48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd

Analysis

max time kernel
150s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
Size

1.1MB
MD5

898588129153d037f2bffbd5b868b84e
SHA1

711ceb32086264bd1fe8c83a43c5d928b981f0d3
SHA256

48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd
SHA512

50eb161f5313414360815f8495fa550fe3b22a13dd354d5302fa217abf795695764dcf30c155d3b7cb0c08b159902e00e3c8133b79d9bf0757e19eaa8959a045
SSDEEP

24576:BqDEvCTbMWu7rQYlBQcBiT6rprG8auD2+b+HdiJUX:BTvC/MTQYxsWR7auD2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587305252807590"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{31618299-BFCA-46C3-B989-227A3DE5BAC9}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4848 chrome.exe
4848 chrome.exe
4848 chrome.exe
4848 chrome.exe
1976 chrome.exe
1976 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4848 chrome.exe
4848 chrome.exe
4848 chrome.exe
4848 chrome.exe

pid	process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
1976	chrome.exe
1976	chrome.exe

pid	process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

Processes:

48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exechrome.exe

pid	process
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4848	chrome.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4848	chrome.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe

Suspicious use of SendNotifyMessage 60 IoCs

Processes:

48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exechrome.exe

pid	process
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exechrome.exe

description	pid	process	target process
PID 4036 wrote to memory of 4848	4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe	chrome.exe
PID 4036 wrote to memory of 4848	4036	48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe	chrome.exe
PID 4848 wrote to memory of 364	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 364	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 212	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 3704	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 3704	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4360	4848	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe
"C:\Users\Admin\AppData\Local\Temp\48f0f75fa345d6e2cb64f766378210012a78add8a4560cff6eb6161077ddd9bd.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceba1ab58,0x7ffceba1ab68,0x7ffceba1ab78
3⤵
PID:364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:2
3⤵
PID:212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:8
3⤵
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2288 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:8
3⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:1
3⤵
PID:4664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:1
3⤵
PID:3372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:1
3⤵
PID:3328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3280 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:1
3⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4560 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:8
3⤵
PID:3744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:8
3⤵
- Modifies registry class
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:8
3⤵
PID:3764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5156 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:8
3⤵
PID:860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:8
3⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:8
3⤵
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:8
3⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:8
3⤵
PID:1924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:8
3⤵
- Modifies registry class
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1988,i,2750108762773361061,1926899232098897196,131072 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1976

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\25064762-8d6b-4df8-95ec-708348b8aba1.tmp
Filesize
16KB

MD5
f4cb310cf925839dee92217d2058d4e1

SHA1
8b7362a87517ebed9ad2290c34bcec437623e85f

SHA256
bb8e30e3553338f1462b70e8d4c3f34d70a803345e15da4260210fab6a09bbce

SHA512
44f00465c3bac74c5b2f0b0af49467787e6cc94c2502b943d91e73bdbdc1ce401100dc004ccc1db21385f2369a0efff3f9bb32898b665951762830c31de6a4d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
2946fcf8652d4f96fee8cd5d9525a90a

SHA1
062a6e16daed1293399894bf62acf1f3dd45db6b

SHA256
6074eaf2c02b5b009275a3af8561f620d88036012f95e2ff8a5643a984605355

SHA512
88edb30b7788a66c0a671a562bc73420cd2de893755a664e5fb18aa8efbd1d09881efe1281c9c3734530fba797fc478fdcf9931083e89e0bf7d7689d5b7fef46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
aa3d465772068a465be6ee7a871d781b

SHA1
0422fd05462350c5aa0c1baa94069ff87b0b600d

SHA256
efb7349b01f2958a3663f8e82a7ffe96188b0f9ec4c6c653a5abeeca0050b4de

SHA512
7b1fc0445ca6e4f5c51d1d1d6690b14d65cf593338b4d75744397b930784e30a0d9e4759344819ce846edd067138da3e1d6d0a58ddecf33d1a3d92be6ef03c70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
2f53f8a7db1ab2dc0f018754eac82e96

SHA1
6c79ce14789f4bba13f6c8e07ae8fad2c51d7eb6

SHA256
823cb417b5d6e50766471ac4a2c2d18927a126fa1674f401c0569e1f5aeb28c7

SHA512
70d5f0aa1fe940564bc6b11475494df47452bec002987843aa1ca7e1a1ec306d8929265bb246de6f8e9b657eab8fe6d1e272aa0f1ccd5952e07dd584377b598f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
54d971763f9c0717cbda42e33cdfb693

SHA1
1f7f6abb1e7abf5f0297c7cfd4d1da0c80e757ab

SHA256
9192fd0d18947b23039cdee3cb92206d29e0a7fa90775ab4429bdc0a0ecf2d66

SHA512
b544ad26894017ea88e1cb82e1ae92b9f6448281e7008068ad88a6f0aec6f395943dcd9ee6f0e710fb587ad8ae9f17fa186c8605b43b65ecb34b75341bfb25a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
ba092c3cd3a0145a4f2a637fc6ee5d30

SHA1
644edd2a847a812f4bb4d971626d936e9752eac7

SHA256
ed1cff384324cef3363cd52ba21b39e13d3d27b6456414be56fefd5db5841e35

SHA512
2b7f427b48121ca9a54c1bb40b0ff87ddcc1138c05491666ea191956489730b0198fe4338cf32742be33f845da93a29e12c324f9f52ad1d8e84b2cdc6c48fed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
744e0988925072d92523d64b2bc7a20f

SHA1
90e297183947cb496b87728503af71dc08fa2f2f

SHA256
0a955319c1f42bfec4a3e826928bd2d7af72cc7a99f2a78efc701824f48b8f7d

SHA512
57b93ff3778676f33a9fedf9ad8ce91e9958cffd620cd9794b3a37c293a89406a4e501106c224860f413513b5d78d6755a8c4a63e1ac37a8af270ea7978bb47c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
258KB

MD5
11f607b6ff5a49b62024b9c5fedcacad

SHA1
c60e7240b19027b7afa86d856fb8ce2d67dfb8f1

SHA256
dacaa12fb7d4e4eff3235671b2d8347eeef4a27edebe488340cea74e5e97dbc4

SHA512
38a8483c8f2210bb1d411eab95898e2a3a5fab369786481a8f9e4da36cfb0b99c60b8e10f820c2fe0929b02cfcc4fe72abe943e2b23c01813af2a051a44bcac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
131KB

MD5
894959a866b9098ac5e8aeb3d96682ad

SHA1
d159e106f2ce4c6b81350b6ac4f8e9f0fe38c076

SHA256
976b86ed774b43c948f1af2c6942e657cf1a2ab6671d1482abea6e1c4c06c2e6

SHA512
c446f0df57bd82f4d09b6860a0c4c2b5a5a1100ab48b38a77336b8ea5d6c6b317b4ea25f851b98be0e1a5de1d0e603b555d60299baefee6887a28a32f6a8bdb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
258KB

MD5
91538baa0c61625dd79156d50b8d2e55

SHA1
0a95464568893ba7aa8aac3a67ef36f86639832b

SHA256
b42a3d6e469c137982d6b8ba56ea5521adbdcd19ddf9a2dfcf8d4e3489b7fa09

SHA512
b23fc3661c72a45b6f850ca33a891a45d79ac52fb2d6ac72e0416d18192a403994f6593c7b5801385e4ee2348629a6d99d16226f84c78cf65874dd7f14690c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
96a695d172a155a96ce97350b95e7c03

SHA1
c731962b09dbe4b280238e72ebb833bd007f1c34

SHA256
3a1cd1c1c30c8c2101ebc9dc6959883aa5a6ecca57951eadebcc7322ad8d0d68

SHA512
a7479273e88025fe9c3ae3710d170960432fdcaa00094837616b0bf38055567c085e85a18ce8e36fc2dc0d852d4efa2e554cefff2197272f52b9af6a0a05698d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
94ea2ac192c6668d17baa2027b061bd2

SHA1
dd59a251d72c09b449e4819d2a4e6b269687a5aa

SHA256
a77387f7a82029293a1270deed83c9c560fe04dc8b7086ea5d94eed64e165832

SHA512
89e771bc4a704193445a54209c254c445b6e4bd5fa504730aac43577b6b848e8067fd192b830a423d7b437f130624a760f415e5d02048410fd3bcab13d2212d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d39c.TMP
Filesize
94KB

MD5
e0074b78c3a1e1daa0744c0f8a7d9d0a

SHA1
47f7c272bcc0e333ea73be359bbf402a52f37731

SHA256
a717c0b22db8ec47b01e7363a97b76a4d67fb0ec6af04dce37a233eec74df5fe

SHA512
fce7a73ab4d9df3c62a55783571261c6d27887fa6adcf805437974994969936ee33d6bf8d4434ba6a287154fc9d6073c404f1d61028aa834df4d72b8c7d78032

Download Submit
\??\pipe\crashpad_4848_IQFXXDBNRNGNOOQH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit