fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f

Analysis

max time kernel
150s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
28-04-2024 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
Size

1.1MB
MD5

2829f56ca8dc2fe1f85811d65be7ee6f
SHA1

40242445695178ea79232329cb8e85334d154a5b
SHA256

fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f
SHA512

9a3ea4aa52a7af894b75d0c00f0aa2f69028dcf537fa4d9d5ce88067b619b22ba273065ad7b7ed54bc2d76dac330ec651034501d15c9fccd6befa9696a2533c1
SSDEEP

24576:cqDEvCTbMWu7rQYlBQcBiT6rprG8auj2+b+HdiJUX:cTvC/MTQYxsWR7auj2+b+HoJU

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587976405243422"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2904	chrome.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2904	2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe	80
PID 2140 wrote to memory of 2904	2140	fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe	80
PID 2904 wrote to memory of 4640	2904	chrome.exe	83
PID 2904 wrote to memory of 4640	2904	chrome.exe	83
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3020	2904	chrome.exe	84
PID 2904 wrote to memory of 3016	2904	chrome.exe	85
PID 2904 wrote to memory of 3016	2904	chrome.exe	85
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86
PID 2904 wrote to memory of 4248	2904	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe
"C:\Users\Admin\AppData\Local\Temp\fed877f46e01b09d4c760d1c34794c8c52163fb1075f618ac7428deab5e7d49f.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95e0bcc40,0x7ff95e0bcc4c,0x7ff95e0bcc58
    3⤵
    PID:4640
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,13525629678432527222,335804277994565366,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1876 /prefetch:2
    3⤵
    PID:3020
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,13525629678432527222,335804277994565366,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2052 /prefetch:3
    3⤵
    PID:3016
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,13525629678432527222,335804277994565366,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2344 /prefetch:8
    3⤵
    PID:4248
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,13525629678432527222,335804277994565366,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3100 /prefetch:1
    3⤵
    PID:4352
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,13525629678432527222,335804277994565366,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3148 /prefetch:1
    3⤵
    PID:664
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,13525629678432527222,335804277994565366,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4408 /prefetch:8
    3⤵
    PID:1524
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4380,i,13525629678432527222,335804277994565366,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4376 /prefetch:1
    3⤵
    PID:4888
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3272,i,13525629678432527222,335804277994565366,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3120 /prefetch:1
    3⤵
    PID:2884
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3264,i,13525629678432527222,335804277994565366,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4760 /prefetch:1
    3⤵
    PID:3736
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4812,i,13525629678432527222,335804277994565366,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3672 /prefetch:1
    3⤵
    PID:4656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4724,i,13525629678432527222,335804277994565366,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4968 /prefetch:8
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:5024
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4784,i,13525629678432527222,335804277994565366,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4788 /prefetch:1
    3⤵
    PID:2336

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e5b520195ea90a583120a187905e3d39

SHA1
5d5dbec0027245e114866dc62d06c63ca7e1f79e

SHA256
3c8cc3fbadfb157060ab2b9ac838376ac28aad05b24f9f8bcb19540d54f30b84

SHA512
c22277cce6072da969c76ea65cdc9ae54bb750dd68156fe5d563285dc099490a5fa57e6ab442dee5f2a9f6afd2cdb8179097266e205d809dc8e269982f5019d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c3c50ddf91cc50d62b2b6b3bc9093d76

SHA1
605a76959442592851268bc2a522d930524bc990

SHA256
874e3f5bfd7b0b380f0d4e05da9b06003486b6a780ffc6b4428b8604a630bc9b

SHA512
276ccd97262dc322c10bb62ae81003b697f6d294400c79eb836a28b3a361c4d52abc2532ec2fd66fbc2465cca113de5c02835a57cfeecfa50312548e73091a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1eb629a6b9f673c2dd4ec0c30cef6fdc

SHA1
ead11028419b092d9796084e1c0ee9037932246b

SHA256
4670fe2c9932c755f5d0c9a7e7074443be6b8edfbde7c57c797cf4c19ddc30a7

SHA512
3e52feb84ed0c39a4d2f2c4a191ef15d52a6e7322faf319aa641963edf2cd6bb0d22802d8c1d8406bcd65914ad9c34f08bb1b5fcb9fb5ca57d89c787a9b67ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df8f62de64c84141b67631486454dfbc

SHA1
ce6b367b09b308ee7405f2654af8bccb14b0e4e8

SHA256
7143d8c3a83111fe6ae7f2510b4ffb85893f97c2d183653dc272df32a68c69cd

SHA512
6a1fd66f25c0c65d7404baeef6e66874e298d4ad7d40182d22d83304fd591c4e452a3b9f1a7513c825243ab873cc707db1daf6a3e30b40b5aa96a8634467c09b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6aa8ef348ba184eec413760b39e15271

SHA1
24a096ec8eb2e380287958b3e910ca3978eb67cc

SHA256
00831aa82b759173b3d2bad6b81f31aca035c3ddfd1d7e732c5e0e6ad74341fd

SHA512
ccb7688d0b9091964b1e8375806ea84841a4f486b23f1ca012feeae54adfe2e93ec9e684ccc792064244a6640e2c918dfec52d29c1dc0a3aeb06c6f8f63f9855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
376666ff51074e883b5c9eb7a3ac0770

SHA1
0779d6661e808f5c5f451e06be057e6c93f8f396

SHA256
6dfe5b284311578307032a0906d11990b38f10673b93509d4e86264e4b69816a

SHA512
3a725eb810f6bc5341ea2a4c0dff5796a598747d6f4c5a5e2695145790c6bb8ccd6f102d28fbb6ea69cb83c37cdc5dd9b2147e7f8a8a117050175fa5052202d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c8ac88740b98b17290d7f5668d0c5a0

SHA1
7cad5902a724fc739fc0418cd85f088ee601199b

SHA256
ca667cc12fa1bb559c76f4a4f60cb9a12d6e820ad0a636b1c7bdad642f0518d1

SHA512
3a00db7ea2ce897479a23d3da367598cc9cbbfeea84f84bd4693aa137a0c3eea25551f7b27100ffcdae8ef55f64251e34ecf2545dd5858a6c180f9c1935dc96f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8f33e35f45ee0cb9690fd6e561bb6abc

SHA1
3ae019fe6006e6229c37682efd943517b449769e

SHA256
ac1e318b9dfd1d90582c5751823f1f9b9bbbf8cb81ba76cfc7815cb9effaae2f

SHA512
bc07d96d41c425e1ce9740c80a972f1363917d0a6b38ba59fdce2f1b041256ecf93e5e6d6ea44fb20b38d9adaa73acc9a0b4705da53db882c8b561f1b8c99742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5db8134c6ef516b45af22983e1a91f42

SHA1
65691bd69fce3037d2d9c982907a853e0c935a6e

SHA256
302c9d5f5f48d46400a47ae415a01f5d7d30d63489623e4c1be53757c3968c34

SHA512
71d164cd5e59f43a55e625d6aade0afcbc0356d234e03d92da70158078400d89282debc83bdc1d6fd629497a1fdb3d554e023a8925f3a916f59362251556d602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2bf046d92e9fba0e6e68040dc4a8f4a

SHA1
c03e724717ce934dc43bc8134ba5d44e42147c0b

SHA256
3faed38a283223b15fb4dcea0991ed3562ff7ad4c0563e7d444e276f4f3dbc9d

SHA512
752a89aa4324afc69a8473a4d12bb5b65e075acb3f6a5449c293b6339878323fa4a5b36fe5dbb3f6794d6aeee09e06213fef1ca9b585a66ca609a942607ab4fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
3f4156c6d82023e66563d6999c01cd65

SHA1
b9784da970703dbd820e7ad424f32fcb50b8d7e3

SHA256
5e3e6051fc5ca160b9464c7f06f516bcf7fa29cffb8724b218556c5e89a5f022

SHA512
a67da3a7aadffb9e7bc5642994d4c875a20c07910a8b3b7402ae2c2b68b8adfb60fbcfa96e835cabb93f1f510a83b3c6c514468460d1962d50bee925b5daea9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
bbe11dc950519f7f19a732856764d593

SHA1
7854f2bcb4c0ca1c9dea26de2347e9e871fd24a0

SHA256
3cd9ebaacbc6688bad1f87d10ed8ce2ae1ccde3b0b20cfa98240b8d5253178ad

SHA512
c75335fdfac7f5629eb8a6229363be1fc291755c189112bcf6a5489ffeb1b4f34d9a3d1be01be1d0bedd8c24ca1a8fd2d04360929a05bb17b2594437bdccde42

Download Submit