75b5a1772375ac64561c91606ee834f962f2b4754cf1d825964dbacdcc6e54eb

Resubmissions

17/05/2024, 06:41

240517-hf19ysed23 6

Analysis

max time kernel
300s
max time network
294s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 06:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-2.html
Size

5KB
MD5

0c6b20cc9531d18724a866e4318350bf
SHA1

073cc7f5fb7babc7552021ebfab56aeb45768c05
SHA256

a38621fb81fd7878d3cb7939317acebc2ce36d20ecb2518938e775bf7920f09f
SHA512

654b2521feedf7789f750d3a34aa549ca67d0253fbb66587d895c1a064702c31fb406bc1b6a2dd26c54f0c376f63b0457fe30743e7fc8eadccb8253b62b26f44
SSDEEP

96:rq4tvSzjMnySzqERnrxsYtxfPR/pIi0Ndm49:XIQDVpfPROi0PF

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
31	drive.google.com
32	drive.google.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1936	AcroRd32.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1936	AcroRd32.exe
1936	AcroRd32.exe
1936	AcroRd32.exe
1936	AcroRd32.exe
1936	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2584	2172	chrome.exe	28
PID 2172 wrote to memory of 2584	2172	chrome.exe	28
PID 2172 wrote to memory of 2584	2172	chrome.exe	28
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2764	2172	chrome.exe	30
PID 2172 wrote to memory of 2432	2172	chrome.exe	31
PID 2172 wrote to memory of 2432	2172	chrome.exe	31
PID 2172 wrote to memory of 2432	2172	chrome.exe	31
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32
PID 2172 wrote to memory of 1632	2172	chrome.exe	32

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72e9758,0x7fef72e9768,0x7fef72e9778
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:2
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2148 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2156 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1292 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:2
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1764 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3516 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:1
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2376 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3496 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3708 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2564 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2384 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3660 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1656 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1268,i,10106179521854742317,6173045618602613620,131072 /prefetch:8
  2⤵
  PID:112

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1904

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1424

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Contestación.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Sentencia.pdf"
1⤵
PID:1620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
674B

MD5
ec321f3b43a8508cf024051c89173686

SHA1
9f15ab08714814ee6a81c1fc22048b54c6df149c

SHA256
39a63b228ed85c7a7b16dbb5cf06a7e25bf9044d4c7c265460dd9a4db311daf6

SHA512
fca6c99aaafc13c72c5ed40c178d63e4c3326458a17fc0d86a2b89ce7d8dbf415a95ef5ce3af314be472784f8368d1bad68ab79a10eef54e6d3419bdea558e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
37094e19eb60b8db65e840c8a0b45242

SHA1
801bcab5b73b00b4e08b973e5b5a2255cd6d4b6d

SHA256
74d7487c242a35792e9015fc9f4b20bd8bb7236d573c149623998f0a9cd0758e

SHA512
595d3a1d36cdea9dee14dcecb5d43354ace1bf93c6b666d40816715f985a75d764062a41f53090af7921753e4773faf80a77a5a9ac20429f24a74a8e1d91aec7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9b6071db732eb919637972ff413188c5

SHA1
27be250be76a7aa2a50fb1be31ef81f6f95d08b9

SHA256
5fbad96080946494d2a2a73740307b17e8a901eb9af2a6c4ff293b24bb002d5d

SHA512
3c466f7f3e805a031e0cc5fa193598f5279dc9da7ba523314e7a5763ccb41b1f79d2340a7fe0bc088df61b8cc138cea0ba0b0336807029fce0c3225d697bb1fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bf1ae7cee7953928370df5dab415ce2d

SHA1
666f507d3b944fda24bc3c04475587e899dc6da4

SHA256
772c2d9ee6a93a3acd82e9ce608fa0654254021ca7f7b3d80bbfb50f9dbac5c8

SHA512
f02e9bbaf7ff1d865ceea6219d71f9f9b143f247e4ec659ee140310278af3ecae77b40d149dc7ae88e24cc96d77f91ee55910dcd86b227fa18977f3ff86d309b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e4c697c7a7e4f5c7fffb8d17c333da15

SHA1
c18a4db97a569c264d403c8a09332c7f36bd0190

SHA256
23a5017861cbb94c8ee67da7c956aa823251bbdb6490592a62ff43f4f528fd92

SHA512
5be967ff2707ba60323ff463b99e189280ff3ec0906662d0d975348356cd143de2b11e9e77ee25de7ad0427e6412d743c5dd137fba803dad9616f31ae02245a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bdb2878e-4145-4ba5-abee-e688e7937e26.tmp

Filesize
7KB

MD5
21e45abbde74a9d85de2bb8f0009c72f

SHA1
d37154d44ef46789feac265adad603b0a64362ae

SHA256
0c0a38f000ed07418e2e3a0df6e54a2c3b8ac1af7072ddcf624250b067db5afd

SHA512
cf019574b84d5bbd71fee5339559f48c24576da878e3adbb425efcf4ba6ade44929573bcb3db315cca97e5f338ce5dda8087bb636772acba4ae126990f46e3d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
ecfb6bed012597901637027f7dee695a

SHA1
ae3d0879fb83c0d4f6c32672044944f810802ef5

SHA256
245c5a0286946efd007775523c38a0c988666ab7d032e6706c73fe7250d43a90

SHA512
7688067c702de94aa3eae82f382c9a4b2dfdf8be946a742709a62abd37e274432ed96efd9a400e571cc2f546c87f5d5df8bc4406938d09cbb494086cef35f6ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
e5ca790987c10a7cdbbfd40442435dac

SHA1
5227fd00650128e8c1052ee437bb6f6727fefa64

SHA256
ef0c484ec6ee427965c6f0b91b06511d601275c701615b63ac564a1dd9b52d52

SHA512
41d7075d73fe72eacb7365e09c3e376fa0ebb824eccadb97c8c2c61c9e80bbd5109aff412369b91880029d434faf8ec38a6af1ebea66ffa44e216ebc99a97e76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
dd8156d796218dfe6cdbbf49be1abc4f

SHA1
54a44a644c99ce7695455d39299aaf9ce449ed14

SHA256
9a46f9a0979d78f7023039cc86b8d933c706718ad4e33aae3a925b1a058fbabf

SHA512
738925b34dc311acbb95d5714be3283d4dc0d5967ac285d546b54384bc4100522d96f35927165b2c4acf825d200dc928d9b0d469ffbc2a5b25f37f4dfeaaf5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
51bbc094e7a648ee55504bd8fdae5332

SHA1
46c3726f66386c1ce8e8326c1b77f9f6c6d9df8f

SHA256
97022e8bbd66d4825b8a20da4316f64ccfe40f4b196b30b167cc8387c0011533

SHA512
02e14efeae7665fded88a0bc843ded80c0251e8ca663b92d5304a473862c8029d9ff76f401262c16ce5c057f0f148777518d965efbb9e9a5e9d82e2383ca159b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar260E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
9cd5315b4a5d023d9ee6737a93c91bc9

SHA1
21eca9e69bf8be6a06dc9937645d63559403f0fa

SHA256
a6747d950a8917633eaabc4e35c8c26cdb942e0db4225ea02447715389f7037d

SHA512
63881ef6dac9acdc8cdd5649736d545aa6f6beb4993843ab8b613edf7d2e85c5ffd7b447415f385494a316a111f3666c517f06267a311ae847ba0f11b93f12cd

Download Submit
C:\Users\Admin\Downloads\Contestación.pdf

Filesize
19.5MB

MD5
029d388044db82f6626faefdc2bfeedc

SHA1
2cdebc08c21a7885293c5d6a0b76debed695b132

SHA256
20410bc0e0de739868653d63b7ad59694f934cfa88b1bae80b282a13019a6119

SHA512
d3c7d72c74c2036b5ac1b1dd1daf09be44b5fc7d93874b0a445de21f35cd73f9fc5370d19f6a19aff929811c3bd7b2b2a2369b4ff892c58c433cba39acc535b6

Download Submit
C:\Users\Admin\Downloads\Sentencia.pdf

Filesize
31.8MB

MD5
419a7f8a578bd2980d70534ec626ea61

SHA1
fdca59309cabf4d903702ed907faac5ad24fe7c6

SHA256
79c9c8b91fe63a9e6e9cbf2cc5a08c45fa6a83095a6c3d404413ea4d6ae83834

SHA512
1db6784959efe979c1c217537a37bc47f21a40c07459d9d0c277f6d0bcb0a18ef0d5125e580dc73c2806529b1d0b1aaa423b52c43249e4f459f50fe8e8d37d84

Download Submit
memory/1936-365-0x00000000010E0000-0x00000000010EA000-memory.dmp

Filesize
40KB

Download
memory/1936-364-0x00000000010E0000-0x00000000010EA000-memory.dmp

Filesize
40KB

Download
memory/1936-368-0x00000000010E0000-0x00000000010EA000-memory.dmp

Filesize
40KB

Download
memory/1936-367-0x00000000010E0000-0x00000000010EA000-memory.dmp

Filesize
40KB

Download