8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
01/05/2024, 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
Size

1.1MB
MD5

10152fd1e4cf08ebe3f539dc738d12d3
SHA1

1cab3b5c17ad91d58afe415d0b2de154a001f6c5
SHA256

8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32
SHA512

9a9145d5118091bb56e9a63291395114157ef4be7b5eb8f48e8e2a6a9ec1e61f9a876df1814fbacb6153e4b04b514409cef0b48672d2988c0a1662ad3d26840b
SSDEEP

24576:fqDEvCTbMWu7rQYlBQcBiT6rprG8aue2+b+HdiJUX:fTvC/MTQYxsWR7aue2+b+HoJU

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590378241397288"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeCreatePagefilePrivilege	2716	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
2716	chrome.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3392 wrote to memory of 2716	3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe	80
PID 3392 wrote to memory of 2716	3392	8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe	80
PID 2716 wrote to memory of 4076	2716	chrome.exe	83
PID 2716 wrote to memory of 4076	2716	chrome.exe	83
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 2388	2716	chrome.exe	84
PID 2716 wrote to memory of 3016	2716	chrome.exe	85
PID 2716 wrote to memory of 3016	2716	chrome.exe	85
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86
PID 2716 wrote to memory of 2960	2716	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe
"C:\Users\Admin\AppData\Local\Temp\8064b51a0bfc7b9894130b22a416a31f9495d26625b57d376b380505af896d32.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca1d0cc40,0x7ffca1d0cc4c,0x7ffca1d0cc58
    3⤵
    PID:4076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1752,i,13751366273368667035,7678884024751911330,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1748 /prefetch:2
    3⤵
    PID:2388
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,13751366273368667035,7678884024751911330,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1976 /prefetch:3
    3⤵
    PID:3016
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,13751366273368667035,7678884024751911330,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2344 /prefetch:8
    3⤵
    PID:2960
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2992,i,13751366273368667035,7678884024751911330,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3116 /prefetch:1
    3⤵
    PID:2108
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,13751366273368667035,7678884024751911330,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3248 /prefetch:1
    3⤵
    PID:2448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4536,i,13751366273368667035,7678884024751911330,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4528 /prefetch:8
    3⤵
    PID:4048
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4944,i,13751366273368667035,7678884024751911330,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4552 /prefetch:1
    3⤵
    PID:3336
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3256,i,13751366273368667035,7678884024751911330,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4304 /prefetch:1
    3⤵
    PID:1656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3340,i,13751366273368667035,7678884024751911330,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4832 /prefetch:1
    3⤵
    PID:240
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=872,i,13751366273368667035,7678884024751911330,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:1460
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4700,i,13751366273368667035,7678884024751911330,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4808 /prefetch:8
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:4436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3356,i,13751366273368667035,7678884024751911330,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:3356

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e5edaa8cec15c9bd763d32792ad0b0b2

SHA1
e8d0943a6f7461b4c56e4865855df221daef8781

SHA256
3af5185f86e894b49a04185a053458875ddba1fde3051d27a1617e8b876298a5

SHA512
b03c62a7cec840038cfbd14f9e65e350edc17d81bedf45c6fec49d447035e35ab258a26b0599ea36f9657b802fda6c3dd3c42449598617816c33f8ea2945ccf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f9c43266a108c072d1d1774661aa76d

SHA1
4a236a1495c6b235a4bed91daea61f405eb4a125

SHA256
1984073d16aa9871c8ce67ad6b7cfa1e8d324c61d05e849f83d43b1cac8279cf

SHA512
627be38e290ed90293e74d38899722968e609c9d82c63fbca38e75d54d273ec1cce443899b95bf326ded822e71500cccfd4ba46fca678aa4bbda74c216dad95b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0f5580510f57e90819fcd3aadd0abf2b

SHA1
dfb5c3b56900f08936c6bde06d8d71871c9c762b

SHA256
33529283184214813b723251e8aea64de33aeacd04dab8549e22fb914db4ab58

SHA512
ed885710a1ed8932e5bc7f65e14fb99a5ab9b2f917c917654abeba343e8f7ab30cd09aed603e49ae83837937c86be05ef8b7c1d333df34ca9ce4596ef024f256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1234aa1b170193c923a6c6154140b0da

SHA1
436b634b775babf178504c3cb5603bae6ff40d0d

SHA256
2cd25a4ecf209d9882ebc4c4f4a5f31ab1a334a88113e8cb6a9d1e144ced907e

SHA512
f705f9abbb482aa824b58156329397718954046d414a4590b70cc7fb23592dc855a654fecdab623d760bd33ceb20ff512bbc5ce37237ae7d4fbb31c4ef21dc15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f5e2094228f5795169529dbf96b5689

SHA1
da5e67810b8c2997209d1f83d85afcec1212ab6c

SHA256
26389e908c51ec31032a664659dd412b6f7bbdf745b1df04bad9d6c48b4e2e05

SHA512
7de67eddca58798dc1d40db1ac37b86091a9a3e6efdf0f129150f957536663cdf0bac0746c294a2e1e3d567d13b1c1acf180405a255cfceda925f6b66f278d87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0739d5f739e1f20400a3603ffe64b76d

SHA1
b7df0faf07bbf46e316934c0c1de7a21bd2eb648

SHA256
600d259a8277ca98fe88be691e0d18b62320458eddc1c5ab3342b74286733abe

SHA512
adbfa6504af01890c6866cefe4c05ffcb322fd98aeff90ef25a31e21ca5751c9e37940d4f590c5e1124e4d181644bc633cecf17069619748199415058d24553d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d988e504177c3f76e92f5b3612d6c0dc

SHA1
fb02f107bddb9d9a458ae4f1a304d02e2fc93a87

SHA256
374db092e637e6525cb0872765dd77f49f93b7296c5f1f4833080447aab32bd4

SHA512
e9fd629d06fead264c0a28214a61afc132b3e9b739746041138a74fc41b486f1c0e5419532347d7099ee7a868cef22ac06df3ba2b33441fe37715c67695a00fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
020dd913eba52fc8b5e360d1bcb0886e

SHA1
e7a2cf91b00d89ab9676f03cdc369030f3d14896

SHA256
22cd808bb59392ba62cbd7b33eb491de0932f8ad44931dd5284d83bbad7f5329

SHA512
07fde280a5ff10f162ffd76eeea130728f05ab93cbcb5bf2d91e2ede370c8829134fb25c11ba7bf2048b16cc10b5aa33970b7450a0cc47f6cdc996347a70a157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
a34c21ab4d50885f37a9662ca7aab747

SHA1
9de9cbe4689f6f32a1331ac0c72a0cfcc85e98d3

SHA256
5277e1ee977b05a55e03fbbe162e6e3cebffcf418db47712f44b4c9c6044febf

SHA512
e9426712f4ccef22cd06fa8dbaadc759f2d07c0e6415ddb7407a34d128a967d3e0dcd464feb595e888f4405b28bd0e002e6c8d9c04aa67aebceb6c375d541edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
778f46ba4fa51526ce92fe310d9238e3

SHA1
5a089a96e37c99648d40cb2e5a4557732ff79cce

SHA256
1366277343e4d1d0a8b4cd21154eddeeacbee5934ecb6d561fcd970c6f83c2ab

SHA512
65486ece3ce38552a18496c6f9ab13364aca78c46fdcb3377f949b20097f0a39afd788f5a8b47115bd9f0708160b148d83a7acb2ad17f73c069b6d515122a50a

Download Submit