6b1329fec12b426386ca9a0ce2350f0aacc2c9a05f3158a27b18467058edc7b7

Analysis

max time kernel
210s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 01:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

abv.zip
Size

12.8MB
MD5

ccbc7ca7bb4237c8629e1cd99dd0e508
SHA1

47b097d6c3d48da304e35724ce0f9809613a1e7c
SHA256

6b1329fec12b426386ca9a0ce2350f0aacc2c9a05f3158a27b18467058edc7b7
SHA512

ec46fff6f883b99dc86239c7d4dd41bb8c22d44e891563f91423a1c64d8aec58ab9c2c865a8bc22f47b5cc55b18aaf76aff957ba45db980dd091c702e376c686
SSDEEP

196608:VlBI6lqUPa9cXiqdlTdDWab5i1xI18n4PdsAU3a4zi5y0D7g22KYHwuwi0:jBI6e9Ghdl38aS01UqQi5nD7/HIvw5

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596069635378378"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3736	chrome.exe
3736	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeRestorePrivilege	2160	7zG.exe
Token: 35	2160	7zG.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeSecurityPrivilege	2160	7zG.exe
Token: SeSecurityPrivilege	2160	7zG.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
2160	7zG.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 2932	3736	chrome.exe	104
PID 3736 wrote to memory of 2932	3736	chrome.exe	104
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 4328	3736	chrome.exe	105
PID 3736 wrote to memory of 3300	3736	chrome.exe	106
PID 3736 wrote to memory of 3300	3736	chrome.exe	106
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107
PID 3736 wrote to memory of 1672	3736	chrome.exe	107

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\abv.zip
1⤵
PID:1164

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff7b72cc40,0x7fff7b72cc4c,0x7fff7b72cc58
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4632,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4644,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4768,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4808,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5368,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5528,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5724,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5908,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3400,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5056,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3204,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5636,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3364,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3316,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3344,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4708,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5632,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3460,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5392,i,17101703633009047502,11333605516654678920,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3244

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1548

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\abv\" -spe -an -ai#7zMap13705:64:7zEvent20609
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\936789ea-2854-4093-aac2-cf55f878594f.tmp

Filesize
9KB

MD5
8340274b6cf56c2afca1e2640dbc88e8

SHA1
2e09697fce3a2b0da86e5588d038e79bf466cc9f

SHA256
7ebad310d7df65e2c7559005e673555d97de4db87834b3e9ee486546e21a8536

SHA512
2cafd2bf9ea6c7f079820424ba0b5065a648fa92a1af50a049992fb2bd9a58115090e9a4d6099d30ed0fa82bdc0704a237c6baf805961afe77384f5787da6c1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
04411cbd6bfa92be23eb4446b192d3a3

SHA1
5348e83e0c81006481b963e2e4af0813d22c627f

SHA256
22d1236148d46fb09047f2f4f9fd3c7b4e0c6e44d46843ea659097e20e1dc5e2

SHA512
9edab3dea063b517cdffe5b0a695f47f52587597393d160977dfc8d4131b430681f89b1621b3d49d8c1d0fdb0fad6b89d52a8316f8ee130d8a0f72d7e58f20d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
60931cd2cf34c80986f856c64fe32c52

SHA1
ecdb8e969e07af087253f092b09e88d282aec17c

SHA256
6ea8e06b769a9c54c8ed9e4d65deb9b22f0da00ee990629a8028a6d6a9c2c3da

SHA512
89c58797fe49cc51eff656c73e5a60b8657967e7407529c255b52c1136b20ce6a6e8c6559f9f676c9eab3fb8f82b6c7ba3b33292ad5386f4a8f765888149bcd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2f1d59b6adc758a2ef953f0f341800d4

SHA1
82f499b6e2cf77c1d7fd4d7b697302e0a95c283d

SHA256
e290793634190c5c761cbbc815bde0ab310927876d204a3db0054ae5db3292a2

SHA512
fc0d49d6764575f9c7621086e4d32da8834d98f1124e7ba2ab786fa3b26d3d5f09552a144a78220bd5b99728204dfb514a83f6b33f963ca43a8b8e2e7868d7f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6dda0485e8fd00076cfa392b50828117

SHA1
f761e04f73efeaa4a6dfa206bb57ab2cbcf95ea4

SHA256
c5f7edf55ec26271a00dfa4e08aba9dae4617c77b72dbe088928491af70d8568

SHA512
6020899feb59aac615e7c7f33e0d8c0238fcbb1eb33de8b5ea5c3935917a4f418911e05abb8d13dcb2797f3c098d23beee9ac6e2f0967cb7612f9c3d6e6e75d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6a5dd5a6067c742a823594c59a15129e

SHA1
df85760e9774031d03cf51b952a95eedeba3b55a

SHA256
98617ae4635b08d4821128bc78650c71ab53ebd18eda60661ff7aeec503385b4

SHA512
1dc238567f933ac20a05413281d408c77eee4138fe36de607afde038a1f5573cd9c8e704eec2945958b86128369c7d54cd662127dab284330868ff7e60edc82f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
14b2c6a6f72162ce2c01c03d1736e8dd

SHA1
b0193f5272259911ab7709ac97058c2262fc7d98

SHA256
5def31e314ccf96e7abf7d257bd39c8546740bdfcc70b907074f81c811081f47

SHA512
b6546c77dfc69d8849158f20c62a04f5b1e84a967e5e17e3f236f4002403a3e5ca67b6e73fb0b8de6842c2f6bf036b5fc47f03b56e4dfcb792e073de7c51496f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
79e522764bb6142b83cc787c35dd1544

SHA1
1fa2b7e66f3fa48841c9063a2cf706b8dd97e525

SHA256
29132902c01deb28f920128be9b3a836d1da98a50738b198b5e4716816fadfb9

SHA512
f3bc4fdebd72e489fa05e749a32fc3f47f084765bb78e7281ffea53ffa46e481626860db334f6ad43fb72cd5e87ed6d574db2a961252de8c6a8274e72f2fa36c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0f6d3bc28f7802056a65d305c61cc050

SHA1
5ae33e93b98d2fd5d08b5870efdec06ce2831e2b

SHA256
ddbaf5cbcf37f21afc5c6ad929b336282fcda6184d7d287999479cbe5b2b8bcf

SHA512
b09d7fb9c0379e787ca574f116fd48914fd534e3840903898ec86ce9f72d17604abc2e7ec13f550d2d06c895312f01b4fc7d6e2dc8c60679c5851c940ffe0090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
981b37e03640b812bc0d66722cd17546

SHA1
2b185c3da39761e130b487340969a3b1fe9b1d9d

SHA256
ba665700f100f005ddb2c6834b749aadd99d2f1e929103c3ff308dc43635f8b5

SHA512
3659f093b6e97b0486a50f868d11be77ed1ad632c7007acc2666bb08f945c9e5b9eee716784ed346ab9f402e51b1b5bd9cf0c579b5e78fd35e151ae67b763f0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a90c68b0eb5fe4ce1c821c1815ffa3bc

SHA1
3e8c6d9168fba90aee757fcaefe033bbbbabe532

SHA256
2987d6ff6e6745e99b71bfdea1f1e5fd4656b69a06f95e493da9503a01ee4519

SHA512
9a0847a0049592150cbf245b573ff06065cd2adb93f45f0631f7de573d524f04f717f3496b08889745407c25ee4ce6f7cc68486483a4bbe02962144bd3ccae07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e3946c14ae9d84a15b90a389611af50

SHA1
b3dd3eaf2f0b61a7a232eebf8cdf1031c49716b7

SHA256
12352d8dccb922ba5d04e6b7f5494e585b3eb760d547f2b810e2aa62c119d405

SHA512
6cae0a78ea9171a94141b01e7b49128322f1fd4d98dc48ecce1af176a45feeb78a8ee94883fddade5d275a83db85574c4f6881c9312b9cc0731ceb0d83054f04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1895c7bfe54cec4c0b2e09b601c70e46

SHA1
ca3d896f3f23270289ff68fc1923e1e7ec517eb5

SHA256
7798ad2224ed7ba7b7d9578329385502026139c53e03e6995ce07bb578c08af7

SHA512
d725b8b394082274209715ae20bc792a78e4252712396d7e28a8392b63de79fb03b22c8417b3d8f014bb9645e43b68b18aa994a111afb668ca07323c4f547195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
51686d5f882cd77304b5eb4d93baed9a

SHA1
6cc8b97757647ea765e4e14fc975f93654c535a8

SHA256
6e93fcd3894f31d0471912fdd992d530ed4839cc026c578efb8b56db7897ae58

SHA512
c61516ffcfdb838704417175a549d8a91d9d65e66a11c0d95171f53438b045637d6d99dd76638d82bd130d8b87bebb3524b4acd6844fd8e6d750a6e6a7462442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c206da424e961f32e45b22f25468d36c

SHA1
de86d905dbe96bda68675be8e3e18f355ee28e32

SHA256
29f6f1bfcaa6168b0d965bfe3cd79869d86998b69f3acfa684c1fb1d255a3a25

SHA512
ada511c90fa2658d1085f67b424443ac753571b7260c17f4d36a5707f4c312cfeb3865d7196244f12374cdae76c2bc5a3634b9a0c057447dca332220436bf842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2179faf831c4960521a45a14ee0d81c6

SHA1
df0cf4690d703b57cb17d09382335f7eaafb8786

SHA256
fa8d3e242bd9df5f1dde036c80ef278105c82721a85b9ca2801fe5783f504668

SHA512
65216b1673e0fc5281898991d40d9d98599d3287a5428eca765b0154dad522e502f0e4dc2d16c1cce4c3e0f42d39fafd0f444f22f67a4607f4569b30d6d0958b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e72049f1738fbe4b664b3d59aea6d333

SHA1
e0ad722631fd47d16ac71adf54b227decd99e28b

SHA256
36d1bc6c1177744a861831ceaa0ecb5820def30f4b3e203b8b5e8fb2dc043589

SHA512
0c5687d3f024c88301ea593ab468f00762a1b9eda0bba8206440b9df87548db61373c073eee9d5d8f9bd4cba95014cf0ba2b1f1fa0a0a963f3a29f4cfb93b1b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28c7f65b688bcf8d7680d0acd24d7716

SHA1
ba58d6f066d2b8b825dc0ff73f41c9b52027abdb

SHA256
e65814192e1ff4fe5e4b46f5b37dae685ee561a6cb5e1d4f13457af57f738365

SHA512
60e238b8510c12ee3d0f78ddd93d994bd0e4a7c8a934770b1037510626879bf3b7e09d7347f43c0c83e9627e115187b4ca87e3750795ec9dd5ef63c3524984b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
47dd4a186b5485ddd20daf01ec877a8b

SHA1
fee92f3a5fe2a168abd6de3f3bc9fab1db2d8de6

SHA256
ef5bcaabb79ccdc230acd3c93d73e649a36d0ca0a1805430656e15430e102857

SHA512
4d6858f9c2873203d408401be6075e43a348c78b1cd290195dc1fdff4399e275453bda353afa38dae689572490c4a2911276e602cac818b6d015ed04b9ba39a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
738aa867ee8c914684477d2492d9004a

SHA1
43887ecb45284d6632b8a139e95af0764f93704b

SHA256
568899cfebd39cffef9cb18ac3919f478dc1d9a4cf289f4843b004248c6517d3

SHA512
ce84f7e3a4232671390e71595948dcea340acbffe8cf80ee5b861de08b2c51105a2161a8f7682662afbe2b140dd57bd5852cc455fa28fa5da7175fdd872c13ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
4a58fae7db0349d697727e25c86404a8

SHA1
3ee6b52d80b422cba00142120d017202f30ed10f

SHA256
7988dff08a58f8b8a82d7606e226f847aa5a38ae7875c7610571d54dd9d08656

SHA512
91a8310d05b1a11d90172b5a77bba2092ca4d36eb54029954e98de70ab4a50e85718097e51798c57f74d75ac1de19cbebc12fd27320bbf3700a063c31c788d9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
45a9dd4037301dd53be949f0f59956c8

SHA1
4cbc0030e7418efebef06bad819a434d96f3e3d1

SHA256
8472c4fd1c8d13f13c876d8014197a779404104226e7b0ea2f9b98fe2b70fc3a

SHA512
a0c818e9bedca3c6140b39c5fb60957116e1d94463d4c1690c18c910fe152caf35f791135199ac954c2688326310f3b6968b5ef31cf535ce104878f79af3d3d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
29c1b95f4014eb98adf81ff76f88548f

SHA1
edf707fa5f591261f3e22f65c0fb9bd69c517d98

SHA256
e318aafef47d3422e19707fb1bc2eafae6b644c93720f460ccf49b29e9025d1a

SHA512
9e0943807f2066c36c8c5f5388f23ff31f9bd33288d386563bff68ed311e1d5d214372bdb2902582d515fad0f098e4148c6469fd32dd07c9f5523511c826ab12

Download Submit