4756b0df0279c72945b8458636ef48a10a120ca0c5aa888acf380bf5df5a3f13

Resubmissions

07/05/2024, 12:58

240507-p7s6zsbc57 3

30/04/2024, 13:18

30/04/2024, 12:58

30/04/2024, 12:55

29/04/2024, 12:08

Analysis

max time kernel
269s
max time network
258s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-04-29 14.08.01.png
Size

193KB
MD5

c878a00682bede49df94e06e07db447f
SHA1

3d2c0e0abdd723598b036abf7b884a2e5f643b56
SHA256

4756b0df0279c72945b8458636ef48a10a120ca0c5aa888acf380bf5df5a3f13
SHA512

b04a31e781e8e50332f01c9f648ecd3e5448488a37dfc51a69c6c34f970d00cae375bb0217cca3d0d356dcece0c84c909680275ee3cdcb7880e5d0da3cfab196
SSDEEP

6144:2fn+ThcZbvN2X0M/nbj2lEL2ZSzCwjGUZ0/l8:2P+GZjMzbj2G3eLXG

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589567541698897"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1572	chrome.exe
1572	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
672	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe
Token: SeShutdownPrivilege	1572	chrome.exe
Token: SeCreatePagefilePrivilege	1572	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe
1572	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 1876	1572	chrome.exe	90
PID 1572 wrote to memory of 1876	1572	chrome.exe	90
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 588	1572	chrome.exe	91
PID 1572 wrote to memory of 2096	1572	chrome.exe	92
PID 1572 wrote to memory of 2096	1572	chrome.exe	92
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93
PID 1572 wrote to memory of 4564	1572	chrome.exe	93

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-04-29 14.08.01.png"
1⤵
PID:240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe006fcc40,0x7ffe006fcc4c,0x7ffe006fcc58
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3704,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3196,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4684,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4680,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3316,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5092,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5300,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3396,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4504,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5412,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5060,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5188,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4536,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5252,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4584,i,6577702523565220445,7523349964393405668,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1284 /prefetch:1
  2⤵
  PID:1928

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3524

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
47ab53ca155bd5ddfdffa6547b6f18e4

SHA1
c591c60459fdbdeb0da6d32c21518d4fefd992df

SHA256
734ca54d13585819ae246af6b2aaaa4b9b1cdc378722af9ec46d10533a8c7e59

SHA512
98f93a14febb759aec91f3e33ca64f7218738c1f21be1e721a35340a82780746e5e55dd6df6368e6f584c9f44c0eeedfe39095dccfd16d3639852ceb1cc5f63f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bbb0464240764206924d59102018ae66

SHA1
5a88d70b5f0c700fa647b04cd8170e58ac240b4f

SHA256
f2c88fc8f097237ac6679cb939d4d7968e18cdbcc27cf8165d4c2928fc7eec26

SHA512
6d750bcdccda00f0806ba1f31754af31f47b94346a058bb0ac6e95740411d6aeb3952ac9e311cd588d03e53a58622f92771e2ecc3f09e17e467de578fbeae8cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
90fc999ad72b41cad7b4074df0d0b6fa

SHA1
31d43d988be9b80a68379c02926f994911cb4d4b

SHA256
091ca4ea154f1472b06101c7d6dfadbcc038bf110e00ba77cc7db515acc9356d

SHA512
5616eca8c00ad18464f82645ce7ed89e5ba8fb583575edf8f6329df6aab74e499baec96da0bd04dee96aa960da58283c498b81eac5ec6fa2ad41e615876b39dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ba0b45e0acf0dffe3fb813b37178a71

SHA1
f2fbe5c7ca809a19115beae54a80331ba769133d

SHA256
dfed1896697dfe56840d566ca08877f0bd2f97de79b524eef55f779703f0b797

SHA512
ecffa8e638048eb7443d5f03da2e09260a04a28537e3fcdf788b530b906529e46693d6763e685260441dfea737ba61adb124d0ce22a8f3faaf9223c8f96bb190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ad1d7fb4f2def1fa877f7e39cd436af

SHA1
6fbaa401740ac546e9ecb52a5fd26443d2efdcf0

SHA256
4e72d22a00da0cc93ec321c96ed6e67f9494cdc0813c0cb0b3e71f758d18a23f

SHA512
a742838bed3b6394412040f6229165ae51db61b929defdad514d519f7fddf79a3b01a878ec1af5d5dc0290e82c12b9b13512a7b266616e18cd22cabd19e3833a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a299c3a272d87925b2a73197eb9baddc

SHA1
b3eb1fa66b869672bc9054547256f019ee4fecc3

SHA256
8ab5e7476baf5535b3f83382162406f9116b09324fa89beee27b342683f305bb

SHA512
d28295c5ef91f8b2c0fe5ff3ff812353fec5423f1ff0fc181c256b91228c0b2f8922eda386213e6d49e453383be4685a496e7d501ccfde540d37e2ab1be4ca50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
994130eebb0c949a498730f4a268d0c2

SHA1
e78abeafe11d6f23ef65ce47360ba295c67b0f70

SHA256
a98b65a33185192bf6dd7d057acc70e61394fb24a167ccd281245a23ac3d5513

SHA512
50eb4836c86c5dc716d573fb37859ef54de908323ce041c37adffa13e85c4f9308dad0c664e84fd2f4b3992abac89a6a848d7e7ed4b6865b7c6c56814d382cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d1cf8541cee45250a62b85d18240146f

SHA1
84f91582d6b507740d0d88c04d1107cd01ede8b6

SHA256
dd93d4fd2dace5214750da33f28835611f4a952795a4ffa3bbeb6e26d1cbc2b9

SHA512
9dfe81d4ab17abfc16d5e2242328b22a252258a275bf514e3936820a376238530973887f9ab30c64284813c24629ff6def140e6159dc20dcbcc05eae976a3b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1157ece95f99d5f0e7ff65b10ce8679

SHA1
a2457f5cdaba70d5138e6ce0082bab6393cb50bd

SHA256
94661becec29a6bc8db2f0ef8e8d2ccfb1311ef5a36afd2478d986724a47ca07

SHA512
437d367150997446fce2f8395cc7e882555409380df861ecbf3e5c37c70b504101c4310b88ac5561b189c87f2f53737fb21bc9a18ba23177963b8c0f34cab372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4196de4a38dde9093050f53850c52ee

SHA1
487efdf0c4b7918b6f39c0cea601f501a4c994b1

SHA256
a15ce051ead4209338878bf6d908f069d220b2708d6130f90ea5fa1504499bc1

SHA512
34fc562f564d6bcbc658c7d1a41c2f8971361d4e08caf69029b004e7247401fd335352d1c8112edefe87a262bd2bb5a820b952263b58b599d5e8d6843f17204a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d46af1d5a71b74c33956dc9e79585746

SHA1
b8a264e1799840f4838fdf65778f55581ae1a5ae

SHA256
310c22a42af415435c57611c24123e06926e7ca644899b6c3c2ea6c8087a3802

SHA512
85c9f5c12711dbfedd036833ce92fa1f9d522716d9c3ad55d139458eb963e269f42817215e9d9c6aee6bd2c0958aa5df75757c4cd9fd8f085584541504b3fd7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6451a4a99921442d47b2dd8475d6393

SHA1
9117cdbc1924fdea445cf99d3c7e02a69738432a

SHA256
e73d28cf5ad0412fa3e1b74564c44056e5db25e1f1dbd24414601209527f56f7

SHA512
c52dc685aea9a6ee610423ce6b4c3c094206fa7d91387c8aed75aa9fd19a0d8c0a77501b90330c95bf6554791e692399fcfed6561ef5bc592947a43a5d158cc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d89edd427fc202789b2ea2cf59448e7c

SHA1
9da4ff2f8da77d27f3e371cdeaf1621d78c0594e

SHA256
95a529e67b48788d7023bd4685dfb914cd233c077207671c7cf45b3605071783

SHA512
1ba722fd811564c417a440a823a61abe9bcb8ba4e24b42632fbde18e2d507004612d4272e148d6f743c989b68fe40e980e7ba34ddef1cc40e4bfe87ef1fb7532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
756e5453d944d2acd86f34a22534667c

SHA1
f65950756b6026d72299541eec1add5cf6432021

SHA256
d6f4a58e4a17ac5f27b07db0e543175917740bb9db49842736f4fe81269cba61

SHA512
169559720eb8b0bd97dc7267494b0c1d9e13a822cddebc332461887f2ba8547b49498057ae7d2e64f6fbea7c2efcc8970962421f1a182f25c7e3c725562b568e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eeafc56b23cb856a027e737969b9b733

SHA1
d06df2358edb699b79bf96ce8c6430356c9c5619

SHA256
dbc6ead2be7f42fb828c5848bbef9115bc0bbb4ca8366007e5b1e3c3a86bdd3f

SHA512
a12beacc66ee2e67efb5710f548bd578612a8b9beee0151886341b65d4fcfafffe07eed3d2bbdb7a5ccccb0cfb205304ff15d6231a70e0a920690624808b5b38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e54779717139c6bcd662e1e0e672451

SHA1
5d9e1cd178a2a9215b8315ce38adf1b6366b7a78

SHA256
48bbe9fe5ee5ad44a19e0f4b5a02b4ce30b45b4f785460ea8a5da4a3934ca3d6

SHA512
dbb678ab7004b6c865681541c3cd6c32b757b9245227fe7cc92e270b23f6eae5e6d2a7c4280d0fd934183f4a5cb07f5a137135735896a76ef16d65d1532225b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
822606d858dce4758628bee212b5ee0b

SHA1
0d4f44552186dc562d0d077b34c8095121570134

SHA256
5e75c1d7e15852e0caf2bc13a14f558a0332be17b2fc7544637bbb768a750d3c

SHA512
79c877847353add0459c66deff61fab00d376d2573a5acf8730305d707b1c8045c43d879c019554d6089d3021bdef65f9a7fc70aca828d29f0937791235d268c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
804f751c14a0712c38a5b57a95fd8ec9

SHA1
0da7a5d2711f516556d8d0c88f29aa319061b964

SHA256
7dc720392d2bdd24563f9494528e333c475f57b04f9fa1856a439482a6b077ca

SHA512
f27abc09175d477ff688190d7a2527afe2a8402f0dc1a503189db0d5631df9fad4fb41b4d034fa9560fedc56c355f7c9478f7fb8fca9963ab4ff3ff43c47db84

Download Submit