Analysis
-
max time kernel
214s -
max time network
214s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
28-04-2024 14:29
Behavioral task
behavioral1
Sample
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/builder.exe
Resource
win10v2004-20240419-en
General
-
Target
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/builder.exe
-
Size
469KB
-
MD5
c2bc344f6dde0573ea9acdfb6698bf4c
-
SHA1
d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
-
SHA256
a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
-
SHA512
d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0
-
SSDEEP
12288:CzVXpdg/1MB94JD7RfaVT1hG98P67PNV3giFH6J1VjR3L6dpbQrQyEpInmwuRUfB:CzxjgdRpBq1hG98P67PNV3giFH6J1Vjn
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587883224543977" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2916 chrome.exe 2916 chrome.exe 5024 chrome.exe 5024 chrome.exe 5024 chrome.exe 5024 chrome.exe -
Suspicious behavior: LoadsDriver 6 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 660 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
pid Process 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe Token: SeShutdownPrivilege 2916 chrome.exe Token: SeCreatePagefilePrivilege 2916 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe 2916 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2916 wrote to memory of 5096 2916 chrome.exe 102 PID 2916 wrote to memory of 5096 2916 chrome.exe 102 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 2928 2916 chrome.exe 103 PID 2916 wrote to memory of 4192 2916 chrome.exe 104 PID 2916 wrote to memory of 4192 2916 chrome.exe 104 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105 PID 2916 wrote to memory of 2168 2916 chrome.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe"C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe"1⤵PID:1624
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb37f6cc40,0x7ffb37f6cc4c,0x7ffb37f6cc582⤵PID:5096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1828 /prefetch:22⤵PID:2928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2240 /prefetch:32⤵PID:4192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2256 /prefetch:82⤵PID:2168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:3284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3312,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:3436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3752,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4612 /prefetch:12⤵PID:4132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4924,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4160 /prefetch:82⤵PID:1908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4040,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4792 /prefetch:12⤵PID:728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4844,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:3296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5144,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5156 /prefetch:12⤵PID:3720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5152,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4392,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:4804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3672,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5448 /prefetch:12⤵PID:4676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3296,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:5108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5512,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3268,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4656 /prefetch:12⤵PID:1536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=240,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4048 /prefetch:12⤵PID:3776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4488,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4584 /prefetch:12⤵PID:2160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3288,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5224,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:1160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3256,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:2116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3212,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:1332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5508,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:4884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4556,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4060 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:5024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4520,i,9061370758608342725,10831042453266389222,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:1872
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:4128
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2828
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD52eb613228bbcd202e59e6194d6116bf1
SHA1fc965f2060540027277c7a9cabf67d05572ffea6
SHA2568e69bcca1aaf9ee99eb7a23a2f005a6a0b04e0d71c72b3f5460c11646c4d8392
SHA51295078334df69eb23f7b99a2873a23dc0fe02840068b09540d1710128678d6fff42c64ce741afb7ef8e30df61cbf4ddecc36d0405fce32a41c100042cb3ca0419
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD54bac518ae8035e50da75119fbea02b79
SHA1c154263325e121253f3df0192d4c372b92a40441
SHA256927ca4f54e3082898838a8378d52038b9312c5fc1c5e3e726810766006860095
SHA5121d8b969615c2b14628993918643ea50eb2158642007c55719f630210bd17985616a1faafda7dd839a3edb177cf88c312e3361c0fb6fcf0c1805166f7826213fe
-
Filesize
8KB
MD536bc5f34f63848f7c2abcb65cc225c7a
SHA1536e72e96d2133100f0c8882682e48220906139d
SHA256c5badb82e151605cd01a6c5dae5be31f658bc69cce276d9dd4dcb0a22d43b39a
SHA512b9cc5c5848c84ce27a4879a81bed6db8a250d4efb6f8c99a8d24b2935150ac4144329e11ed16346e297db185f5399fe6900aa21f61b142d3b7302bc771188c04
-
Filesize
9KB
MD59120aac582eea5c0fcefa0de150b0f2b
SHA1ba9b0f156d791cafb4ab39aac5c93b8d51d94b05
SHA25620b250e7618db4a3f8c4338b8220f0a6e98e49ac0180d66336fdbe412e2ac13a
SHA512f9743f1e837da49b61e4efbf7fad51199289d4c56b364d85e25b6154bed3ec6220595d3ccbe72157a2630bc5d2ca9ab11536ed92b465cf68e22ebfe65117959a
-
Filesize
9KB
MD5199da7b84711563c18510814a79527ad
SHA1dd21f0af18a1dc08f6b53e703bd81f4114121fe9
SHA256ddc64ab74c473e604337507fab6629688496ffd6cb62507b315f7b95a542a002
SHA512bc4a3200550d2e2230b41c8139442f575f517ebe3be55e43fce9b4283b1dd2b623f7b909818005f592a65800f9b265ae24c9241192b7c3d504e06d9e45118df6
-
Filesize
9KB
MD51d107c5cde74edde6f533a796c272b7c
SHA18323bec9bf15d7b3fb674e0617d940c1fa41bf4b
SHA2564be43c0e78634684ff774ecaa7d2c23d8aba40c120160d4fe68924a2e6af9fea
SHA5120c0da29c2e873098dfc58ef8e654830678477fb0682dbaa088e7816d76ef7a5071202d0334ea2a3085b7a6fca5c1fea2e4fef686c340a56ba1f56d59c73b350a
-
Filesize
9KB
MD5d1221acd6c8c2d16732d2c38c6371c39
SHA17bdbf1c5adbe6a96f5c6b05771a245b61c77f078
SHA25651d220a9b4e4f5a976d27a9c8af84d0a8d4bd62c242359fe5f5aef0b9c68a1cb
SHA512c4f52f7bcee2bce22cb97e1618038e3986f8bebceb9ca3af3d12b61ef3643c694acd518cb76a50729483c2bd610c1555f4b63a86e5b6dbd1bc7fdefe50352871
-
Filesize
9KB
MD55c317dd13c185a78fd17af0afc626549
SHA19c8ef747bf37e015a1c4b78fcf5b29da945f066e
SHA256d64895f1fb5313b7a184918e54303b0767af9b2c9a46b0850ed925fb3daf18cf
SHA51234dd3de526b8ec680128de912118e8be7d8284dcb69c1bcddb21ef9d1a736a4e0b696ee3cc2ca932dd30552084a5fe5b7ad903f7c876e15a3243300b09102783
-
Filesize
9KB
MD58f03329152285872a044f24848956c1d
SHA13bb94eecc7da26ce5ad95b29b1c18473812bfcbb
SHA25647fc11a45f9279cd80654cbabd878fd7087bdea173b8ff6812ae3af64a55a0d0
SHA51240768087e774f20595679e766690e8f5266dc6f5bad8e9947cec999c3797909129dfea084cb13c9fbf1563c5634e3126fd76fa8b9f14d288a524e0694205c1de
-
Filesize
77KB
MD5f52b6de1fc333c58ff7088b0fd8a0796
SHA10798d93031d8dc792d83879902ae3218368a5cd8
SHA256dc6a793ad945699dcb7af7af0c65717a311390529a6413a27307fe59e94e464e
SHA512e463d7503e16542ce1672120c0c2fd066ac0eea587b4d50194344744dedf0f40ca135c3c5e5e71518dec389e898593b11d3c7ed0e9b3167fd49bef059e46e8d2
-
Filesize
77KB
MD5f47cac93117f1ffe1bd2b6b05c3130ff
SHA12b0f3e389bea756707d3635570b7e2b8e9aa068b
SHA256fceb3887cdb0c14b74525c1cd125917ffbd6e13c93b98dd1452a37db94c657b3
SHA512ba437e888c5cdd93532001bc5e275fa94243b698f5dab41f6c0e0a02723c51bdc425eeb5adbafe31d9c0f943b6d9510a1db1af481e5d34e45d54944f511cb722
-
Filesize
77KB
MD56ad94f0020db4379f2978c5bac4de5c0
SHA10b4e2f514e05bb7bf0f82765fa16874089f0a9e0
SHA256a0699dc864f687862c8be33fd608bebbaffeb4408524c47ab7179b9808d7c82f
SHA51265ccfdaafc41fbefb9f13b2064e630470590467d5a97f2e7d2fcb56ec94f950fe5e18505905a9a31d6a8341fe09d3fbc7e9d060b0f506886d27db8312f36b534