43adf87d5486202112a4bdea368abc46b5fb6f2ae2a6083b8a87e18723b2feee

Resubmissions

22-05-2024 10:00

240522-l1yaksbd3x 10

22-05-2024 09:51

240522-lvg2eabb8x 7

Analysis

max time kernel
198s
max time network
200s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 09:51

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

dugga_848274.gz
Size

5KB
MD5

7867d29c88ed216103feb5021f01ebf8
SHA1

543af5ce7d60b6bf66d44d6bc42515d7fc97e796
SHA256

43adf87d5486202112a4bdea368abc46b5fb6f2ae2a6083b8a87e18723b2feee
SHA512

f0a22affd6b56154e0ad15a28fadedbc1977fc1fe72b6280d3d87c72ad8d7df1b3a465d9532869a30c09e88cd35ab0f0f6ed188513a38a5ae090d575797354a9
SSDEEP

96:xUS0wqaXc0hWp9nVRcerCWZIIvj2y/dT2/7HpPotQWtfDmDa:xUncc79VierCW7vj9/Q/7pKQULf

Score

7^/10

discovery evasion trojan upx

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.

Query Registry
T1012

System Information Discovery
T1082

Processes:

DB.EXE

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion DB.EXE
Executes dropped EXE 5 IoCs

Processes:

AV.EXEAV2.EXEDB.EXEEN.EXESB.EXE

pid process

580 AV.EXE
4516 AV2.EXE
3468 DB.EXE
5020 EN.EXE
1656 SB.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	DB.EXE

pid	process
580	AV.EXE
4516	AV2.EXE
3468	DB.EXE
5020	EN.EXE
1656	SB.EXE

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\DB.EXE	upx
behavioral1/memory/3468-671-0x0000000000400000-0x0000000000445000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\EN.EXE	upx
behavioral1/memory/3468-688-0x0000000000770000-0x0000000000803000-memory.dmp	upx
behavioral1/memory/3468-684-0x0000000000770000-0x0000000000803000-memory.dmp	upx
behavioral1/memory/3468-689-0x0000000000770000-0x0000000000803000-memory.dmp	upx
behavioral1/memory/5020-682-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/3468-711-0x0000000000400000-0x0000000000445000-memory.dmp	upx
behavioral1/memory/5020-714-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

DB.EXE

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA DB.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	DB.EXE

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

Processes:

flow	ioc
52	raw.githubusercontent.com
3	camo.githubusercontent.com
8	raw.githubusercontent.com
37	camo.githubusercontent.com
38	camo.githubusercontent.com
39	camo.githubusercontent.com
40	camo.githubusercontent.com

Drops file in System32 directory 1 IoCs

Processes:

AV.EXE

description ioc process

File created C:\Windows\SysWOW64\tsa.crt AV.EXE
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\SysWOW64\tsa.crt	AV.EXE

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608454354796214"	chrome.exe

Modifies registry class 3 IoCs

Processes:

cmd.exeOpenWith.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

AV.EXE

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\30530A0C86EDB1CD5A2A5FE37EF3BF28E69BE16D	AV.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\30530A0C86EDB1CD5A2A5FE37EF3BF28E69BE16D\Blob = 03000000010000001400000030530a0c86edb1cd5a2a5fe37ef3bf28e69be16d2000000001000000b3020000308202af308202180209009168978ee53f5964300d06092a864886f70d010105050030819b310b30090603550406130255533110300e06035504081307566972676e69613110300e060355040713074e65776275727931123010060355040a13094261636f72204c4c43312330210603550403131a746f74616c736f6c7574696f6e616e746976697275732e636f6d312f302d06092a864886f70d010901162061646d696e40746f74616c736f6c7574696f6e616e746976697275732e636f6d301e170d3131303931383131313834395a170d3132303931373131313834395a30819b310b30090603550406130255533110300e06035504081307566972676e69613110300e060355040713074e65776275727931123010060355040a13094261636f72204c4c43312330210603550403131a746f74616c736f6c7574696f6e616e746976697275732e636f6d312f302d06092a864886f70d010901162061646d696e40746f74616c736f6c7574696f6e616e746976697275732e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100cac8419346518527133fdefd7982ac3919f1d6e2f815ecab0b5d219ccf843885645cfd9c35cae2eff8e7506e690b52c587a59c8d667cb671454030bd370fa334b18afb5ea4f4f819a36685a705a8543f320af913ca680a1d32a402db6d3e42d93228e44ba230fda524d490ddc35b922f23d36d95417136ac50afa567e21359350203010001300d06092a864886f70d0101050500038181003c6a7f43ca2cee1caafee88b04777032a4c9d7794222537e3ebe57953198281bdbe0d3a58f7d3eb358f361848f30ad88a364cd0ae3376e6239dedb01497d52d3dd55e78e49375373419ad7e5e2e036f713bf4d96a552f2aa26b35b66d7a83fb2a9b6e317d162d8342f09ccc71b2a1c7d9474ca7872bfa4acd623d61c4491d740	AV.EXE

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Ana.zip:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exeDB.EXE

pid process

408 chrome.exe
408 chrome.exe
3468 DB.EXE
3468 DB.EXE
3468 DB.EXE
3468 DB.EXE
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

408 chrome.exe
408 chrome.exe
408 chrome.exe
408 chrome.exe
408 chrome.exe
408 chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Ana.zip:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe
Token: SeShutdownPrivilege	408	chrome.exe
Token: SeCreatePagefilePrivilege	408	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

5012 OpenWith.exe

pid	process
5012	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 408 wrote to memory of 3956	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 3956	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 2316	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1864	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1864	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe
PID 408 wrote to memory of 1836	408	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dugga_848274.gz
1⤵
- Modifies registry class
PID:3348

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe6b3acc40,0x7ffe6b3acc4c,0x7ffe6b3acc58
2⤵
PID:3956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1792 /prefetch:2
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2108 /prefetch:3
2⤵
PID:1864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2168 /prefetch:8
2⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4508 /prefetch:1
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4500,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4068 /prefetch:8
2⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4084,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4672 /prefetch:8
2⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4444 /prefetch:8
2⤵
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4760 /prefetch:8
2⤵
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4904,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4788 /prefetch:1
2⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4812,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5084 /prefetch:1
2⤵
PID:1512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3328,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4380 /prefetch:1
2⤵
PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4336,i,14938497397547022100,715208045904645321,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3472 /prefetch:8
2⤵
- NTFS ADS
PID:1088

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3748

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Temp1_Ana.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ana.zip\[email protected]"
1⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\AV.EXE
"C:\Users\Admin\AppData\Local\Temp\AV.EXE"
2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies system certificate store
PID:580

C:\Users\Admin\AppData\Local\Temp\AV2.EXE
"C:\Users\Admin\AppData\Local\Temp\AV2.EXE"
2⤵
- Executes dropped EXE
PID:4516

C:\Users\Admin\AppData\Local\Temp\DB.EXE
"C:\Users\Admin\AppData\Local\Temp\DB.EXE"
2⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:3468

C:\Windows\SysWOW64\cmd.exe
/c C:\Users\Admin\AppData\Local\Temp\~unins531.bat "C:\Users\Admin\AppData\Local\Temp\DB.EXE"
3⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\EN.EXE
"C:\Users\Admin\AppData\Local\Temp\EN.EXE"
2⤵
- Executes dropped EXE
PID:5020

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\EN.EXE > nul
3⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\SB.EXE
"C:\Users\Admin\AppData\Local\Temp\SB.EXE"
2⤵
- Executes dropped EXE
PID:1656

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
7ddbc7eeb2d3e01f3ed74233d5b3761e

SHA1
3992310eccf1f1891f4048ba04b839361e335d0c

SHA256
a33392f2164b62397aad76506cacff4fc6b06478f1a24e32d0f40b0cdc7a90cc

SHA512
4cf2b2d9f1338f4bfbbd06898d2f15d9cc9e618f8b6168700f88946de8c9fd9de3c16436ad90fe8b3ee05af182b47a95331e72a506d66da4d4c5f5709f294e02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
6707dc4c7c3a6489924fbb740f569097

SHA1
d36274d7ed0ea13bf8a0ff18034ed8d05c4cb00a

SHA256
ead58f83225233a92a4cac1b8f0262f6d09fc0fab978b72e9aa05c7cbe34b2a6

SHA512
67eeb08c5a8507a924350f58e1d7507ee22e924fc6fecb9d650618b23216be7b05791babeaa4c58e0f48b369bddd19cbedf4d2556bdc2603378d4304b2849d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
fa467798eb0ac22bd7ce611941627a13

SHA1
4de134d953c993092e52f0846077bfa3e73112f6

SHA256
676433464929153342e501f97bb490f198908a5d3ee738a40b94f9b494266eb6

SHA512
229192b30c1565e92b33e1b488f548faaf3734cd735459448b967ee41bcd51e8d5c5a1ee3b4f1c4c15d6e90118d355c55741391c5cb4bf0d42722c7f82756c26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
3dcd148048d5680178766c0b0aab4496

SHA1
8a7cbc20075fc1a8ef4ab1ae5540a9f328848cce

SHA256
d519ba6fb51399f951ebb7eb502cdae94e13bf8ac6f4ad0f72f5b6d3b43a760a

SHA512
865ab9ce9844642d98b1a3736ef5218194e32da379e9ac260e2a7e6b73d858655d4f00a2667339bec0fb342b64ac958da57199be21dc904056ab2d27a3d17338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
680bc3e364e82a149fd9d8382e060735

SHA1
a2427bfaef51628cd0b3826aefeaaec90933967a

SHA256
13ccf6d70c5b51f391f51546ded3ae53236129e1c227b2095332b7d942cec8a7

SHA512
33afe6be5a12fca60820d55c93e687a71410a5ee8addd01002e4ff1e3271cae220cde41ffcf01ecc18a75f2bc7118e11d0091c24f948890137841f72f7f78071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a38ccd398b9137db44062dbea71bf5dc

SHA1
c6e32c4398540dfa1e26e1419b47f3bfd03e8ae5

SHA256
93ec4c697f0daff0bed4dc8ced2b03ad24d6ae4805b006c588774e1bac0af32b

SHA512
dc9f7b2f57590f859cfde5eb0ec0a49a14ac920251dc4352f35f05661f46add44b2ac2fbadc900fcb48d49271572255efdde4279f70935666ed099411ad362cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
0d535f2911795b05789d01d700827c64

SHA1
cb9a0686ccc4a29a984f9d413cbffcfaa6a1a33c

SHA256
0f8d94b09e80b1c90f9dea5a18207ee1ca86de9160f2464eee95729c5705008e

SHA512
dec6b33eb17b395a0c736b74e96c1b98b011fcbb67ea1839b4777dae05fabbf13811456dc254d79c12aeae8d2151624cb13a3d2767c23f2bab759ff21e6658ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
73b0d06cbee9d159668e05e2d4c55153

SHA1
118c0ce4e64d00ca4f10c59fc323885dc87221e4

SHA256
48c77d8cfbd52df0bd317d1d6a7ac57b02ef3019dc66e6d327bdabf67e95ee2d

SHA512
ae4bdd3948464a415965fb19f8bd6ebdccbf3afffff4235b115b8765d4d69dccac99e8af3a91de7679726a369c574d1dd719878c6790ca2f3e5ef6054192c243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
4aa2855e90175f011365c82a5db206b9

SHA1
3123a8ce11364feb5e9886ebb134f20d18b1cbd0

SHA256
c970948133c298674d3f0b5d3b5d1de6dd4fcbf78745dced7dd8668293fede58

SHA512
717fdb3a1a1d52fc31f8f071c0c2ee6b8daa6f40e119368edf07d917285e0da0041fada44e02fabc95c2a67c8aa6619d74e02edb1377d2f704ab66ca63a9f4ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
117ddc876efbe6733c45a5192b743e03

SHA1
250f7b0ea24cd8f22aca5365382071742d0424dc

SHA256
0b3e616fc57d70fe2caef69dbccf9d445b97d5af8bf46ec3b17e5560e001c2c1

SHA512
afe261973177133e3d5eb9d6a1c131e5b084cfe40817f538b65f7c1504c484d9c991a010ef92d0f08c940e274426fdd0c7d184dda786071d3124d79d475b9af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
a66b05aa4ec484259ca0fcb79ee2a57e

SHA1
166784cd6b67814f920695e4079e089a511d8e9c

SHA256
a173cada3674f6e2551e9d58b32820f13fa22169a1a64935a0dc45708e05250d

SHA512
ecb4871b49134e438e1f70dff3d83ab9dd1839218d02b286ce4b9a071731890855d7424735c19ed204c8e277990dd02e944351a5d9b446db8df91be5cff3264e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
b69a1bb2f921b56b60989f56867aa6f9

SHA1
52bad4059ced2bd4fa4b9ff907d6ad733f487f4d

SHA256
4ba4c5cee67d51fd8e211f18f0558b3d7ffdaaee932cf5591171ef92e6fedb04

SHA512
3580b96140dff97164e78c3281437432df46ea506f5876fbc37b1207434ce63d0652543eeddfcf7dc7c2522a7d11987bf1473728db119bb7075e99574bfa9d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
47b4f82a4c71d364ae63d1f745c42aca

SHA1
9aee3600569441a50db0ed5f0ca8efd430a574ea

SHA256
078588eeacae8ec69930f0ef5bb4768750d3aed54a4d1db5ce25963fc835a29f

SHA512
811bf525eae2cea7afe9d6b09b1b550f481a7645b96c131902757467bc304312f0630b4419d3739da7424b30a0c4ec65b8262c93f50785a3d500fcf77851bd02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
85cf631bba7df46950ec25d329646252

SHA1
a093999f713d1c51af2dd0590340e71fb4d7abb6

SHA256
87a19d5649df0033fda119042a2afd4fb43d0795b725e0f09ded6a08b62a5206

SHA512
1a260b9aae08f4056541a2e39b0f31e9177c13820ba219c58589d9245c9cfb6b209c917f1e4025ee7b65bf0c779852656606bcb44bdae12f87ef8f1d055d8029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
039e41cc71c3c9cbde86156bc6840f00

SHA1
01afab9fdc65a2095d80b89c83f7ecd35a882037

SHA256
c8d87ea1d2bc925c3b123acae8147fe17ac4c2a92cb50c43e092b44475aea215

SHA512
918bf1b8a53fcbfe195a19285b4d5d4521a4b9314e05a273887ccd77dcf5bbe959043df54a60894906e25dd91884196ad03099bd334e5fdf13522ae3087abaef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
ee97743385d57a1c1cb6d699888eb62a

SHA1
5587f66e3190334fe582602f431451d8b4ba2a11

SHA256
faf7305b2039bbc384271fd8f3bbe30ffef754e4d33c936fc860ed1851e2aa19

SHA512
933db96a187e12b54a0b22e5ceb645363c973f5bd4e2ddeff838f2d6f433212bc7f0992debbb183fd4107579d8df475adfb7da0fecbd83dbe0b55b7979ccc647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
bcdc743b6c40d7e4bfe73e24dd567c36

SHA1
8d448e5cecc733e886cc6f2bc49c1dc175303e2f

SHA256
a12a7d055f754453d6bd3f730b4b73378b40b76c23ff69a8867d659c8fc8867b

SHA512
4a38762611b67dd5d3c271f6cb16d9bfbd4e04887c22ae7cece7a52b55ccd8b0a091c9b4a44c884b7a3b100667cdc1e38ff7995312532e825c6025e8e13b4ade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
2cae537483d734587a558b47b9141d9e

SHA1
b8c8f7fd6a85152e0017166a3a89030eedd29e1d

SHA256
4bfdb4eadcb4e081e14a543b9c47eeadb5cc2d472c73daffd9afe17e0bbc3197

SHA512
c8ae29c5bc4c47c063c7a62ace41e4d15640c6393d353078e3c174190667cf3131f08e4e2a58dba05aa318a1d330c10ad88a8d5b84c3f2a250e0b46d30b416ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
152KB

MD5
b524c90149b9c5de693df7b3326791a6

SHA1
23bd28c5d7dd52caaa97127886da0150efdfca04

SHA256
f41f1c9099364ceb0064059cc2f7fecb77ae8d6cfb29191a43c73402287d09e4

SHA512
29be8ba53c8daff3db06392115b1ace7d48e7fe3785cd4eb6d90433e58ccdbfc16eeb3a56501d2298adde106127b288746ed1c0ff5dc129fe70c898d52dd432e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
152KB

MD5
680cc6a581fde4849ed1eae27ac15a3f

SHA1
35e534ed60a33dd66d0679d9ca737151360cf93f

SHA256
4a8edddc8d5993af96adbd79dee405d376b5f50fd5513246f7a121c8b06ea06b

SHA512
7ef992662c9d1d3687838919edd05cdf013e0a45afc9a061dc4256e125704a0f7b67f7b21b130ea5b3ed00080e6541f2e18f8fa2b32df48b1761f9fd4026ddff

Download Submit
C:\Users\Admin\AppData\Local\Temp\AV.EXE
Filesize
1.1MB

MD5
f284568010505119f479617a2e7dc189

SHA1
e23707625cce0035e3c1d2255af1ed326583a1ea

SHA256
26c8f13ea8dc17443a9fa005610537cb6700aebaf748e747e9278d504e416eb1

SHA512
ebe96e667dfde547c5a450b97cd7534b977f4073c7f4cbc123a0e00baaefeb3be725c1cafbfb5bb040b3359267954cd1b4e2094ef71fc273732016ee822064bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\AV2.EXE
Filesize
368KB

MD5
014578edb7da99e5ba8dd84f5d26dfd5

SHA1
df56d701165a480e925a153856cbc3ab799c5a04

SHA256
4ce5e8b510895abb204f97e883d8cbaacc29ccef0844d9ae81f8666f234b0529

SHA512
bd5159af96d83fc7528956c5b1bd6f93847db18faa0680c6041f87bbebef5e3ba2de1f185d77ff28b8d7d78ec4f7bd54f48b37a16da39f43314ef022b4a36068

Download Submit
C:\Users\Admin\AppData\Local\Temp\DB.EXE
Filesize
243KB

MD5
c6746a62feafcb4fca301f606f7101fa

SHA1
e09cd1382f9ceec027083b40e35f5f3d184e485f

SHA256
b5a255d0454853c8afc0b321e1d86dca22c3dbefb88e5d385d2d72f9bc0109e6

SHA512
ee5dfa08c86bf1524666f0851c729970dbf0b397db9595a2bae01516299344edb68123e976592a83e492f2982fafe8d350ba2d41368eb4ecf4e6fe12af8f5642

Download Submit
C:\Users\Admin\AppData\Local\Temp\EN.EXE
Filesize
6KB

MD5
621f2279f69686e8547e476b642b6c46

SHA1
66f486cd566f86ab16015fe74f50d4515decce88

SHA256
c17a18cf2c243303b8a6688aad83b3e6e9b727fcd89f69065785ef7f1a2a3e38

SHA512
068402b02f1056b722f21b0a354b038f094d02e4a066b332553cd6b36e3640e8f35aa0499a2b057c566718c3593d3cea6bbabd961e04f0a001fd45d8be8e1c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GB.EXE
Filesize
149KB

MD5
fe731b4c6684d643eb5b55613ef9ed31

SHA1
cfafe2a14f5413278304920154eb467f7c103c80

SHA256
e7953daad7a68f8634ded31a21a31f0c2aa394ca9232e2f980321f7b69176496

SHA512
f7756d69138df6d3b0ffa47bdf274e5fd8aab4fff9d68abe403728c8497ac58e0f3d28d41710de715f57b7a2b5daa2dd7e04450f19c6d013a08f543bd6fc9c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SB.EXE
Filesize
224KB

MD5
9252e1be9776af202d6ad5c093637022

SHA1
6cc686d837cd633d9c2e8bc1eaba5fc364bf71d8

SHA256
ce822ff86e584f15b6abd14c61453bd3b481d4ec3fdeb961787fceb52acd8bd6

SHA512
98b1b3ce4d16d36f738478c6cf41e8f4a57d3a5ecfa8999d45592f79a469d8af8554bf4d5db34cb79cec71ce103f4fde1b41bd3cce30714f803e432e53da71ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\~unins531.bat
Filesize
49B

MD5
9e0a2f5ab30517809b95a1ff1dd98c53

SHA1
5c1eefdf10e67d1e9216e2e3f5e92352d583c9ce

SHA256
97ac9fee75a1f7b63b3115e9c4fb9dda80b1caba26d2fb51325670dee261fe32

SHA512
e959cc1fd48fb1cccf135a697924c775a3812bab211fc7f9b00c5a9d617261d84c5d6f7cb548774c1e8f46811b06ca39c5603d0e10cbcb7b805f9abbe49b9b42

Download Submit
C:\Users\Admin\Downloads\Ana.zip
Filesize
1.8MB

MD5
cb6e4f6660706c29035189f8aacfe3f8

SHA1
7dd1e37a50d4bd7488a3966b8c7c2b99bba2c037

SHA256
3341abf6dbefb8aec171f3766a4a23f323ff207e1b031946ee4dbe6dbb2d45a4

SHA512
66c3351ce069a85c9a1b648d64883176983acd34c0d5ca78b5138b7edc2890b34408e8e6fa235258d98c105113d1978a68a15262d6523a82abb004f78b06de38

Download Submit
C:\Users\Admin\Downloads\Ana.zip:Zone.Identifier
Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Windows\SysWOW64\tsa.crt
Filesize
1010B

MD5
6e630504be525e953debd0ce831b9aa0

SHA1
edfa47b3edf98af94954b5b0850286a324608503

SHA256
2563fe2f793f119a1bae5cca6eab9d8c20409aa1f1e0db341c623e1251244ef5

SHA512
bbcf285309a4d5605e19513c77ef077a4c451cbef04e3cbdfec6d15cc157a9800a7ff6f70964b0452ddb939ff50766e887904eda06a9999fdedf5b2e8776ebd2

Download Submit
\??\pipe\crashpad_408_LTTMZXIPDUQPOYTD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3468-688-0x0000000000770000-0x0000000000803000-memory.dmp

Filesize
588KB

Download
memory/3468-684-0x0000000000770000-0x0000000000803000-memory.dmp

Filesize
588KB

Download
memory/3468-671-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/3468-689-0x0000000000770000-0x0000000000803000-memory.dmp

Filesize
588KB

Download
memory/3468-711-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/5020-682-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/5020-714-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads