43adf87d5486202112a4bdea368abc46b5fb6f2ae2a6083b8a87e18723b2feee

Resubmissions

22-05-2024 10:00

240522-l1yaksbd3x 10

22-05-2024 09:51

240522-lvg2eabb8x 7

Analysis

max time kernel
1438s
max time network
1424s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 09:51

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

sample
Size

5KB
MD5

c31020e4835be00569e290ee53515a93
SHA1

9ff7b0031069f6371cf7ed8b53659873df3eee5a
SHA256

629328afa29bb1b0abd0b3d5bc3fa71d232f8db3f639e4fbed78193306a1d665
SHA512

d79054ad1d7b168ad594018cd4afbbb23191210c563556404d0769d05dc5d2d3c21edd271fd20d026fa2357e9770b2c52c53ae3d7b0aa753c3d95f295a55c7bd
SSDEEP

96:TUS0wqaXc0hWp9nVRcerCWZIIvj2y/dT2/7HpPotQWtfDmDt:TUncc79VierCW7vj9/Q/7pKQULY

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

5 raw.githubusercontent.com
10 camo.githubusercontent.com
36 camo.githubusercontent.com

flow	ioc
5	raw.githubusercontent.com
10	camo.githubusercontent.com
36	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608455693929330"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings chrome.exe
NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\FakeWindowsUpdate.zip:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

340 chrome.exe
340 chrome.exe
3112 chrome.exe
3112 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

340 chrome.exe
340 chrome.exe
340 chrome.exe
340 chrome.exe
340 chrome.exe
340 chrome.exe
340 chrome.exe
340 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings	chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\FakeWindowsUpdate.zip:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe
Token: SeShutdownPrivilege	340	chrome.exe
Token: SeCreatePagefilePrivilege	340	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 340 wrote to memory of 2088	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 2088	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3376	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 1144	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 1144	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe
PID 340 wrote to memory of 3460	340	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
1⤵
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa3554ab58,0x7ffa3554ab68,0x7ffa3554ab78
2⤵
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:2
2⤵
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:8
2⤵
PID:1144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:8
2⤵
PID:3460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:1
2⤵
PID:3668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:1
2⤵
PID:1132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:1
2⤵
PID:2576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:8
2⤵
PID:4792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:8
2⤵
PID:1224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:8
2⤵
PID:780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:8
2⤵
PID:884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:8
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4524 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:1
2⤵
PID:3764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4784 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:1
2⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3416 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:1
2⤵
PID:3564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3456 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:1
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4760 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:1
2⤵
PID:4836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:8
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:8
2⤵
- NTFS ADS
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1764,i,16445363494507161671,12791990042410143284,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3112

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4636

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\Temp1_FakeWindowsUpdate.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_FakeWindowsUpdate.zip\[email protected]"
1⤵
PID:2336

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
051ebff1864b426899428e7a9735dc0c

SHA1
174ec3280493b96203263195021147c1897df80f

SHA256
15a6faf5b5be8770b9d72cc87b40f873fc8c3981db698a0655f7870c2ab64f42

SHA512
ffe70f90ec290ec90cb05a5e44ea3e95d86e1f8322263979489c385f6c288a49e61c3003a438d40beba7e2b17840bdf62a19d0371f7fb20f4d51c4a4e8570f13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
586e289db719f5061726afab321fcbda

SHA1
3a2fd0a08b1b1288fb150d37e0f31d88c68a664d

SHA256
a2d3014eb874ed67870a5ac4c7470105e27c031c4570d298ce54268367dcfe25

SHA512
94513904adc0f9c5ac5819d87a23e0a9d80050243ac6bee72eade170d8da08d924389a2ac5f8d0b6da5ca7c7ef37d8f75f9b45c9af21dd16caad93f2bba456c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
2aa2262adb8f685d9b1aa8e87c52cce3

SHA1
912265b20ee19a80fd616c30693f480ee66ccfc4

SHA256
6f63e40e7f1c3a07488433e22d85874fb6f9ae8fc42bb76b26b4c3d60bed3257

SHA512
5546174e1a65f2c9ed4ac3d30e48509c725bfda0bd7971f3c42080e4641043fe7d98ca2f69efe55ed274049029792ec0c017b4881c1260742610ececd450d0e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
9d1b3ac6d09effbcf8ca54d61c985b35

SHA1
23c27d50a4fadf0fb1504df279192e885276c49e

SHA256
ed716a7148ef019648d1ecbda5c781d9bb8dc1498399c247a1f42298a2e8e766

SHA512
6fb056b57c3fa823b2ac8e547e0fddc7c771f8b90412ff92f7dd642c2e21149853abe25532df9a1b9166ab7a3a8720bc1793379dd1e855ec6c266e524f8e8eaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
32f26aea3e78d41e1fb03fb035649e5f

SHA1
e4ca871b45b1e77bf89b03136ecdc240acf1a147

SHA256
9ee33be09c82f9586eecf052c1c66e63b5e94bd677fb84318b681d2897708dbc

SHA512
a7cc7e5d05d563d72ac640db57fa391407d3037ded7fb2c7dca651550c39e078a14220c1bdea452ecc5f52f01a96c92960a1a38bc55e948f987f2bc5628fabb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a0ff084b2065d90e8b7a421f4a1e3c1d

SHA1
93539f12a70a298bd03ee2d899533217d0218664

SHA256
4abc0c7c1f4cf25170f25e7225eda3acd4b094ccf9d741ff479520785d5157ed

SHA512
d48bb0ee714d2aa44c4e8f20f1cf7e28728fa196690de7f0860b163821db503beb56a472684914d8bea0e354ada80c6e72624bb409e307406be4f7b5ecf1d950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
abb64cb51336d9fc97ddb294eae84f93

SHA1
f5d11a6b38b17ca586bbb7afcf39515b9ca5a518

SHA256
5dcc2e8e0b8d09174f3d0a83b36a4148ffe552e9d63f6c51dcbdce4e0ee5b4fe

SHA512
d91274a51c8f6638ae032c11d65b24b0bd0d8fc7137767f3d18dd393bb3dda03dc7bc103a3b1336fd9269984154aee23afa50f3cc3a303e6f424401b08b9db26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a3df887584763bdc08f66d3aa4b8739e

SHA1
39cd37ce803ff61ac3853b9738ddb061e535611c

SHA256
90badd3457ddf7b730f3bbd64cc4decfb417c02afed9a73ad41ddd34e53e0c91

SHA512
82a3850e8a095c217fb71b7beded03b672bd9b708860bf273c5c756e118ecfb138b2dbd8ee2b75cfd329fc0b9f6f13488c715f0cfddbae0bfc1d33322a50a474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
36d364df8ab65d46ed2a20eb90327a91

SHA1
f50112f033d31912ef78c8e284e21ba057ba4e53

SHA256
f9d904c595bd7cd8b5ce79dff42de7b8c98971195ba305e248d28484d4dd5888

SHA512
04bac2626dccebf7520437040804d3b0a5996385b2681585463511139f7dfe95dae07df1b84feacca15b844a717d42f7fa907577d29f784ac2a82ab032905140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
59d2944e48e54c34eb693a1861028185

SHA1
c5d6b703f0a17127b9582bc0786fd5d480a7498f

SHA256
35ac8b6509bd94dc6bf42683b6e28d4ef5107fa4bb5cbcbc6567183885fa1d8f

SHA512
55e6f77828e4a9c254c5c1a92dfbffbc0ebf156e8787ee757c85adc9ad32b7d2722e21c9ae7966ae8614fdc97389ce6e796bc5ad162daa333482e2c3c011a52c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d342742388a323c1a74fb2a2fbedef0c

SHA1
88ebf9b91f83f44a7d2c9b44c886951138cc3b17

SHA256
c60ffd4c70be7074d9f2abebd65dc4c8f454c11892ab170f22ca110a03f86fcf

SHA512
4007c76ae83f1120521fd11d2b8542e39c1cf14891c79a16aa6f72bee10d5f88635e1cd59126d56a2163bffb7d3fe80657ef5d58d33f946a996ccf3b4b46a5bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d34a9e343d4f2f9b2f80169d310f643e

SHA1
1c545057f4bb43a07d1decc09b951e0cc8f26cce

SHA256
3ee81862e2fc7a90e1beb0f27f83e3ad9a4e93ab76cf4cc5f4e478340eb1260e

SHA512
9e14ad0d7b080f68e56ac7ae85caf2d223ba70afd937fe0556634a155fd0609b4f5dca151b4a7395b3eb281a12f71f695e520ebc62e4467f5aedc106e6e6777f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
e6daa0893cf6ac365b5d8d35c8dde00e

SHA1
f3606f65d4167cce6757b8221808c25bae7a06a7

SHA256
23e82f2ec4ec020fdf6dcd68b44f4e63f16fb2eda6b4ac211503c0f11b586bc6

SHA512
83af34528cb70d638a368cfc44ee576070961dda8e0bfd9533a4f1fae55519239524b968114791ee67495fc1c93bfb413da47a743fe182afcbd016bef4078b4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
256KB

MD5
94bd82fc5182585126900354eb2dda8d

SHA1
5ed3b71fb691610ba4df76117f46828a56a352fc

SHA256
6fa0203baec4d1cd065ffe5d7870faaf04c2f678fdf21d87526adc7823f5c95f

SHA512
da5ec57ce9a762c34a4b9e36a045f22d7f6fc976acb50e2711a2a445ddf5198ec052e53ddbb7a605b5fc988fc11c3e23481199d6b388f78dca9156c7d61f9354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
215cb99c51f4c8619f13892138ff584a

SHA1
baddef1a0e27c0c78bc559b0e2446ee1080eddfd

SHA256
f475b9e06403911d70702d9e57c38a190941167a819cf283ea73c19ce3f9ce08

SHA512
f3d8bbbc9d46d4c1697958fe92984510a4650b33ea68dfbc15db29a61845b331e8a2ea3b9f0c962362f4c5241cb47c8ea4ce058f0d7c89d6b95d45db9e1cb721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a73d9.TMP
Filesize
83KB

MD5
ff74a85c3334564611729b66ca79ffb9

SHA1
2faf54a8a710d84b36f0ce2fcad52b2edc29fd69

SHA256
1d1ee73eb7752e0f366c3b9f9eb92dc2cc9d89c30358e2e55915d812275401c8

SHA512
eebfad38c39ec141ff8f0e207d6a17589e8a7768a616b4fb8cc515e70ff2ca1eb665fb5caa8390b22a1b6aa16e05147c7689cf881a834da076278f8d005b960f

Download Submit
C:\Users\Admin\Downloads\FakeWindowsUpdate.zip
Filesize
604KB

MD5
9e94a2a8c092b611420f8bfdbac7beb8

SHA1
38e21ee8cfa81fd26dabfb0923b108b54db6f409

SHA256
8f8f4fba17fdb1538ddff73763cf6bac274f2dd1fd53c4656d45f496ce690f12

SHA512
dc550716d82bbd3f44ad25f67d8d894d94e5cc1e15c996c9a6e3d9fe5fa9acfe5d2b9134736d72c4e2a72434298e6419987319242776e7bd68e0a87783c0fef4

Download Submit
C:\Users\Admin\Downloads\FakeWindowsUpdate.zip:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_340_EFBBUFGWGOMDJCMT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2336-497-0x00000000748BE000-0x00000000748BF000-memory.dmp

Filesize
4KB

Download
memory/2336-471-0x00000000748B0000-0x0000000075061000-memory.dmp

Filesize
7.7MB

Download
memory/2336-472-0x00000000748B0000-0x0000000075061000-memory.dmp

Filesize
7.7MB

Download
memory/2336-468-0x0000000005390000-0x0000000005422000-memory.dmp

Filesize
584KB

Download
memory/2336-467-0x0000000005890000-0x0000000005E36000-memory.dmp

Filesize
5.6MB

Download
memory/2336-469-0x0000000005440000-0x000000000544A000-memory.dmp

Filesize
40KB

Download
memory/2336-498-0x00000000748B0000-0x0000000075061000-memory.dmp

Filesize
7.7MB

Download
memory/2336-499-0x00000000748B0000-0x0000000075061000-memory.dmp

Filesize
7.7MB

Download
memory/2336-500-0x00000000748B0000-0x0000000075061000-memory.dmp

Filesize
7.7MB

Download
memory/2336-466-0x0000000000840000-0x00000000008FC000-memory.dmp

Filesize
752KB

Download
memory/2336-465-0x00000000748BE000-0x00000000748BF000-memory.dmp

Filesize
4KB

Download
memory/2336-470-0x00000000748B0000-0x0000000075061000-memory.dmp

Filesize
7.7MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads