fd217a77917977628f1c2aa6ed733aeb66377f53a5300a0951f93970294120c8

Resubmissions

21-05-2024 07:51

240521-jps6dadf4s 10

21-05-2024 07:44

240521-jk2a7adc69 8

Analysis

max time kernel
163s
max time network
165s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
21-05-2024 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d.zip
Size

138B
MD5

a5ca5a0ed29e9c1464c2f1adf3a212a2
SHA1

4948e0a2e3332acaa449375805952d0880db260f
SHA256

fd217a77917977628f1c2aa6ed733aeb66377f53a5300a0951f93970294120c8
SHA512

d46e062b06d706be81e73649d41477684e515f229d6b066c1a7d7d0132156c2e89a0538458e34b25d81000b3275aa432b22747bc3d0af5aef9e817e9b490a316

Score

8^/10

aspackv2

Malware Config

Signatures

Downloads MZ/PE file

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\ScreenScrew.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

Hydra.exe

pid process

3936 Hydra.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

8 raw.githubusercontent.com

pid	process
3936	Hydra.exe

flow	ioc
8	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607511609491784"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

NTFS ADS 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Hydra.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\ScreenScrew.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1884 chrome.exe
1884 chrome.exe
4600 chrome.exe
4600 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

1884 chrome.exe
1884 chrome.exe
1884 chrome.exe
1884 chrome.exe
1884 chrome.exe
1884 chrome.exe
1884 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe
Token: SeShutdownPrivilege	1884	chrome.exe
Token: SeCreatePagefilePrivilege	1884	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe

pid	process
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe
1884	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1884 wrote to memory of 2448	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 2448	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 3284	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 2896	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 2896	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe
PID 1884 wrote to memory of 392	1884	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\d.zip
1⤵
PID:5016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0x8c,0x10c,0x7ff88780ab58,0x7ff88780ab68,0x7ff88780ab78
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:2
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4164 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4944 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4716 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4120 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2756 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3384 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5104 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5388 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3224 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:1404
- C:\Users\Admin\Downloads\Hydra.exe
  "C:\Users\Admin\Downloads\Hydra.exe"
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4672 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5424 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5416 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5636 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2536 --field-trial-handle=1808,i,12728652947220617000,13421271368236079994,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
0b801f5eecaace28e404ae4fbd4459c3

SHA1
a2ee3539e60339097819dabac9590b2d5264afad

SHA256
d9024b6ec121349f42cdffe8c182a19e16d372b0e56cc1ada475dc313edb03f6

SHA512
be0ec1cdd9e40244cbccd6ea6347031cf8f40faca62baee90e954f5d4d898d92bd36b6f5d5b5c2ac689a2b22c7802700aca5dac835304b1d7b3ed2d22093c4ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cbbfc875f5de7462c7583e0ce03b09a2

SHA1
697f4a56c67fa2a3824b17b47762f91e707e5861

SHA256
d0a18d98b986d0c14354c04bcc67836a692115cb07839a1a2803a7ea75d8e17a

SHA512
4d315d086852ae161ffc0b2c487ceb3f0365602d0636603622bf0a5e4707a1323cff00e6fddf8013a0a749b8068e9d4c0134faca210c8944e47066f91dc4243a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1a4c999bda63a66da78caab82c555cbe

SHA1
e7cb3bf00abe1d3e89698e316ebb63c448442007

SHA256
b899b6f1da862e6f7e1ddd1b0c1e451638bbd7eadd0e266bf0539489f6f0e925

SHA512
f432c70f2745138937a773a0d7e1e4dcd9536f99033ff7917ebf79076d41eaabc975d406504c9f9741227148d9d1a8739c64878520c60dfe5072616b6696386c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ff8c5fc6d076b6c26b43893f21e2283a

SHA1
85e7a81084362703b3eb2e1f8ed2e6f3429c0746

SHA256
caa59f6526fdad9c01118b7541e090c1caca42dad362568ebaa707ce62554768

SHA512
a198315259fc371c9f0f6e7cd69128bbb749df32ba0899de539c13bf98b12855dcca7da213b44d4d8aeb68bd73675976ad2688af5226d9866aa1dac0bbae068d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
3f3ce834989e6b67367344810173840b

SHA1
57c64422bc2e7cde7f2d747ca7fe12e01d890f66

SHA256
3ac0dbfd5f2454a142894017c8bd7ef5bc29d59413a8fa960ef1fb6ed5b8b810

SHA512
505eb1a56dc5cf84845eed5927f923748cd0636cb6aa61f3f7385c3fd6b2863d365b8ecc9f0bbf5ffbf893a5490c3628b487c624558e194cbe2a4a9207d8596d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
851B

MD5
0671ed96a1033b0f4d4f40bd8bab8eca

SHA1
fda5952ffcd17f6336b4c56d3539edd25e0ba047

SHA256
fc139bfed8e7b7f079a047c508c89cb5c4140caa6bd1dfe462b9772c12e78d10

SHA512
da1b901a9d4128764b6af9f36e24ec85847fe036e3551a2108a299d03360e9ece30a1a0fdea6eda8f12448452d0b83676702c00a6748ae6f1441ebb43cb28097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
66be75bb98b14eaf63f14587818c6430

SHA1
32ea11491121840b2c5b339e735f588b2c9ae3c7

SHA256
ce69adce3ed1e26368b2d170beee71d0df9c7942f547acbea28990e2fa870aca

SHA512
1ba26f12a4e0fc1200dba64e0a7d5f7e5a21f70c74804392499456b3b6a4c48fe772652c7a730b9b44cbbd6b566ef8abd714ed830e644d4011aa13fa2a4a3438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3a1757cc431afbed8ad8f5fae1407d62

SHA1
7740b1bc22e196dfc9df6bba1e6fb1b5fad9a9ac

SHA256
3ae512c845f3f2ba7be133d9eead4f04ff5306309f5bc41d4dbb6e01edbadee5

SHA512
1f026208b463bce4c2a9c5d19e7511a591a447d71e198e897723d2b5470952b05e7a18916a064753983884e8fde1166dea8a21998f4b2d172579bd5e9a72ef10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
945a515e13d81cf371e33d4335e98e10

SHA1
e3f854a5c3c0391a47301be83ad37d9bd011ef7b

SHA256
5c2196ab31a5f12620c9b9a860f8ea2d397b7639904f75596b34fdbc7fe352dd

SHA512
712e75f05317aab0565eb407be57f6765cf3dbf45ca3371bc4a966054fb8b89700513aae85273037903ef3caa43dc17d6e3992325e6f4693d73db7711f77669e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9ed5330cd96ddcafb6458e463125a6dc

SHA1
d963ee70b0079a0e5fe86a08f29d0b735d724677

SHA256
50f8bf614c80966f9c6770c31c4972df984986b27acbf000fbd4a607309347bf

SHA512
a87cb114404feda00616fbf80c0a8b63b32b651dfb347989eb137172f5dee11e527e7ade4ad5f0ed6ca50f6d42a5989d87bef0677bc2ca7de33f463d45fa5899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
80b39acb4cef1b13d9a1486d9501861e

SHA1
6291abb5a1449088567e7657463f25a8da9f7821

SHA256
2f6ef3ccda34ba868b7108bd3897240432b7f392732f72edbd7d0e101409d7bc

SHA512
04132fa6bc35abe0ee72dfbc2392eb56b1f58738c57051900462b8095719eb83d59c4136012603502f6685f71cc5cb294523e97a82b835d4029190ffae60d4e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4c0d59b3f092225e69abf7c96b90d163

SHA1
b5ad235a50350fc6698a97bb526dc2289fa7868d

SHA256
9ca73c63b550643661a0216ba0d6481523736c839d44e7e3f9239fac874bd777

SHA512
6434ed0325dec7c49066df11f2d20aafb4fc9e5e3a826b060a4a5f3fe60ef5e64cc576b68658efcc534e8eb047a4a4e022a8e09ff19e39368c9923d927796423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a27e85f3b3f6c8bd233d3e689f13a334

SHA1
94af08d92836881c7683c8bb9e53a65c4f6fd6c7

SHA256
fa84802c886e6c766f349e1a4387791af80a07b253a58f21693694463707cfd6

SHA512
cad4f0a17870507670c9997d9dd1b8dcbebc574cb0ace5b22382a365ed0a64ef06df32d1853aa33ae8ab39f6931200ebb22c9b652e5798dd87f221da71a820e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
111f9c15e8e1413d1744788a5b4ed7ef

SHA1
0eb85b81212da63e2f50ace7cecf258afe458b07

SHA256
611f68882659a4544d4c6f7bf6447981391459592c3c647da40345b882b81ae1

SHA512
69613dc9f05fc4be7d1fc00a5deb9d4a4dd9efd8e7a0150ee330cedb6d6f1d1e64c8018a79e0ce70e409747532a62bb3b362b7f909608e925a43037441700ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
0c87fa2766621dfa1186268be23c147f

SHA1
1f0c99e484a4987f7cc2d93006d9babf0aef8067

SHA256
9ea336bbc674f08ac78ef74595198c406db194a7558f4c6300a0006919183452

SHA512
9b2f81676c45150f31ae5eb6174c20e0ceb58d7879d65b61b33d802c2db98b4f401023825b09dfefa3a49e7cf4c467895c418ef3bb8aa89a115151afdd0b24d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
62121d5a1ec7db21343abcf164b10dc4

SHA1
b2b4a107dd8ef7614fc9efcdb36a1e7e3b49e769

SHA256
c034f7e2c24dbd75f1fa7cad26f12c047c7fa8f8ae2a412533a52720de12ffa9

SHA512
096b05320f143e3104107584a4236e44aceece0c55656adc2144d8eb89cf85916785576fe24dabcbb8daa4de323e5b79e2ae5cdb6a09abc3e06bb50f31b11aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
d4c18fc58a2268b00a9270cf6f4d14d3

SHA1
b760acd618c5a6f3fc55b29ecfdcecfd29f8df65

SHA256
b34ffed899850897039902e33f72cbb89490415ac75388c0b3d10c82c090f277

SHA512
ae8442cb88d7c5e5e79d80d7cf131d5450a336f0aa1a0fc9f08bb1011421e04d4d57cd8e325be863fa559524b4f23c45d08325b9ec7639d02034cd93e156c79d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588836.TMP

Filesize
83KB

MD5
b085eb30434bf6e2f71cd40a5b8e4f92

SHA1
a62bce5fbabd1fcc4f135e357b8af6281580b57d

SHA256
eb23e32e650bda437a2a41ffc417fc76322bd7ec989c6cdeb4551e799dd23c8a

SHA512
1aa303ff9f4d362a49a0d3d15bc2884cf5db5ddb774aba5b95f6d87ecac8c6df41d271a90a651998b904874157ee4b8581e60ad03e2813dd1321c11f37a17258

Download Submit
C:\Users\Admin\Downloads\Hydra.exe

Filesize
43KB

MD5
b2eca909a91e1946457a0b36eaf90930

SHA1
3200c4e4d0d4ece2b2aadb6939be59b91954bcfa

SHA256
0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c

SHA512
607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf

Download Submit
C:\Users\Admin\Downloads\Hydra.exe:Zone.Identifier

Filesize
202B

MD5
942884b81636b503ad021c77922f2630

SHA1
0c9625c123c7003cd5a01144bffd5e2ed0e69a5b

SHA256
7310d10c0a13b3b4b659c58dc6fa860ca7044af389b105690a43fe42b2877d63

SHA512
7a5fe939480390a11d8d994176d45e14325c3632f9e5ab5f3e339f85d227baeb8c539f12e25d1804a46229d096f75ad11652fe31c9c99458777d897f4c88d902

Download Submit
C:\Users\Admin\Downloads\ScreenScrew.exe

Filesize
111KB

MD5
e87a04c270f98bb6b5677cc789d1ad1d

SHA1
8c14cb338e23d4a82f6310d13b36729e543ff0ca

SHA256
e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338

SHA512
8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

Download Submit
C:\Users\Admin\Downloads\ScreenScrew.exe:Zone.Identifier

Filesize
214B

MD5
2a250d89ccf0ff1852e6819f736084cb

SHA1
f6b795b623dfa6a24cc4ea16960c97da24e5923d

SHA256
735b9429fbb17908b808bf9b19969ab9c13ebb3a9e573b69316563b728e89c65

SHA512
ce25b5edfb046454431eb4a5cbb7317b5a97bcd3384fdbf11ad12922dea07a1c03fffca5adca188bb9d834e03f42096e19c3792f5ae7d05d101ed9c626a9b77e

Download Submit
\??\pipe\crashpad_1884_KJKDJJRFJEHQRXNQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3936-347-0x00000000058C0000-0x00000000058CA000-memory.dmp

Filesize
40KB

Download
memory/3936-363-0x0000000074A70000-0x0000000075221000-memory.dmp

Filesize
7.7MB

Download
memory/3936-384-0x0000000074A7E000-0x0000000074A7F000-memory.dmp

Filesize
4KB

Download
memory/3936-385-0x0000000074A70000-0x0000000075221000-memory.dmp

Filesize
7.7MB

Download
memory/3936-386-0x0000000074A70000-0x0000000075221000-memory.dmp

Filesize
7.7MB

Download
memory/3936-348-0x0000000074A70000-0x0000000075221000-memory.dmp

Filesize
7.7MB

Download
memory/3936-346-0x0000000005730000-0x00000000057C2000-memory.dmp

Filesize
584KB

Download
memory/3936-345-0x0000000005C40000-0x00000000061E6000-memory.dmp

Filesize
5.6MB

Download
memory/3936-344-0x0000000000DB0000-0x0000000000DC0000-memory.dmp

Filesize
64KB

Download
memory/3936-431-0x0000000074A70000-0x0000000075221000-memory.dmp

Filesize
7.7MB

Download
memory/3936-343-0x0000000074A7E000-0x0000000074A7F000-memory.dmp

Filesize
4KB

Download
memory/3936-441-0x0000000074A70000-0x0000000075221000-memory.dmp

Filesize
7.7MB

Download
memory/3936-442-0x0000000074A70000-0x0000000075221000-memory.dmp

Filesize
7.7MB

Download
memory/3936-443-0x0000000074A70000-0x0000000075221000-memory.dmp

Filesize
7.7MB

Download