Analysis
-
max time kernel
277s -
max time network
300s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
27-04-2024 15:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://mega.nz/folder/1LUUlSaB#vmI1eTZf7IoZLqwif1KrrQ
Resource
win10-20240404-en
General
-
Target
https://mega.nz/folder/1LUUlSaB#vmI1eTZf7IoZLqwif1KrrQ
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
Processes:
resource yara_rule behavioral1/memory/3896-288-0x0000000000380000-0x00000000003D6000-memory.dmp family_zgrat_v1 -
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/3896-288-0x0000000000380000-0x00000000003D6000-memory.dmp family_redline -
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload 1 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\00\00000000 family_stormkitty -
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\00\00000000 office_macro_on_action -
Drops file in Windows directory 2 IoCs
Processes:
taskmgr.exedescription ioc process File created C:\Windows\rescache\_merged\1601268389\715946058.pri taskmgr.exe File created C:\Windows\rescache\_merged\4183903823\2290032291.pri taskmgr.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587059339587332" chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings chrome.exe -
Suspicious behavior: EnumeratesProcesses 21 IoCs
Processes:
chrome.exechrome.exetaskmgr.exepid process 4748 chrome.exe 4748 chrome.exe 312 chrome.exe 312 chrome.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 4748 chrome.exe 4748 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe Token: SeShutdownPrivilege 4748 chrome.exe Token: SeCreatePagefilePrivilege 4748 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exetaskmgr.exepid process 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
chrome.exetaskmgr.exepid process 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 4748 chrome.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe 2868 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4748 wrote to memory of 4640 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 4640 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 928 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 520 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 520 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe PID 4748 wrote to memory of 3604 4748 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/folder/1LUUlSaB#vmI1eTZf7IoZLqwif1KrrQ1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbc4c59758,0x7ffbc4c59768,0x7ffbc4c597782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1688 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4856 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5048 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3681⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\VENOMRAT 6.0.3 CRACKED + HVNC + STEALER & GRABBER + SOURCE CODE\VENOMRAT 6.0.3 CRACKED + HVNC + STEALER & GRABBER + SOURCE CODE\crack.exe"C:\Users\Admin\Downloads\VENOMRAT 6.0.3 CRACKED + HVNC + STEALER & GRABBER + SOURCE CODE\VENOMRAT 6.0.3 CRACKED + HVNC + STEALER & GRABBER + SOURCE CODE\crack.exe"1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020Filesize
21KB
MD5b1dfa46eee24480e9211c9ef246bbb93
SHA180437c519fac962873a5768f958c1c350766da15
SHA256fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398
SHA51244aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022Filesize
36KB
MD5f90ac636cd679507433ab8e543c25de5
SHA13a8fe361c68f13c01b09453b8b359722df659b84
SHA2565b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce
SHA5127641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023Filesize
17KB
MD5950eca48e414acbe2c3b5d046dcb8521
SHA11731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA51227e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD529ed06eb0a51f6f0f4514778c40357db
SHA1eea3295ee330dfe960b93fe846cf8fc9b64fb6a3
SHA256da251c74c715b224fe24e1c72e0fe1d7f13201519197b291ef7c56b4e21d25f5
SHA5122e5c1037464356bee3a3e2d2eef1a42044cc710f6f7342c418836a0b4a1f1f31f7fdc1086c487b995cda466617668f947deebeb9028b2d34e61b00e5de1eb411
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\00\00000000Filesize
268.7MB
MD53cee3a39b06278794ea9c4acba28bc33
SHA15e2a82f5021448547287d4e7b451c78dd5839522
SHA25671f47f3e3b6fd8ef95dfc98e8fcb391b8716269e35a8bb21c511ee3dc2ab8e03
SHA512a7e9b5cf634029317263ba94e5732e8c1ba2e06b3516b13f345b8331d8f732a70f4afbef25af404dd56f4b8950d21b6734d175f33e608d67fac83bc2c169e279
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5560d227ad153f5e444cf4921afa0aeb5
SHA1c278d7c6175b022e6a3b127feb4ca574a3e972b4
SHA256e4e624715f3a2e5813fcab373866aea7aa3cdde5159a504bafaddb050fd3165a
SHA51283fc2e4cf2858da6a5e7afd5632e4211f6ba237b3ab6a56ef96cffb3e5337c765b3fd1cb2b85c42ecb11a40dc8c652c08995fea2cedfbde3140e7d56448e8f54
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
538B
MD55df4b8a2b3dd1934480347e3ad5ec77d
SHA1c71f1be2d60451e53f04210d2f8dd089f37e9b24
SHA256b8eff4c17f1ee7d65ab213bddf9829680aced346dba2d5d72eaca6afbcfaabc4
SHA512bd735c1423fc1e1ebe6c108e3b15283752b7c77dbe373feb7ea9273c0061fa16358f9c18f1689776dbc73bfa3150ef8a3b02850906495714066f2b34b4b02b42
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD5945479d7752bb3fc33415fac1a38fc71
SHA1ee62f9616b88d70a9611d4c880335fc27b5c4959
SHA256159a90ff1fc7b105e03f9cab976df861bbbc348686ffb2d9a70a245f763bbbaf
SHA5127966f3c9ac6ca7d3102046926bf331e2607e94c3eeeaccd63878fce1340fb2d6a66dac1256c23d1eee2343a35ca0aa13b6bf740fc44609e04483a59a7ffe2a4a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD54ca5d1e83c22b04de27a58499b98f48c
SHA14116b889c3717a85d17e44fc476be7cf5456cdb9
SHA2564b5b84ff9f978694c814129c0433b9ba36e36534e2cb8908dfb39a6fa2068406
SHA512e5008872968c7e056a7dff9671e21661328c6ea7d9b59d7cf3f2160f2ba6f904c8beb3a08c04ce35bcaf737a2269ed05f7068927ebfb374024af38e0c9ac9ca2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD59107462f1f5b53ebb2a2b7271f8c6ac3
SHA140b5601185626db29c8685305f8306fc0db13fc0
SHA25677aca96ed54eac4803255374d7f6a54452bf07391777eb8d7e72faef3d6a7232
SHA5129445abbc5c05fc5b4c2abd7923abcabaab175f767ebf08bd86b76d88f450562c2c47da7fd43cfc8d4623d99769feca11aa69334f488452283c01952d4c9f634e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD5de076a29805e4092645ac05f3cedf73b
SHA1e6faedb200e8546db1ed02ef08eb1d50fa908eff
SHA2562e02032a085bb31bb91628da5d1fb58a73841358c3bac75ecd03db9ee861ab90
SHA512e092c1d5f55481bee3f2a7f355fe751bf0601ec97888bfd889523b4bcefd2229c10ab797d66e62f93692a4623121b9cb31ec5d414ad493e69d1da54210c8287d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD5cf1b84511898ce7d2a295e222b26104e
SHA1986cb5d60ae73701dcb28400e75ce476335e04f1
SHA256de509281b9244a113d7506efb79132fc60910e30747fceff3440c7b8f8c921cd
SHA51260fd0cf75ffaaea0b64813de3d86ba187989a60aaf4554153b5a795c72d0f2f881f1f3dad06983cbf308e8f4ac6fb295caf7c0d33a1bc2fd416e77ce2b3ce3d5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c95b.TMPFilesize
48B
MD5f51dcedbd7832068d807f51c05f482d9
SHA16f90d557a9c56079788599fa0ba226ffe0d6f6dc
SHA2567e0934f0441bc6d1db56b04a11ba95fc91ddb6b7b6e32de071e971d611b91aee
SHA5123b59dc919f88b48e940b3653e5f16686874ff2e4e6fc4defef143bf0543e87e7e2cc5b1cc87e862cc859e44ff10b993a83cbfe78096387d046d7acc746d81fc1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD59a0a34d6f84d81d70f44035b7d943c1b
SHA182f50fe447ea254df076fa7a5077845bb6aa44ae
SHA25635d192ea3042d48a99dd1a88a8d3ca882d0727f52d2374042a7517de2f3009fc
SHA51270ea2106fbbc080fcdced4af5e2aeababdb09e31ef4521a58eb2b33c127dc3789bacf698c26a36d1ede039c6d548ed2755d110fff6047398179f6b91609de76a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
136KB
MD5998cbf3224ba0cb64a7913fc40c4e4e7
SHA1822a46b49453b75d328b1406d7497cc2eff8da98
SHA256937b0db9fdc37d4211d3787d3945579e4ce15e3e4222dbb75ed1e9f18f048976
SHA512fc3135c905f25b179136eb2298bea00f237478e4fb9e9c26f0f8ce905ee2e1b3766b82c9d929b4c31442b9deba0214e116d249526aa4f12ede93379f280a59a8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
109KB
MD5ed647a4e531057cbc00e68b3fe7375b4
SHA1eeefb8b698b1271ca28d3555e9cbae4028ee4258
SHA256945e07f73ffb17072ca85ab9f5f35d2975183db6dbcacf86b4b63a601540040d
SHA5120a5d2b6eb544790a96102a886b484602d6f56f0f370f24c3d87844bd32086eadbbb0383483d9de6c81e864241176d3b9d43016a7f1bdf42bf07d459f54dc8d1f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
105KB
MD5a9088bcfa5527d5609662cca1b75ea55
SHA1fac5d9e3f76c4dbc5f80d4f060bf2e09e628189f
SHA256305d74698869edc659eab6ab44789e1761d9274837fdf2d599c1fe701688aab5
SHA51253355a978b8635dce84d92a4d2556eaaecd8bebef2f98638afd1f9c8f52f9bb6a47ed128f2a18e32e503900c2e84482f3fc3b41ed66915d16878ba1bd525acea
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5869f0.TMPFilesize
98KB
MD51c40f8d84b9b6e6bf5c63ad79a1ff715
SHA1252cf1a18958bdaf84f019267a6c07b7e07effbb
SHA2562d7b289769f38805173280ee3447c94f3f41bf32360b619b16f0170061d55661
SHA5121e40bc5985ef33a39beda23e4f417501b7f2be4ca338578fc349798f68bc328b60590945ee74970f818b21d5438326bec6f3febd22e909689e9b490c17ef39af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1Filesize
264KB
MD5344ac309c18b6815f24c0596a0b4597e
SHA1a01223d2b465d7c741f9b3fd9243ea8a58d27a40
SHA256dd88b9adce13e8e980626f6f6256ae7d610a5a107e3489e8391cc464b18b4d8f
SHA512d70d23952e794e588fa4c144e27d816889934356c3a8590e0b3c101e63a67f8a3d76d3d5f281e506cb68ee033b44966476c8ed215fffce4d747db2f96730aefa
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
\??\pipe\crashpad_4748_KYGUKEBVNEJXZUSYMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/3896-292-0x0000000005370000-0x0000000005976000-memory.dmpFilesize
6.0MB
-
memory/3896-295-0x0000000004C90000-0x0000000004CCE000-memory.dmpFilesize
248KB
-
memory/3896-296-0x0000000004CF0000-0x0000000004D3B000-memory.dmpFilesize
300KB
-
memory/3896-294-0x0000000004E70000-0x0000000004F7A000-memory.dmpFilesize
1.0MB
-
memory/3896-293-0x0000000004C30000-0x0000000004C42000-memory.dmpFilesize
72KB
-
memory/3896-288-0x0000000000380000-0x00000000003D6000-memory.dmpFilesize
344KB