ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 06:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
Size

1.1MB
MD5

29785aa96ca68a0327cf5eba9ce4fdf3
SHA1

cdfc6d159419c7cb2c979463a9b4cb901f922a0f
SHA256

ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595
SHA512

d5a3fdec0be338dc37d85c92833293afdc63abdef7e04d16b0253b1ecef04d1e981a02d9ec3e913ebe1abc7a4316ac4eec7be06deb0f794631dda69d03dcf638
SSDEEP

24576:7qDEvCTbMWu7rQYlBQcBiT6rprG8auu2+b+HdiJUX:7TvC/MTQYxsWR7auu2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590199920813150"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4464	chrome.exe
4464	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
4464	chrome.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 4464	2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe	85
PID 2688 wrote to memory of 4464	2688	ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe	85
PID 4464 wrote to memory of 4900	4464	chrome.exe	87
PID 4464 wrote to memory of 4900	4464	chrome.exe	87
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4824	4464	chrome.exe	88
PID 4464 wrote to memory of 4624	4464	chrome.exe	89
PID 4464 wrote to memory of 4624	4464	chrome.exe	89
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90
PID 4464 wrote to memory of 1764	4464	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe
"C:\Users\Admin\AppData\Local\Temp\ef176c396e70f3e6ee5b5b18ec596ca4956340624606fad67cf99018b61c7595.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xd4,0xfc,0x100,0xd8,0x104,0x7ff87376cc40,0x7ff87376cc4c,0x7ff87376cc58
    3⤵
    PID:4900
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,4586266952073916867,9564234432963187784,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1956 /prefetch:2
    3⤵
    PID:4824
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1932,i,4586266952073916867,9564234432963187784,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2276 /prefetch:3
    3⤵
    PID:4624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,4586266952073916867,9564234432963187784,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2640 /prefetch:8
    3⤵
    PID:1764
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,4586266952073916867,9564234432963187784,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3144 /prefetch:1
    3⤵
    PID:4192
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,4586266952073916867,9564234432963187784,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3408 /prefetch:1
    3⤵
    PID:392
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,4586266952073916867,9564234432963187784,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4600 /prefetch:8
    3⤵
    PID:4992
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4864,i,4586266952073916867,9564234432963187784,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4984 /prefetch:1
    3⤵
    PID:4100
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3432,i,4586266952073916867,9564234432963187784,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:2976
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3424,i,4586266952073916867,9564234432963187784,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4932 /prefetch:1
    3⤵
    PID:1444
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5064,i,4586266952073916867,9564234432963187784,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3116 /prefetch:1
    3⤵
    PID:4156
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=208,i,4586266952073916867,9564234432963187784,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4728 /prefetch:8
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:4072
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3484,i,4586266952073916867,9564234432963187784,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3532 /prefetch:1
    3⤵
    PID:3680

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\74dbc475-4254-42da-bcd2-b977885efc20.tmp

Filesize
8KB

MD5
4cdea46cc2e1194bdd5fd7b08e740bd3

SHA1
21f9f65a2164e53e1f05517b3c3af9cc708d0694

SHA256
5506624926cb5b3ce4d331e108908ea205516edeee8e4b8dd8d0ad34a41cef86

SHA512
6721d85b4bd8234ec9a7f102d4c374996e0a4f7f8bee255c7ddba2a197e999d10d70726468722b566ca8aa4a007274e74deb3c06b795dc4a4029cbe646d4c40e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
381f25fd645cfddc3ef545459ac5c204

SHA1
891d135516a8724285c304e2c017653199555fb2

SHA256
1a6ecfc3650e916e0e8a437108c8d8f03a6e223720ae85ad0f105eb15d3eeefc

SHA512
e9359a086d356cd9c8cf8304fb683a797217fc0b760a26ecf9cc162d14af45c402994465575323b52f11e0943f233a3c6b89c0722d0e0d581c830957d1f46352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44558a6fc70b9ea33c7c3b57c7a51cb3

SHA1
9e82b73c0f8d732a17d71c9764b24b4f377edf48

SHA256
3c3f0c972cbb64952a611a8881472078ab6c2a7be3fb788533947c73f19ff4d9

SHA512
4c922e0c57e81f5a6563b227d6964c03b0a85d125f204c6bc443f31e2475168dda8c5fd29fc2e610cd5052fdc3b6b59cc4806c8031b3437251b8dde42d56cfc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
60cf53008057db3a026b5007c2c61771

SHA1
f5b9588817027e28a1ad3beeab5c20b539644f93

SHA256
a3856aed76dbdeaff994abe917e3e6cb3f75cb2a56186a25716963cc818ca7a6

SHA512
5ec2e3b3857a10410b14bae10e7240cdbc7b45b4278a004d8aaa802a9247137fce24657f2e6b50f1524d12ba92abce21f2d922cfdf636866afbfaa325e98d21f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2115ee236ca3147d900bf0e61ccb99af

SHA1
aeccde42b07997cf54c17bcac8068f0aa1c169de

SHA256
754cd532e005c88d7d276fd4f3fbf78cedb7bc1c4fc9aebccb26023d14d8088e

SHA512
ae3e7cb27be304b63a8e2c4e460b3c3495ce16d4ddd8300b2507bbb51ff3639d50c320b4ee83bcff140abaa7eb526e7cf0db82faceacaf6af36d908505e521ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d456019f1bfa5f59d92bed6a408a4153

SHA1
8e794a4d587eddaa9c0ee04f7d87def46361a930

SHA256
6f8deffa50d7217abdef36578f8767e3de3ce4ceb4014e43f5a02e4ae3e56057

SHA512
6f7bcdab9bde65d068d663ad0f4e4ce869d04ee8fc5457c7ad38da28ab96b1441e14a7e425aa99ac51e40952a24b923c5e9da695db5a195c6998f38472795791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0673174d94094bc96f03b394726a6ee8

SHA1
1c0b68f25682f00946c625536e5713400d030334

SHA256
57d80d7bfea4f427bdbd24ba8ae77fb1378229cde7e61e5f8c91b0cac80af631

SHA512
30c4222dd5170f3209b79d125affc98da76b2906eb2db00e3155dbe698f17369b9f740de42bb4100ec3bddf43b7d7af458a1399078750c53a1aaa5a9e841ad88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a1c07715f02c0850e5f8310d837a3d09

SHA1
9ad5353f8248a9edef19eb263a2ad5b1684e2739

SHA256
dfe42af01d1bd8455c73b6ee6715c9bc3dd17af721e8b0180d1422ad86ca23de

SHA512
93f3c91a5f79606f2ef43182d327144ec11b25e3ce737bb540ec43e70ddf1c81e8865edd82e3905a146ccfc9ad03c690b65603970e8d069edc740741f869af12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28def24c7a3e239031311e45cc82a6e5

SHA1
624ff5bc5f3e334243f814d276d19aea6450dd5c

SHA256
c05ea03ae500739c0f6c2d1530f8f1481c441224acb5a4102f691c4622fdddc4

SHA512
e956d650072eca89b836e081e92550567fe2eada23d60e5a9676a4dea0aae7c41762cb0124c1f42301748101665fdb8d158209512ffab1653a37710628d9595f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
cb437785246a06e5271580ffc514d3df

SHA1
d6ef556f4431f1f72fa55eafc172f0858b3e0c34

SHA256
f5d4c2fad294a88320b1f68f6f7b724f5ffb01a1062da2218b35f0fa878f29f8

SHA512
c4653cc6cf8df795ba104ab7a4e7b696da97f0eaff93d078df44da8c219a3e40f59f4fc9e83b2daddc4c00b80314d8b736760aff3e869bc548dcef3cbf396440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
e37b5065fd8cf3b79835cda7ce9c318e

SHA1
f3563e4387c9a879f4fbe16c3d0e90e234a1b52f

SHA256
f222707412ae4e97154d9881da39d54f648dff5c296521b7c85df29318828eff

SHA512
2630566dca54c60a8ded66d5c1c95aaf436444e001503901d14754ad1af3700b3aed3679dc0f43717c251c0da2f70d9dc20f2c7c0fee0333f47b2cec26daa95f

Download Submit