653eaa58999ff72cd9e858a9661c87b049fc66172d20fc9ae0f1e3b1e2af694b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fluxus V7.exe
Size

3.9MB
MD5

aa5d196260f56a93d7a9ddf32d202112
SHA1

4abe547da7e38e9facb98523e4795a71af6b4600
SHA256

653eaa58999ff72cd9e858a9661c87b049fc66172d20fc9ae0f1e3b1e2af694b
SHA512

7cf76918a4d04c628cc4e7b3a7f2674c03b97104e98b98ab8407d2e12521e48dc61438d982cfdc9763deaa1b915e4432a972274dd6ac381a5a58f08e1ffd55d5
SSDEEP

49152:XgLIR9JyCns59qfuce05XlWycazyClY1YH8PnGpv80tbvvqVUcZ:XgLIRfyC7egWJa3lY1U82kmvvoUc

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587959517171201"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
1380	Fluxus V7.exe
1380	Fluxus V7.exe
4252	msedge.exe
4252	msedge.exe
5460	chrome.exe
5460	chrome.exe
5460	chrome.exe
5460	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1380	Fluxus V7.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 4624	3328	chrome.exe	90
PID 3328 wrote to memory of 4624	3328	chrome.exe	90
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 4020	3328	chrome.exe	91
PID 3328 wrote to memory of 1636	3328	chrome.exe	92
PID 3328 wrote to memory of 1636	3328	chrome.exe	92
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93
PID 3328 wrote to memory of 4644	3328	chrome.exe	93

C:\Users\Admin\AppData\Local\Temp\Fluxus V7.exe
"C:\Users\Admin\AppData\Local\Temp\Fluxus V7.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbd459cc40,0x7ffbd459cc4c,0x7ffbd459cc58
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5092,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4516,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5160,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5268,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3392,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5420,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3472,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3152,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5464,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3164,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4952,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5384,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4560,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5588,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4764,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5660,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5600,i,2944384391520172152,16198953740666426367,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5460

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2820

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\6e9ec2be7e3446a697bc1a6a9ec7de80 /t 4796 /p 1380
1⤵
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault051cfa2bh4020h43e0h97ffha6a15ef05ef5
1⤵
PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbd4a946f8,0x7ffbd4a94708,0x7ffbd4a94718
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5569027327722742328,5077861837266726513,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5569027327722742328,5077861837266726513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,5569027327722742328,5077861837266726513,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:5612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5568

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2b785a26-8e96-4644-afd5-f623be2db789.tmp

Filesize
77KB

MD5
77c5f8ea2f78bdc0423ddeea039baa50

SHA1
ee53d6215fa92b012c2baddbd6679d439a17a107

SHA256
2b3581c4fce79e31d92684fc6a28207db7a9b76c4ca6acf2c32671445eaabcf3

SHA512
820c27d6bb10a3c6d31689f76e580a0e19d51dfa191b152c8b2ec1e163d8bcd80d33eca6086eb34fab93249a9e4ec150e53f8ada4eaddb41745909492bc9abb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e0c5ec0466db0f48fcbc2b470679f1d8

SHA1
929c033dedf6e0d1abfeed4a25c7a2aebcc378f5

SHA256
6f52447ea53159b53940852409f7e2e16bb87f4dca4710161adf9d3b9acb2459

SHA512
bc86c213bdb937cd06fad41761015ab10935e91a5b2d780a9d785260385cf1c42ee64528c639f4c223463be0ef87d3da0610de626c3d2e45b679b7153e37cbd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7c9e6fb2c553da12ce7e04b8e4d143b

SHA1
61c0bec2acaf57d5297f3fcbfd9601a881873be4

SHA256
cdf382061668d391804ca62e7beef601541bddb1211ba8e1b8a7e42ce4f2aa8b

SHA512
4f8b8854b0355e4856a5f6e9732e3188ecc51bdd68057a0d8f999f04c7cdfd7e3c873fb2595fd5f1d4fdcd3cd78a3b8e640669626ad72dc5bda1d69b6af4b96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2cb12a3b2c132c462fd457580e765330

SHA1
bf18cf7bc57475d3dd8748d204e9838669248a6c

SHA256
67773908b5f7e046534c4659155109ec5b92763fc3f70f38c6ac61e337386990

SHA512
804746fce2a61fa5067d151d0137c989cae4c82d0bc44e6671cee6ca8b4d046d8dd2c90a63a6cb68f6c2eda460a539880b024b2d6c023440d6fe2e61b9c4b48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd084a4a47fffd68b09ec956786d30d5

SHA1
7b15c67674e403b0ec83e12c562edad01621f7bf

SHA256
5b33aadc32290d0b8928ea0af713255374f357be97ed45597755391d5ebc4c6b

SHA512
2fd2fa573bb87cfceb8476effd452bd880a98aeb53f0fc31355d2261e9a72c3be798a60026d01846733bb339c3e8b7a04ee23936f6044a50703ddfbf400fa01c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
148e0683bc5246d84f160f400cf50390

SHA1
cd14c8b60ed59ecb2764f58af342e27545409cda

SHA256
c219a3c2f9e4ff704af18aceccf5b987d16c74b45cb62afcb86de6f54619a9a1

SHA512
b0075e3fc30cb090e7a24d4d3ccbc989b13fd523ab6cc80e85ac55e77d4712c0ab9cf119e457a95049e4bc5956a569b8bbda7b9d046d791a08c72366157ac2a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9f9c65ccea50900f092d424fc153b48

SHA1
629581f6d071000d3eb38d4d3f4f63ff759ab821

SHA256
eb615418cb74f0ef46bea46601dd08351a15cd3f6aa97a76f91101ef618d64af

SHA512
970bc6f8af9c7f0a4830a9224d563242f435165c618eff3dc182c70f0c3d5e8120448ecffa2dbdea6ea49ee8a31e3a6892a4e81dfd9cd4e5c264f81b1f0194a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2dcb3541fcba657d313e2bfffe5951f

SHA1
f6172347c4876b9ecbf8a727095c214c74281d33

SHA256
0fb621aa78f3a699a58717b7a60f0a8e03354349d788d3f9d2a31921eedb45a3

SHA512
186f523ebdf6b52162a46894d80ba4aded38644dd281e6faaa6a80ccde5dd82df47b6ea33e2f883a8e47e8a32b872050782858f19d827bddb0ce1e72d1e3540a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26b90e00001cc55ccd3341b482edab33

SHA1
7807b7fb8d86d7bdeb5c60b2832d6a6200d94de0

SHA256
176cb7a333fb03bbf583fd31a9eacb9e27c516cd0bbea668ea5786dc0a1a9908

SHA512
1b8ffdaa792f97e310d8d4825f77653df1d20469caf85aeeeb9dd47ba79cb0aa832aaf0cb9cc70f04bffdaffd9195ee31ae92a1aefd118d748db43fe9fa97418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6176a9135afe0a4983bb7c212a92d0a8

SHA1
9c4e08a40611401b351854523d39f0af7688d976

SHA256
fd9d351e032fc183cc78cf38bae14a3b012c925b02919713cb5a2f47f9e5e7d4

SHA512
78d4d13a9ad3a8277f21d2feda158e810acef36d683fab924943f70a5c5c94998bd398eba2e86f956d10662535ac8603334ecdbae47a44f7319a93a0e8e8bb98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98a852ca23fefa68733d8325650cf574

SHA1
872800699d734c04956b0a26c9df5c330308a298

SHA256
21335b740ad8c25ad1c83d570b3e123bf6a95f2db181d7ae0279dbc2abcab51d

SHA512
33a45986c0e02762c292ba62c346ff77926cefad1bf70d202ae9fe5d36bea8cb593fd83f9ddb3a49d30de9e8b8aaf52665161ef48efc54238feba505fb0d50f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
e929dd0ebe735e86f2f8331acb619556

SHA1
e9c6d68a30411450652b5c5ff5e3e60dbbed6a24

SHA256
1d88ae0df03705778b8bb1db5c67a140c694ea6adb60795ef202b37e45c7876b

SHA512
3569f35fa90320463d8a10928a10a4674339cfbfb6a84c070e216d75d2811716d75a46ed801cdec24ab24a45f024651dac8bb03f31a0c20904a16ee54353f207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c714e5ed5334380512abc7a7b76f4b2b

SHA1
84a441f7cf8f7be581fd4647f7a9e330a3045bf3

SHA256
8f626edadf7f8fd2a872e8a3034314ece7afce4cc78f4a545254fb3d0ce35af6

SHA512
d93b7c8a20373ee319bcdc1cfa7d86b0cbe8f1d93c9f9e89f4652cbb8515fa19394e182653b686af7ce11385eef0b715f4f80be42b36f1d82f5962c3fde7ee80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
1c8773266f92ed08e352cec1dcc636cb

SHA1
8f8dc8c2c796ffcccbda308ed7677e59c64f59f0

SHA256
13c0bffc0455fef6ce348755295ac3a34c3b6c389281082546931c22caacc4b1

SHA512
cffd44eb9186cbeb6ea1b151dd74cd034f1687120b63aeb3a73bd1931507bd6faad2dcb48d4928fa3f599ede2bdec942e03f95821f449ac4bf04bda8b631aff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zcwmgfj4.dfs.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1380-56-0x00000000FFC10000-0x00000000FFC20000-memory.dmp

Filesize
64KB

Download
memory/1380-46-0x000000000BBA0000-0x000000000C21A000-memory.dmp

Filesize
6.5MB

Download
memory/1380-49-0x000000000B660000-0x000000000B6C6000-memory.dmp

Filesize
408KB

Download
memory/1380-50-0x000000000B570000-0x000000000B58E000-memory.dmp

Filesize
120KB

Download
memory/1380-51-0x000000000B720000-0x000000000B76A000-memory.dmp

Filesize
296KB

Download
memory/1380-52-0x000000000C220000-0x000000000C574000-memory.dmp

Filesize
3.3MB

Download
memory/1380-53-0x000000000C580000-0x000000000C5E6000-memory.dmp

Filesize
408KB

Download
memory/1380-54-0x000000000C5F0000-0x000000000C612000-memory.dmp

Filesize
136KB

Download
memory/1380-55-0x000000000C7B0000-0x000000000C7FC000-memory.dmp

Filesize
304KB

Download
memory/1380-47-0x000000000B5C0000-0x000000000B656000-memory.dmp

Filesize
600KB

Download
memory/1380-66-0x000000000E020000-0x000000000E03E000-memory.dmp

Filesize
120KB

Download
memory/1380-67-0x000000000E040000-0x000000000E0E3000-memory.dmp

Filesize
652KB

Download
memory/1380-68-0x000000000E170000-0x000000000E17A000-memory.dmp

Filesize
40KB

Download
memory/1380-69-0x000000000E420000-0x000000000E431000-memory.dmp

Filesize
68KB

Download
memory/1380-71-0x000000000E440000-0x000000000E44E000-memory.dmp

Filesize
56KB

Download
memory/1380-72-0x000000000E460000-0x000000000E474000-memory.dmp

Filesize
80KB

Download
memory/1380-73-0x000000000E4A0000-0x000000000E4BA000-memory.dmp

Filesize
104KB

Download
memory/1380-74-0x000000000E4C0000-0x000000000E4C8000-memory.dmp

Filesize
32KB

Download
memory/1380-76-0x000000000C830000-0x000000000C838000-memory.dmp

Filesize
32KB

Download
memory/1380-48-0x000000000B520000-0x000000000B542000-memory.dmp

Filesize
136KB

Download
memory/1380-82-0x00000000748E0000-0x0000000075090000-memory.dmp

Filesize
7.7MB

Download
memory/1380-93-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/1380-94-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/1380-95-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/1380-105-0x00000000748E0000-0x0000000075090000-memory.dmp

Filesize
7.7MB

Download
memory/1380-45-0x000000000AE80000-0x000000000AEB6000-memory.dmp

Filesize
216KB

Download
memory/1380-44-0x000000000AE20000-0x000000000AE3A000-memory.dmp

Filesize
104KB

Download
memory/1380-10-0x000000000AEF0000-0x000000000B518000-memory.dmp

Filesize
6.2MB

Download
memory/1380-9-0x0000000005D30000-0x0000000005D3E000-memory.dmp

Filesize
56KB

Download
memory/1380-8-0x0000000005D60000-0x0000000005D98000-memory.dmp

Filesize
224KB

Download
memory/1380-6-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/1380-7-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/1380-5-0x0000000009B70000-0x0000000009B78000-memory.dmp

Filesize
32KB

Download
memory/1380-4-0x0000000005200000-0x0000000005292000-memory.dmp

Filesize
584KB

Download
memory/1380-3-0x0000000005710000-0x0000000005CB4000-memory.dmp

Filesize
5.6MB

Download
memory/1380-2-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/1380-1-0x00000000748E0000-0x0000000075090000-memory.dmp

Filesize
7.7MB

Download
memory/1380-0-0x0000000000140000-0x0000000000534000-memory.dmp

Filesize
4.0MB

Download