badf7be152d16ad7fc2e87e5834e3e9be4357dc2e9743866ecc8672f3b18576e

max time kernel
132s
max time network
127s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
28/04/2024, 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

code.js
Size

4KB
MD5

a0958eec5d861c11e857b83f1a6f7701
SHA1

fc9803b3dde18a1467af040266d5e02c5f798ada
SHA256

badf7be152d16ad7fc2e87e5834e3e9be4357dc2e9743866ecc8672f3b18576e
SHA512

55af1f39a75d8c41a3993c8afcbd52565eb6ffbd6997d8093000700d931e6dd647dbcb6bfaabda766ea64a9a37e6bf092df46cbb16ffe1e02291fd0624f12fa4
SSDEEP

48:Eyu9yvCnwdZd8ZaiSOxj8WmJrT0fMuyHD0KQxgeqYk93GkUs++5ZLUIZL5RKS7d:3uMCnwjpiFmJrTHD0KQ41U7IZLr7d

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588228085513141"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
836	msedge.exe
836	msedge.exe
2488	msedge.exe
2488	msedge.exe
3056	identity_helper.exe
3056	identity_helper.exe
4740	chrome.exe
4740	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
836	msedge.exe
836	msedge.exe
4740	chrome.exe
836	msedge.exe
4740	chrome.exe

Suspicious use of AdjustPrivilegeToken 52 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe
Token: SeShutdownPrivilege	4740	chrome.exe
Token: SeCreatePagefilePrivilege	4740	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 3988	836	msedge.exe	84
PID 836 wrote to memory of 3988	836	msedge.exe	84
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1456	836	msedge.exe	85
PID 836 wrote to memory of 1076	836	msedge.exe	86
PID 836 wrote to memory of 1076	836	msedge.exe	86
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87
PID 836 wrote to memory of 4216	836	msedge.exe	87

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\code.js
1⤵
PID:4276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ffe9a963cb8,0x7ffe9a963cc8,0x7ffe9a963cd8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,5285171155826946930,8429828562273114831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe989dcc40,0x7ffe989dcc4c,0x7ffe989dcc58
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,13790565650014679336,5398152701772877781,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1720,i,13790565650014679336,5398152701772877781,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1996 /prefetch:3
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,13790565650014679336,5398152701772877781,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,13790565650014679336,5398152701772877781,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,13790565650014679336,5398152701772877781,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3088,i,13790565650014679336,5398152701772877781,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4704,i,13790565650014679336,5398152701772877781,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4572,i,13790565650014679336,5398152701772877781,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4588,i,13790565650014679336,5398152701772877781,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3116,i,13790565650014679336,5398152701772877781,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3724,i,13790565650014679336,5398152701772877781,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4432

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5076

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f8b2a752b377b8cd211c8ba94f28859c

SHA1
3d138f4a79a2a3f489c1f444c1e307e23ac96d40

SHA256
75e5e1b6eff248e1e67ba499e9384c8ccbad773aa90c9b2dea3fed9bca3dd74b

SHA512
235e6dbcee2cccc631211d468e7a76f1eb241410cc8b68b4cb453b7087bfde36a92b3586b2bffdff07e3ec319090bae6600cbeb260766befca741e9c2751ab4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dcf729678b3088afe353a0f2e738cfbc

SHA1
e6af9814c2bd04e692c860cb69246317a8c89493

SHA256
09ff58f07cd1b2d763d3e6cba8179cc8d3a0ab208d32b310a75275a35d2b4aa0

SHA512
e48d7f631329cf242d234e6b2ef569f6b8b2ddd1768468360662832e32f4098bc35ce783a5eb8673cb89ebc7f43432db49fd48bf9ab5126191e3f2a406f41b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9edf10b0a68c0e5c5e6a1bd59a4bf203

SHA1
a338951a0f801762741df7a07a67947b5a738c1a

SHA256
6bae4dd7c7aaeaab8bc568ce7a55924865f517de06410910599871c5bc5379d8

SHA512
ff794953520e0c60d940056eb60399484a82ccfc6eac9a0a1b4be386a168a6c4585568c49b4f6b27365c8bde55e6122636c4ca542bfa93e8cefce6c5b2878712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
121b43ba94b36d94ba05614147196009

SHA1
b0bbae7622a4d6427b5e91cd8db0b01646c8962c

SHA256
9a255cd4ff9df5728fe7caaddca802955d0c8b91b31d719e15ab0f585e637ca4

SHA512
24a50610a449fab885c7d99a3b25c2d3c393ce78fb0104a37a24ed27c72c27948a299a748557c8f7eb655fd1ce4ec970e1dd77bb888443b2fd9408ed798bd2d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a85ad170d758e61ae5648c9402be224

SHA1
e6dfce354b5e9719bc4b28a24bb8241fc433e16f

SHA256
af0da8b5ad8127ae0ef7773bc9c4b145ed3fe7fbef4c48278649e1e3aa5ce617

SHA512
641414d91c993f74b6b71654522359d606c7f94ac0fcca6478d1bc33c30f4a9fdb9ce6f8e281c79a2f9b9670fda8a4ccdd80e7d64347c1f66d8c9ef024bcb09b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
22cececc69be16a1c696b62b4e66f90e

SHA1
b20b7f87f8bc64c1008b06a6528fc9c9da449c2f

SHA256
d940b85bc83f69e8370a801951eb6b8bb97efbb3aa427664105db76e44707258

SHA512
2b2e548f2c8f84d321ef2afdf31128065c3593b884ca8111b05800960b5378b99c7efa6165d02fba4c11e6e4b49b14e419d89f76d55ef574f4ac2b7d6ecb3d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bfdb1a1d66b675d6f6fa2b742312de1b

SHA1
726cfa9a7be976ce3b8a546b067b0b5dc29a1be4

SHA256
8501d34d9d2cbe4283775e746c9b9ca3858a57137186abdcd5c22c0433d3247d

SHA512
c00ae914e34bc40db0c84f4d1f770925b5067509f959bcba1f41a922ddcaf057cdfd6f4b9baf6b93617ef9df928ce67299b544df71908e74e93335a37dfdb5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
49503e50f342e1dae282c3ee56b0b0a4

SHA1
1f19c36f4db1bc23efc33e110f0db2d78a864c41

SHA256
997a4ac76335ff2108e3b1df0d71fd6aec2040826eb3a8cfac50b8d81c9ba38f

SHA512
36214e088ad6edf85bad89237fe273e4715c57724ddc96276b8c467d16e31f61aea54f9ad78bba09503a485f3132eb55f8ee1628596c3830c1719bccab0f7c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
53e116be2a52c4d480c0300555167d95

SHA1
dfa229a266d4e1aade604dbd84ca081421312580

SHA256
39f4b50a3c09c951657b4997dea9afcf79204fad01f5c0601c168d37b6d6f934

SHA512
601a77cfd4e40eab9b987c33cbe9c0b2a2fedf8390d1313746acb3a11062a00f29a6ebc884a47437561ec9b29d5da712ff3cdf7638b96a132a1586d18465bdae

Download Submit