57d2657ea9a52b8c3cc4c7d82c2a
SHA256dbc1a39c548143b65aa8ccd48d7d8934ab42109e06dd66a2e51d215e4a112012
SHA5128af8b6396babb0e1ca885c9c47ca03da1643309c1e76417b611c1a6a8df9c0f08a8335635fc8e967e483502ae60fcb5ba9d93009af30df9a7a0aac210b6fd055
-
Filesize
1KB
MD5bc45746eb3e7c2d10c486078f71e9510
SHA1b894bc53a3cd7d71cea5abaffb3a1484f7a544a5
SHA256013471617d3cab23aeea9fbf67c151d54c1ba53072a453f750c86e4c8d85b417
SHA51238acbd043c366e6a05d61ec362da744ec9befcd5ed3e994a596045303af4db488a779c80ea08a9e368c5ce250308a2f03bd87ec9fef971493f7f97f02d355156
-
Filesize
539B
MD54a120d3bbe96eb1872781011ea032cd1
SHA1f1a1541fa8e587022baa16fa957580d95804d1bd
SHA2560c072719dace61cffccfb000446477917fe99d99528e07e510c0d0a5bc639f75
SHA512f2ed062cc748367a16e57e8d9cf422deb334e1d499f7377d092e84cae7fe06e3b40929009f896e53f6962ff20ee1f1920a94691e5dc94fb0af74253467eb3e19
-
Filesize
539B
MD5aded8f490f79dd00555068f67f9598fa
SHA1a0f24a5fb606f6c8aacbead3aab49255a00bd512
SHA2568fd98c96bef00e25ecfa5ac60aa64564060cfac97a6580f51539818dc45ac114
SHA512495424b2f552224c42d46598228e52816c2efc57e2c601a4af1f600f052143e241564cd150a6b01802c03cb05961e20bfc51788c839858e056fee190a927bc36
-
Filesize
6KB
MD592af5d31790371add12240e6e1e009be
SHA180df03f6ac59da3087c4460c742ba199d9f5f2f1
SHA2562dbe91992216275c30b9bd703e9c7fd2a5ba51be3354b4c25bff51cc1f013dcc
SHA5121ec71456f348f9df8718835cca191384482e9dce466c625973fddefb5206c08c1709d27c7572aa02dd0c299a62765f77c1235bee6adfe1e46bdf55c811e3e5ac
-
Filesize
6KB
MD53d1b539c20c4b2ecd613436c8686141c
SHA1711b64bcb5059d18e77bedfb380e624f917b9bed
SHA25643c70240d80870ed77484d8c7deafeb6986fe6d830f1674d72a4b666695ac95f
SHA512ddf5ca53493c77a31bbdf86d02997a736ad215a85429c48ed39e5dfa4b4aa6e29c053dc00d8268ad425fdcc866d26dc400476e4d7be549f2f7f232242b233cc1
-
Filesize
6KB
MD5add9d9358ffae1d1672ae829cd5c7fe0
SHA1253056822a0ad06ae836c4af60ed4a53051046f0
SHA256d40133b18ef2d5b7194c5c9ba97d83314f3a2f7ac8344eec299994e16f768bd3
SHA512f851a1a7836b4654ffb587d1353a0434dd08abe8432d46ef5cf41755159125bf9bec3d257ca1b19c220756efe8a00e66897aa30300d35e97003afa201050dac8
-
Filesize
265KB
MD512c41b47da7a4aea940e9c78e3ea0602
SHA11a3a563b320f613ec08a99f1782039790e08fe5d
SHA256817bee3c20980ec3c63b413a8fba679c846728c6a47fe5241af23d9556a269a5
SHA512d4f315a757e90e77cfacf628ecb03d3856327a5b20985d70b8ce019283a1a44043a59ab129573627f701a7a9c13acde77b9e8b5207996edd64a41430edce1d10
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd