fa4e6545f776160094004f3bfc1c9e199ec43e22870b1674b48ecc9a80ec71fb

Analysis

max time kernel
300s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm V5.2.rar
Size

30.8MB
MD5

fedb5514599b1b6b2583d2d02f67b18d
SHA1

30bf61c43970f8f60e8770f649ab9a406020ac18
SHA256

fa4e6545f776160094004f3bfc1c9e199ec43e22870b1674b48ecc9a80ec71fb
SHA512

3bae5883c01222d537dde94cf4a8aedf86023349be2c742f7e6aa78e9faafc10dcd596968773e8287a58051d7696c2024aedd6704f11a3a1fc2c5fdbf17861f7
SSDEEP

786432:+yMMBOS745XHHdXOXZCJxMJW18F3JhLDj55I7cTFXPz:dBzEtn0QJ2g12Jhnt9Zb

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133603373611398499"	chrome.exe

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

2072 chrome.exe
2072 chrome.exe
2072 chrome.exe
2072 chrome.exe
2484 chrome.exe
2484 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

1684 OpenWith.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2072 chrome.exe
2072 chrome.exe
2072 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

OpenWith.exe

pid	process
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe
1684	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2072 wrote to memory of 1916	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1916	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1696	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 3960	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 3960	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe
PID 2072 wrote to memory of 1368	2072	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2.rar"
1⤵
- Modifies registry class
PID:4272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffa28e2ab58,0x7ffa28e2ab68,0x7ffa28e2ab78
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:2
2⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
2⤵
PID:3960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
2⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:1
2⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:1
2⤵
PID:2980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:1
2⤵
PID:748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
2⤵
PID:1200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
2⤵
PID:3524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
2⤵
PID:3120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
2⤵
PID:5072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
2⤵
PID:1200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
2⤵
PID:1684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
2⤵
PID:1864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2484

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4680

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
44bacc472db2a183f87c9f0bf86e1f3d

SHA1
b985220129db28b7d6ad62e1cc87a1216910ef0b

SHA256
62618c30bf5e10ede61a5244f26e70983ff643b4a8db404fc74217a0d2cfe390

SHA512
f106ca330f24a6ebd8ddd05ecd06b6d3d67922d12b7a7ad45c76301ef18ef31e33aae6a65f081262a8ff58ab0ef065092d2730945ea0a0562e8fca954e891aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
354B

MD5
fe51961a076666c4806a8c70320c9013

SHA1
ade1678ab2ac7920381c2a6fd715f05823435724

SHA256
55e3fdbe743de9012712650efcb37fb623e77d486f6fd8018f81254b6d694437

SHA512
68b20facd34dc61e1d643fc4f238875488756b066787a98bb9ee7c31e0c3f3d6b6dea15759dc24010ccba3c21f3599cd858d5fb5cd7dfbfed085d9f58efe1b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c53ba1e5a3c9fc2e7779544cc6a541a8

SHA1
1f9e2785328863d9610eb463937eedc837940652

SHA256
b719cd306f6052a06c9a45fbdfc8f33cc8c5d136551f1302f9ab424de620553a

SHA512
a1890f85850bd2573cdda172d8319042039e5181a47f21c289b952562a6ef702e9373b41cf6c0833e6f4313efd14d6c864548a53bacb76770a19bbca11d44c05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
73bf97c1f6f627d997e639bd7b02c55f

SHA1
c7503289e9566e54e97c6625dd28ee1e46471ca3

SHA256
06cefa67e8b29c96967fb602e1e8aae068af4e39ad118d26c40ed6473d2d0f24

SHA512
3a24611549007e1a86a64b5540f9bb3444e28e73e327b10d6ec58b4e919b0f813401865604582eee55d7c388e8aa35ff566b32800fb483d644bf52c3bb26e8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
6ea63619eb42b7406244cbcd8a72cfd6

SHA1
9d75d8b91b696890edbeebdc8048c05d716a2463

SHA256
16bb67bce9151143aa0ce6828e46137b94969e5a0481f446bda8153ea35206c5

SHA512
2e3b54ab06752fca872cd5df61d35373c86bc56b1ddc58fbe1611fabffb98171ea244d7c3968448af0f5a38fd4bdd86607f888267245ae02cab7f5f08d3a0677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
6fdca6923f373841b5bca8f2d5e5c140

SHA1
dea637b536852f39f2eb31103366998435433ab0

SHA256
af875e4d6259a0be519e21dba275626808e5bf8833ea004531e5ba8dc1795ea2

SHA512
63f8ae9de0bbf1845bd92e21778ee3b8fc795c78031342ec019e7bff2232370d1b4ca0f8e3ec16373bb81a430a88e3432793820a247c6f3b7e71dc0ac703977d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
d297749d7866e1d812bfbac8643ec50a

SHA1
1649571b7750cadaa6dcc1dbffeb1cc51afd7a3c

SHA256
30903d81ad7b29c2dd31eceb4e61e1c8099872251fbba494735cc962b11671e8

SHA512
cb8d3c7d8ad9570806a7c749f377cf770f8102c6c75966552f25d40842ca18f2bb1ae9b024b52858f917a9bde465f7316432197c312102d3f112c1aa23d6baed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
280KB

MD5
b02eb2534326fbe7ac2ad24993596a98

SHA1
f2d2eea376180cdb7451697674a145061b0c3e3d

SHA256
7b78cf49678fd95d632e56fcc10d40307634e43fe0891461c76cc29c353fae1f

SHA512
34c20dc54e454bd131adbc4cd6c401151085be8c94f2466cf040fc167c602bcd0d084a9bd0589cb04cfa06d773824b255143971483566855647aeceacf57aa5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
92KB

MD5
a894a30057edd785c6f0607dbf5fad0c

SHA1
2a44033b7fc7936d29c8e116e046b83ee32f1f85

SHA256
36ea242af958fdda3f82e1c73058795c34c85dd6fbf016e44e7b131bf54786aa

SHA512
16bf52287986cff9a0483d489aaa0dded275c9c7f6a5af80b47ede0930cc2ffa428bd642e873c2f0f9f8c392db9ac25d331a7ee7fabc17b11e894bbc1929c47c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58fa59.TMP
Filesize
89KB

MD5
9db56ef3c71c580fe4f3fa8efb7252be

SHA1
54f1dc91ed82af11ef03cf4186b415e6827408c4

SHA256
a824324847d7cda8fd40d9f11cdc7381fd5e988ee75b130513b8b6554ff38e2d

SHA512
944791e14f56a1a5c6cb6deac625a611543ee77e9dee3a5cd2820f33c73cf58f778d1bdb0709530517a7e0be97ed8000fba1e5676a6856c54b6909ddf359f9a5

Download Submit
\??\pipe\crashpad_2072_TUKJNVYPTXIXXYYJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit