Analysis
-
max time kernel
77s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-05-2024 09:49
Static task
static1
General
-
Target
notmyfault.exe
-
Size
299KB
-
MD5
833d5bbdf80d17a384e9b27798ea4d6c
-
SHA1
4ab55a97e76fd2cdb55ed305c984d87e9a06b1b1
-
SHA256
41ddb886060471d702693cbff1e7aa73c8ada5b29d9ee313de9972ab663a100d
-
SHA512
ae0011fd58b09f752d2c1a926b8740780798cd17b2704adb666826d8334e07208ceaac661122c8d7ac82178f3f39aee2ac2724776e96dfd3ee526d9e98a82ec8
-
SSDEEP
6144:whvkHmbGp7MCvRDlfJHbwZCjO0fNg1iyk:whMGbGlR5Pm1i/
Malware Config
Signatures
-
Drops file in Drivers directory 10 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\drivers\myfault.sys notmyfault.exe File opened for modification C:\Windows\SysWOW64\drivers\myfault.sys notmyfault.exe File opened for modification C:\Windows\SysWOW64\drivers\myfault.sys notmyfault.exe File created C:\Windows\SysWOW64\drivers\myfault.sys notmyfault.exe File opened for modification C:\Windows\SysWOW64\drivers\myfault.sys notmyfault.exe File created C:\Windows\SysWOW64\drivers\myfault.sys notmyfault.exe File created C:\Windows\SysWOW64\drivers\myfault.sys notmyfault.exe File created C:\Windows\SysWOW64\drivers\myfault.sys notmyfault.exe File opened for modification C:\Windows\system32\drivers\myfault.sys notmyfault64.exe File created C:\Windows\system32\drivers\myfault.sys notmyfault64.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3060 chrome.exe 3060 chrome.exe -
Suspicious behavior: LoadsDriver 15 IoCs
pid Process 484 Process not Found 484 Process not Found 484 Process not Found 484 Process not Found 484 Process not Found 484 Process not Found 484 Process not Found 484 Process not Found 484 Process not Found 484 Process not Found 484 Process not Found 484 Process not Found 484 Process not Found 484 Process not Found 484 Process not Found -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe Token: SeShutdownPrivilege 3060 chrome.exe -
Suspicious use of FindShellTrayWindow 42 IoCs
pid Process 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe 3060 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3060 wrote to memory of 2944 3060 chrome.exe 29 PID 3060 wrote to memory of 2944 3060 chrome.exe 29 PID 3060 wrote to memory of 2944 3060 chrome.exe 29 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2504 3060 chrome.exe 31 PID 3060 wrote to memory of 2628 3060 chrome.exe 32 PID 3060 wrote to memory of 2628 3060 chrome.exe 32 PID 3060 wrote to memory of 2628 3060 chrome.exe 32 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33 PID 3060 wrote to memory of 2576 3060 chrome.exe 33
Processes
-
C:\Users\Admin\AppData\Local\Temp\notmyfault.exe"C:\Users\Admin\AppData\Local\Temp\notmyfault.exe"1⤵
- Drops file in Drivers directory
PID:2904
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3060 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7059758,0x7fef7059768,0x7fef70597782⤵PID:2944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:22⤵PID:2504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1396 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:82⤵PID:2628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1480 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:82⤵PID:2576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2216 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:3028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2224 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1736 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:22⤵PID:2080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3212 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3476 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:82⤵PID:588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:82⤵PID:3020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:82⤵PID:2176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3580 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2584 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:1628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2600 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:82⤵PID:2784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3744 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3804 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:2208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2212 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:2836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3936 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:82⤵PID:544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:82⤵PID:848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3740 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:2340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3368 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:1796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3720 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:82⤵PID:1572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4188 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:82⤵PID:2432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1456 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:2808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2468 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:1528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4212 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:2984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3740 --field-trial-handle=1468,i,16346910446423535129,13600329418681871318,131072 /prefetch:12⤵PID:3012
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1672
-
C:\Users\Admin\AppData\Local\Temp\Temp1_NotMyFault.zip\notmyfault.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_NotMyFault.zip\notmyfault.exe"1⤵
- Drops file in Drivers directory
PID:892
-
C:\Users\Admin\Downloads\NotMyFault\notmyfault.exe"C:\Users\Admin\Downloads\NotMyFault\notmyfault.exe"1⤵
- Drops file in Drivers directory
PID:1808
-
C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe"C:\Users\Admin\Downloads\NotMyFault\notmyfaultc64.exe"1⤵PID:1544
-
C:\Users\Admin\Downloads\NotMyFault\notmyfaultc.exe"C:\Users\Admin\Downloads\NotMyFault\notmyfaultc.exe"1⤵PID:2016
-
C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe"C:\Users\Admin\Downloads\NotMyFault\notmyfault64.exe"1⤵
- Drops file in Drivers directory
PID:840
-
C:\Users\Admin\AppData\Local\Temp\Temp1_NotMyFault.zip\notmyfault.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_NotMyFault.zip\notmyfault.exe"1⤵
- Drops file in Drivers directory
PID:112
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"1⤵PID:348
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2dff5844-07c8-46e2-a9e4-58ebe46912ea.tmp
Filesize7KB
MD5597e1afd07c3023753b44cebe218ae29
SHA11938b125662a01ea61540fe225548df94bf1ad5a
SHA256c64d5d47ed825d2f009d4fc52d2c60e51b88306bd392fa2835981a1147b14637
SHA51270bcf416e74f606311efa1148e7adfebcfcdbfc347b0db2a1042a28799f1a9c0f93b73221cc7ad3bd10d49fb0a5d810612b79eb4ed5041ccf5bbe28f31df51dc
-
Filesize
360B
MD530ef364bcd22151ff49256d363cd7ac2
SHA1c03464877fa781201a5297e7f122ee4e70c00b1a
SHA25650c59063f8d9fdc5ce00203500ebee81192256a1087de523bb89420854f7a93a
SHA512435d5b6cf6afce04bbd1cb22e9ad78d813fdefb0092907828de35dcc7fa78a2c12362d3b61fd4ca0c54b76f643c0418c492b0f7f85413dcea85bf951f37d376c
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf77845c.TMP
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
361B
MD5691464f2b4e5f26f284fe046014435d8
SHA1f556b839b68677235f8efceb8b7cb34489ef6f11
SHA256902dddc014fea3d836bf2f7ba6501c94a3f58d66dbda77e9fa17b7bd51f42567
SHA512ac7b7f32f5327734f227efd7e4e59330025a3e60dafa0d7618beda2debd798092af8560bf5d31143867c885a832f89e28c68a63707395a435394b438f33e1f4b
-
Filesize
525B
MD5e2bcd49d60d18cdd120840879741d4ad
SHA1e69634fb20a4a70d1747cde8b8727b722041f840
SHA2564a826c4af700cb29a81e93cc309dfbea5685cd7dc1608a190caded09b1bfaae5
SHA512e779c74c365643f4cc37c8689d045e03b18cf309fc4c749e3923abb33c6f22872b895d61dabc112510532c0894cde04a71880b745efd2f53d0d3ed2cee2ab5c1
-
Filesize
525B
MD555f6dc26385745fe7207749d98dc8c00
SHA1df41ab6065f81d5dd823ea91c797b126266d635b
SHA256ad90bd74165b87d6c14e6ebc27feac95efaacd81d9e8f49dddc63d3df1576c4c
SHA512b2ff1fb08be40a503bd4d904d03287bec3fbcdd5017f62b36eaad1251a3ee566f2c0586e7fbe5ba6ae359824494a65177891e12be7796c36e12b381b9a9b7852
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf778e3b.TMP
Filesize361B
MD5a49b32b361aa1cd0a2e0ae8fd7b68d6b
SHA18338fbfddfb21d83bfb2c5575724f2919e346a96
SHA25623da0f4d4d20177cdd80cf3b0bb106809aee72e05d09abad007dd965b9cee3d4
SHA512ee6eee9d6140402fe855e8e807c9d638ed5ba5d8c89f7bbfe7482a24be3bc1fa987c4de8e06e3a93c54b969f6a6b9c5ed08e94760a29ae540982c830b89699df
-
Filesize
7KB
MD5893615e99335a437300801563bb2317e
SHA145e3a5fd16158c2281339b33532c48cff3d04a10
SHA2562039ddfc2da92b649fe6b5cc02d8978183224fb8e09853590671e15e91cc2397
SHA5129a4f4052ef897f0bca98e63604efaa4db86cc6d6922371dd835c77a331ffcfde591f6371128ac49d059a85a0bf13e084ced57fda2e87c345a23611f1dd6c53db
-
Filesize
5KB
MD522e87689b41770ebdd79338283398634
SHA1d2e4ed8f9d5e9bc01d9115f20e2f9797e6e3e9c9
SHA2568725771291f2651304990b281fa6ec7c8afd9dc955b4fb9886779b410e9d9230
SHA512ecbf0d4406a7b32e26420610dd0ffaf167df613c828dd7f144f1417af9eedbc84e1f3793c516825c4b969d0a0cfa9a1759a835b2e9d0185d54c9b00af8701a03
-
Filesize
6KB
MD56e2916371f44887040f11a116668ad72
SHA1de82c8d21b834f6dfb9f75c10a9178267bd7bcd5
SHA256f76e4887495bea1b00ae9339942109febbb8b4ff2f13e8b3611f539811f32ca2
SHA512eb7cd559d04ce3310dfbe5035a79e1c95ddf8fcef2ec533a59d42debfed2376ed21af61341d1fd748f66233b2e1ec7cae21e8da720fc248273a3ee09258e2aca
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
265KB
MD58cbab23faf454b87be729b9b26bb84af
SHA1feeae59d03d4986b5b310b741a724d5ed5c28c82
SHA256bacc3aa8bd8813844097f8a332c10cf52e6936a2c8f95b3209ac626648ce048b
SHA5126b34a547d18960e0b9afd270c84097e517f29ff6bc8102077bde4b6390b7835a34f5508fe9a335539d0973cf2882a1b5dabc99b1f6561b84337e6aebdaafb592
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
1.4MB
MD53098d0f7a888949089cdfb9351904303
SHA1ca50aef1aff4b17be449ec7276b01ba728ca7c6f
SHA256e26db5a12a6e1f83085cc40446a0b8fb6e322b989c46f4cb649a955682c15de4
SHA5122a0972c2d7854c6b84a1f68dc437f99b7cbb4cd03a46f275c30d5f0c80f6140bceb33cdc29e7ec96e4ff76796e388090b46112e709e6736bb0fe388c64dacff2
-
Filesize
21KB
MD5d5adea32410f975ea943521da0f7f31f
SHA1835896d28dbe897fe11c8605f59588741389c152
SHA25649c93b06246d47522e1a9cb9b1f5e0513db736bc466983eebfbf4445479d9419
SHA5125f4814e3de3cfecaf3f4b2a9daea783e8d61a516b2ef3298205fca050a4674bdc5f38c2823b33e8aee24346efcd56a75a92409be9ee2414cc2b178b95322743a