4b4d5673b94b4265836247a57b146413100698ed5c79a9f93409abec7c5d9c68

Resubmissions

25-04-2024 18:13

240425-wt9p5sdc51 10

25-04-2024 18:08

240425-wqze1add38 10

25-04-2024 18:05

240425-wpcjvadc2t 8

Analysis

max time kernel
104s
max time network
128s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
25-04-2024 18:05

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-25T18:07:47Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win10-20240404-en/instance_25-dirty.qcow2\"}"

Report Analysis Logs

General

Target

sample.html
Size

19KB
MD5

39a49a0f8ac6c6c2532c8e0fb619314f
SHA1

f58325cf2a9a92031697915b0759630699872fd5
SHA256

4b4d5673b94b4265836247a57b146413100698ed5c79a9f93409abec7c5d9c68
SHA512

2069d523e9777c62d5f463364f9d851969e714801b146434a0e2dbe95060715ffce7fd301632bbe93fd8eb1e9ed5aae74813f4c7cd1694238ba9e382e7411f93
SSDEEP

384:rLyv/u9KDpmReVoOs4Mi9ylKeGMxU8HhhbJnQ7xZS2LjFrSX+NVJCBXQL:rLytBVoOs4MmyI1M1BhbFuPFrSsJQQL

Score

8^/10

evasion persistence ransomware

Malware Config

Signatures

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

000.exe

pid process

4856 000.exe

pid	process
4856	000.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

000.exe

description	ioc	process
File opened (read-only)	\??\A:	000.exe
File opened (read-only)	\??\B:	000.exe
File opened (read-only)	\??\J:	000.exe
File opened (read-only)	\??\O:	000.exe
File opened (read-only)	\??\W:	000.exe
File opened (read-only)	\??\X:	000.exe
File opened (read-only)	\??\G:	000.exe
File opened (read-only)	\??\L:	000.exe
File opened (read-only)	\??\M:	000.exe
File opened (read-only)	\??\P:	000.exe
File opened (read-only)	\??\R:	000.exe
File opened (read-only)	\??\V:	000.exe
File opened (read-only)	\??\U:	000.exe
File opened (read-only)	\??\Y:	000.exe
File opened (read-only)	\??\E:	000.exe
File opened (read-only)	\??\K:	000.exe
File opened (read-only)	\??\N:	000.exe
File opened (read-only)	\??\Q:	000.exe
File opened (read-only)	\??\S:	000.exe
File opened (read-only)	\??\T:	000.exe
File opened (read-only)	\??\H:	000.exe
File opened (read-only)	\??\I:	000.exe
File opened (read-only)	\??\Z:	000.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

90 raw.githubusercontent.com
91 raw.githubusercontent.com

flow	ioc
90	raw.githubusercontent.com
91	raw.githubusercontent.com

Modifies WinLogon 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

000.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0"	000.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs
ransomware

Defacement
T1491

Modify Registry
T1112

Processes:

000.exe

description ioc process

Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\Desktop\Wallpaper 000.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\Desktop\Wallpaper	000.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

2312 taskkill.exe
3892 taskkill.exe

pid	process
2312	taskkill.exe
3892	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585419466035580"	chrome.exe

Modifies registry class 1 IoCs

Processes:

000.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	000.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2176 chrome.exe
2176 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

2176 chrome.exe
2176 chrome.exe
2176 chrome.exe
2176 chrome.exe
2176 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

000.exe

pid process

4856 000.exe
4856 000.exe

pid	process
4856	000.exe
4856	000.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2176 wrote to memory of 4516	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 4516	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 940	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 1176	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 1176	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 3096	2176	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcca029758,0x7ffcca029768,0x7ffcca029778
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:2
2⤵
PID:940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:8
2⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1672 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:8
2⤵
PID:3096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:1
2⤵
PID:4216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:1
2⤵
PID:548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3784 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:8
2⤵
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:8
2⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4200 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:1
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:8
2⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=688 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:1
2⤵
PID:2400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3260 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:1
2⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:8
2⤵
PID:4388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:8
2⤵
PID:1304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5520 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:8
2⤵
PID:388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5488 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:8
2⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:8
2⤵
PID:944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4248 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:8
2⤵
PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5100 --field-trial-handle=1832,i,5007990547828782056,7401123193085456987,131072 /prefetch:8
2⤵
PID:5068

C:\Users\Admin\Downloads\000.exe
"C:\Users\Admin\Downloads\000.exe"
2⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies WinLogon
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4856

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
3⤵
PID:4504

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
4⤵
- Kills process with taskkill
PID:3892

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
4⤵
- Kills process with taskkill
PID:2312

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' set FullName='UR NEXT'
4⤵
PID:4008

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' rename 'UR NEXT'
4⤵
PID:2416

C:\Windows\SysWOW64\shutdown.exe
shutdown /f /r /t 0
4⤵
PID:4720

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4544

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3aed855 /state1:0x41c64e6d
1⤵
PID:2460

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Defacement

T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\475a90db-bdbc-4062-a727-1f2b571f5b1a.tmp
Filesize
93KB

MD5
88f2182f18ca4a81b6cc2e9d9264c2c1

SHA1
3c852356579939dfcb4bad3a2d6f58a7303a9ee0

SHA256
ab625c845488d9a50804ca14c6816a323f2ed1ae49fa335563fc98861ba8d19b

SHA512
f75285ab97418ca36b3d7aef46dbb8920a22569cfd329db0a1f92d60eec7c65e9582740d9697ba8127e8aab6ad6882a45d6717124396905c181eb85e5f388605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
2KB

MD5
e0d3679d4d7cce92d9934713f1719149

SHA1
fdec1d46bbd7810d8328dbbc8674f6c862b812ac

SHA256
9316cd32542287f43570a9c55b380a6cb67999910645b04fc2ecb0333dc7e327

SHA512
0ecccac14002efc22754017e2f7a1ac27c530d07c7a7bd8e98ee9af2f3347033c1d6dc9e4ea0740f4868f69f3bc0486cec08c12b5f60e8545b2c700d020f695c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
cc1c2930a55d2b59539c2f65b5e8146f

SHA1
1e4bfc1d57c08542a06965988fa5ff533bda35b7

SHA256
2bf3484c1c99543bda2e0f90f2f78016a20442e2d638c37c26a640a005a92ef3

SHA512
e1b3aaafd87407a7d139d85ac7f3cd62fc46fe37ae10181de84c71f12f63e95d778d36f45cacd0eba0757ca0becf0daed40d29ca27bdb5eb9647e47b0e05cacb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
b0fe1a7990fbd67955f218bce0c2b66c

SHA1
bb400838a18a2766cc3cc84854f381b66d716605

SHA256
060d575641b4ce681ec6ad8014814b69d372e5bbd1afc791cd6b6d7bf37abfc6

SHA512
5a4ea980456d85d81bcd52e0c359edc3e3c866912300a9dc3f84d9ee148bee4ea491d0096f92e52dc2d4328ce550791bac0356364e2928c33ca3434c70ac6269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a80186985f3be3a6e9413d617e3ad7c7

SHA1
55a4a7f4143ce1c648d383f8190bff35732a9454

SHA256
d966ecb9b265e145e610fcbd7ec146015c3a3d14e75233dc5b399d48458a405c

SHA512
4fb7331e6b3cbd65b504f78dd32b213dcbc40b93a89255756989facb5116acdc8f56aca7d3ed429865431450191b9b08f29abf0ab0e55da38edf5fb02ae20c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
efe9bc8e1b5e9bbea8b263b80a5d521d

SHA1
a3e15e93c2ef629de88142d06d169aea31a981f9

SHA256
658d0a0866a503240e6c8f129daf1c75306486bc98b84e3b19f614167fb5b48e

SHA512
0accb3ea6b2bbc18bc177be03edc8a22f8949e6eb1fe64ed43380433e009eed68d20702f4fedd0af97725999bcec479ba57df46d76f824d2a978bcc612e7075f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6c1b721a835fa2821c2d825cdd945e14

SHA1
f45ac20db783dcdde3fbd3980b936506303d544b

SHA256
b175d19b44c692e6b3fee370d48ad82a474420a83c095e7f01e1d823c72b5704

SHA512
0b983b74c3a432ba166bd69761872331c68ecce5b6cbb423526767a56cc50031e1f3c5d7f5c2e3f22fd856188e9552d281205c55b9387e15d76b47de626adadb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
6b771574c361ac36427183555c9e726b

SHA1
793475b6b135f8908c23d0636a0a90fb056a9784

SHA256
61f22c239da775b0fcd6418b835640c8922a65fbd34f1691effdc31038236ab3

SHA512
3f1d11b8ea36fe6aece9a2c9d946407480d98af148e341d9eb1035ae05d578c15c29dc693bd973dd670e86d7e49bbb0d153f91c11d4f201f11f5736a8c087964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
1edf86e247ef457a4325fbc57fdea2a5

SHA1
bb021277a207387418cd743a753b1991f9827c86

SHA256
b1860796c9fee80a8a670e3ff4fb424c5551280d33e74604de06852b74e3d6a7

SHA512
341929e8024b10ff98d8b6cebd42818cce38d69dbdd7fcb4d68d6d67d7a109db454c3d1b5c555f96af438d78a84073f5f4a8800c4aaadcc330f43aa5ac76c930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
0e24adf9c5e9693db61773895efc66f9

SHA1
9a8e7a1c4c8963d07ffee985fb9955d73fdb0428

SHA256
f73b2393d994d65d317ae4be763409df2678b568fa2f19b79987005b22e59ebc

SHA512
1b429f4a64544b1471a1ff36a0b1d39c4c9b440135e48f3489144bdf704c8646209d41c6dc56a5d14257b4d4595921d772f4869abd07eb03cfbc187848c3f096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
06e382b885ee09c9a0d97a68d1a9ce3b

SHA1
f9c9a58310ebee1fc67e88904315d6a2fcdf735d

SHA256
2310a057ff9bc4599e33996120151087651b75fe496e129792d6882482bc513b

SHA512
21b36127dc8cd6707bb37a43ce69637b560d183f1ac8d006db94544e0248689753594c878545f25fd8b59a95eb1cf95730b30af0a219a1f9ba68501a053e8240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
f9b170abb2d362a5f4d0b89eab1342e4

SHA1
df0378df7030c8e356cd51990fa74a5d4d4ce25c

SHA256
d1152dcaa77fc21584f5cb136589b8aeee457f2f9250cbff87f843adcb4bb657

SHA512
9bacc0232d5a39ea488710e603b34f431f76ff2a07ce5d3b111535088aa7c70b6f153ae356e2b5622eecae8010bfe66265f787be19cbb76fcc43315b2ae015f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ddf419d16d80726677037b95798aaec6

SHA1
bf06a2377100dfef23e204751beb3f6965c878b0

SHA256
20eba6a92b27a9f9790df8727178d0443c1b70849aadae068426ac7bd617d532

SHA512
4dc0c8544fbf793a50fcc2d212891647b2c1436e097362fa4b24f946addaf2b146e1369206bddeb75975fe86a6b4ad7f004e92af3d698d1703475f99167eda51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8e9ed8bdd5f6c2df508a689f4a78d082

SHA1
310e841c6c490c2155f80b3294e5b9f9516871bf

SHA256
fff50bb1001d88cd3dc3717e5b66783311c36be5adada11c194fd3e47fc39552

SHA512
762612566f63af9ebf52bc5eae890c0e2b49fbe62f7b3727922934615a251bcd0f6d1d74f12dd64607b5208e40c7f2eab7f6cc488faa0b99cc7c4547e6528780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6b9f9c4b91e52f2c3ddb512e52b669b6

SHA1
14065a6a08733a39bd9cd42e115cef0a24dd4736

SHA256
acde1eeb760965f3bd1367f3d666f533921602758be969caddaa63b73edaa1ea

SHA512
02793feed4fbefa95731b5cc678326cb1a34f348bf97e452b4e6c5054f05c588c395442c68071e020877618ab4cde8c03299838e83dc69880f317a1681e5b802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a8206b7c16b2be1f027dbc1c3f160321

SHA1
a084b3864ca0d58a22079e2e4e7a0bfc5eb1e5d5

SHA256
50cb3484d9226bfc830ee1cb7a3c3775eb9dac6110442348dc6b03edd5256308

SHA512
edc3273eddb9a8b43cf607611e5db5285417929ab1206729eb5c802decf7c771dbfec4eaa1b639af2d60a4ca2897d17628470c13e96cffe8d44447947733881d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58d57b.TMP
Filesize
120B

MD5
276aa38f15fc54f46c440cc663d686da

SHA1
0646982950bf040ab09398839a4db3fbec65cc9c

SHA256
5254b96d995cc193adaf86fcae4fdc29fa8aa6f6b1274aa63612362230a1c41d

SHA512
c8ccc10400cabf59ee5208b2b4e3ef7e0a49f41beda65112e53750712b21b9c2460646c7850e84f16acd21e7f75f5fa5e21cb864b9fc9532ec085258ce96662f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
0fc170d6b5602084e29a5107130df95d

SHA1
a8aaadc124c0507db2f2d1604f89b851199bd5c5

SHA256
3359ad580f5aaba128087d175ecc856b15634829a89dc86ce356b2eac6ca58ad

SHA512
1fba9205fa006e209b0b2012036b92aad2a9ac77ce8784662631e11ba1ae37e60e057def617d03a8b73a47d7ad7d14bac5b985ba0030a4150017bddd9e9ca3ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
9cdf058b690e6b430510c6d201af8412

SHA1
fcc6587a68b6fdb21da66350de3fee8f77b346fd

SHA256
6b0f0254f7f56f7809995efaf6d554b46ea39ea3880dd543ffc10a8c06aed426

SHA512
289e1c95d9be6232e827ce00252839d2ac8e9fe82423224dad87294a312fb5dfa4783019c031db7778dcfc79f430b1494f37ff38450b8cdf1ffb84b8741e7193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
111KB

MD5
77278b6929968c562d47c291177dec9c

SHA1
0448f2581fc127a1d8247495c27234a8826c58f6

SHA256
f3206fbefe5e06b6175d16f3d88b76a14ec50451686890a7269fe4640a803d00

SHA512
957b2d0335dd3be66c4d9313405c258bb2b96d498ba3478bc72f65ff9bcfd3ec7bd224d9bc4d463e31d3b97a7a307d1e4a152936396390f018607c5f2bd73c38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584ac0.TMP
Filesize
91KB

MD5
dbd174abf1ddb9be56bfbfca17094e64

SHA1
cf11f9136a9b3724d6d407add099f617f6b0f891

SHA256
c2438bc0b9723c183864817a90f341818a99a1e5f1c852c4cb79d36c4be6fe3d

SHA512
7f8be74f2f90902b0c11827eb95d35f1d96f97cab1e81fc87b2f2dd223a901e2987d51dfdf8f92bd4e913e64376dfb86833534492876a46166eb2a998bc8607e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c957037c-3bc7-42a8-a973-a0689baca11e.tmp
Filesize
98KB

MD5
5696999fc8365ab013e5d0572c0424dd

SHA1
5958e33f2335a3303e4c8a64d02fe37084414c56

SHA256
c0f651366c7095314f0db871a851bde6d0d6d1be75080a63f1481b3c2b72ae2a

SHA512
d52f819b2f6a0aec46d7025e08e57939b1f9372a814556de7a7b228637f702567a149e6b7e0edfde4502fcf4014cdfe6f9bdbf1f61e37d2057a3e5c3c5b5c736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
Filesize
384KB

MD5
fa2c27ef2a7c07a1f37a3f2c21010968

SHA1
eecfa84540f9a0c5bf0953a9c47ef26561a20fb7

SHA256
a22e410b3507c12089447a610633ff961c261cba8d8228f5070b2ca5ada433c2

SHA512
dd190083dc32e8073dc9b99b59bc522cd1ac16d14aa2eaa95af4889070bfe2971a7e87aa6b501e32110074c7e6a972533aa73d5a1f32ffb11d76f53bcf2c44a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\one.rtf
Filesize
403B

MD5
6fbd6ce25307749d6e0a66ebbc0264e7

SHA1
faee71e2eac4c03b96aabecde91336a6510fff60

SHA256
e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690

SHA512
35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

Download Submit
C:\Users\Admin\AppData\Local\Temp\rniw.exe
Filesize
76KB

MD5
9232120b6ff11d48a90069b25aa30abc

SHA1
97bb45f4076083fca037eee15d001fd284e53e47

SHA256
70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

SHA512
b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

Download Submit
C:\Users\Admin\AppData\Local\Temp\text.txt
Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\AppData\Local\Temp\v.mp4
Filesize
81KB

MD5
d2774b188ab5dde3e2df5033a676a0b4

SHA1
6e8f668cba211f1c3303e4947676f2fc9e4a1bcc

SHA256
95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443

SHA512
3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

Download Submit
C:\Users\Admin\AppData\Local\Temp\windl.bat
Filesize
771B

MD5
a9401e260d9856d1134692759d636e92

SHA1
4141d3c60173741e14f36dfe41588bb2716d2867

SHA256
b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

SHA512
5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 203031.crdownload
Filesize
6.7MB

MD5
d5671758956b39e048680b6a8275e96a

SHA1
33c341130bf9c93311001a6284692c86fec200ef

SHA256
4a900b344ef765a66f98cf39ac06273d565ca0f5d19f7ea4ca183786155d4a47

SHA512
972e89ed8b7b4d75df0a05c53e71fb5c29edaa173d7289656676b9d2a1ed439be1687beddc6fb1fbf068868c3da9c3d2deb03b55e5ab5e7968858b5efc49fbe7

Download Submit
\??\pipe\crashpad_2176_ZWDVINXXSTMQAXBF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4856-481-0x0000000005F50000-0x0000000005F60000-memory.dmp

Filesize
64KB

Download
memory/4856-513-0x000000000C580000-0x000000000C590000-memory.dmp

Filesize
64KB

Download
memory/4856-514-0x000000000D650000-0x000000000D660000-memory.dmp

Filesize
64KB

Download
memory/4856-515-0x000000000D650000-0x000000000D660000-memory.dmp

Filesize
64KB

Download
memory/4856-516-0x000000000C580000-0x000000000C590000-memory.dmp

Filesize
64KB

Download
memory/4856-517-0x000000000C580000-0x000000000C590000-memory.dmp

Filesize
64KB

Download
memory/4856-519-0x000000000D650000-0x000000000D660000-memory.dmp

Filesize
64KB

Download
memory/4856-520-0x000000000D650000-0x000000000D660000-memory.dmp

Filesize
64KB

Download
memory/4856-521-0x000000000C580000-0x000000000C590000-memory.dmp

Filesize
64KB

Download
memory/4856-506-0x000000000C580000-0x000000000C590000-memory.dmp

Filesize
64KB

Download
memory/4856-509-0x000000000C580000-0x000000000C590000-memory.dmp

Filesize
64KB

Download
memory/4856-508-0x000000000C580000-0x000000000C590000-memory.dmp

Filesize
64KB

Download
memory/4856-504-0x000000000C580000-0x000000000C590000-memory.dmp

Filesize
64KB

Download
memory/4856-492-0x000000000C590000-0x000000000C5C8000-memory.dmp

Filesize
224KB

Download
memory/4856-473-0x0000000006460000-0x000000000695E000-memory.dmp

Filesize
5.0MB

Download
memory/4856-472-0x0000000005F50000-0x0000000005F60000-memory.dmp

Filesize
64KB

Download
memory/4856-470-0x0000000000E90000-0x000000000153E000-memory.dmp

Filesize
6.7MB

Download
memory/4856-1382-0x0000000073610000-0x0000000073CFE000-memory.dmp

Filesize
6.9MB

Download
memory/4856-1385-0x0000000005F50000-0x0000000005F60000-memory.dmp

Filesize
64KB

Download
memory/4856-471-0x0000000073610000-0x0000000073CFE000-memory.dmp

Filesize
6.9MB

Download
memory/4856-1406-0x0000000073610000-0x0000000073CFE000-memory.dmp

Filesize
6.9MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads