84de10c1d9a28efbe70d63bb127f23902cc9ebaf61effeede17085572d4878a3

max time kernel
1799s
max time network
1715s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Monoxide.aps
Size

144KB
MD5

f7d3cae315be90f7dbfdff123067b6ef
SHA1

a565254c22714b5fa19f2a8e80f99a3e0dadeae1
SHA256

84de10c1d9a28efbe70d63bb127f23902cc9ebaf61effeede17085572d4878a3
SHA512

cc1b98aa943dd9b90efb676d2c9b16a8c099959d8cc3da58da8da870557f3a624515fc88f4b8bbac6ff6b98bb2a0311d893a66c1347817a75196d370981be755
SSDEEP

768:S5N5N5NSrpWeq6LOrrrzzzz7DDDHjjjIWbi9E3AAq/L9YO3Iz:S3336DWbi9E3AAqDI

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608568420297105"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2084	vlc.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2284	OpenWith.exe
2084	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
2084	vlc.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
2284	OpenWith.exe
2284	OpenWith.exe
2284	OpenWith.exe
2284	OpenWith.exe
2284	OpenWith.exe
2284	OpenWith.exe
2284	OpenWith.exe
2284	OpenWith.exe
2284	OpenWith.exe
2284	OpenWith.exe
2284	OpenWith.exe
2284	OpenWith.exe
2284	OpenWith.exe
2084	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 2084	2284	OpenWith.exe	83
PID 2284 wrote to memory of 2084	2284	OpenWith.exe	83
PID 1968 wrote to memory of 3992	1968	chrome.exe	87
PID 1968 wrote to memory of 3992	1968	chrome.exe	87
PID 2156 wrote to memory of 2412	2156	chrome.exe	89
PID 2156 wrote to memory of 2412	2156	chrome.exe	89
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 2064	1968	chrome.exe	90
PID 1968 wrote to memory of 3356	1968	chrome.exe	91
PID 1968 wrote to memory of 3356	1968	chrome.exe	91
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92
PID 1968 wrote to memory of 4500	1968	chrome.exe	92

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Monoxide.aps
1⤵
- Modifies registry class
PID:3968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Monoxide.aps"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffba8c7ab58,0x7ffba8c7ab68,0x7ffba8c7ab78
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:2
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:1
  2⤵
  PID:72
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3260 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4196 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4148 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4456 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4604 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1816,i,8174428873877753341,6332428107950370130,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffba8c7ab58,0x7ffba8c7ab68,0x7ffba8c7ab78
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1808,i,10368526676763936784,6760809651142665208,131072 /prefetch:2
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1808,i,10368526676763936784,6760809651142665208,131072 /prefetch:8
  2⤵
  PID:1856

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7a924cbf0412e1de06b0e38590ecb6a6

SHA1
db32fdf7c23f28a2fd3350dbd94ee25ce78b615c

SHA256
6ae5ffbda60d117944970cb446612309126b1f131f52f904847281ed4fcb8e54

SHA512
7feef2199bf9003eed113aefd0d28f0cd359e26daf9bde23d918a39af0a9815c641c3befb1650b86cd121bf98d3b899c852cf81a89dc1e416ee3f7a423fc86c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
483cc0f9a379256603966bf4172f100a

SHA1
89383eb0da088a68f10fee9c7200bb126e546388

SHA256
cfd12b9e5fcfc92609484d8c8981da098542017319c6a12c11b979ea67d68117

SHA512
c711d6617f2805abf8ef2af01074ca58340f74081ce92ec3308892581fe054bcbcd0e6b5db84d517bb6125d5c1b098c208dd5fdea88fca2a756dd15bb4466efa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
cfc1e24be2899435f0dc80d9e94524c7

SHA1
2f836752b649a90b44d4be46c229b387b749ce40

SHA256
cf5fb7116b08acdb112704438c5ba81cb524598580954de2dfea1399e32e148a

SHA512
30083ce45ffb9bcbd8d2fb936fd2b99e0039efb28b2c7703913ab81e1f1465b002c0dfe868af41baeaf62a49b432194338f4b4737c47dfe29fd299ab4c74ae84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3539dce02ad8dc352c67bd499137b25f

SHA1
6d4439f761a4098b9152dab492fcec7075abb0bc

SHA256
fade8d8905f15ff64f33033b831cc5f6ae7d59ce901943028c3fac35899b04bc

SHA512
dc49f37196e3a70d1fa903032500bc55f9255348993aea61c81ac1d1d822569e01d0896004f9daa9bca97bd997e8c8380cd06b1fda5eb76bd84d70a6e377662b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c97cad98cb3781e230dab7277243c9b9

SHA1
e06a6c836a468be6d48671525045046576813879

SHA256
dbcf18a1fe14afb087e1a5ab8ad885e71a51b23ad761607fc9dce909e2d09fa2

SHA512
b619b2ba629a1cc3628389cc4ca7282f3de1018fe9d481c35147a772630c1bf8fb009bc0054bdda0f9ad1b62defe692cf256f2c69e7c5080be50aed74fbf0200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
45ad1a2af4a36d780701f1550b3cfcd7

SHA1
ea339acd789ee069a125030f57251acf124cf7c9

SHA256
41e236fc6fe35c34e7c06f93e01fce8e430f6b75351e4205637e59f3c9603b12

SHA512
396844128635faa73a901577f9785f9a728f8a7d0351d3ffd077e08d064f54de80e8739028a0a993486f2e9dd0fda8e706e80fb5afb2ae75bd6c5fcd57ada694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7466013d7cdecaf83c640e37ae5897b1

SHA1
f10ca9c7a2647a09f2c2910fd36ed6f0e39989d8

SHA256
5f83f83d96d62d70d5d418e9594b8371854ba3909ef23788c981c4735af47beb

SHA512
378c0a63d06d2bc1b04cff3af768eee367d5304c48f2dd49d6b947bed8a7acbd54362f4efb814da56aca800956d349d137f0d479b7e96058a203c21f764f674a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
360060db6c83f435b83f481c32e4b34e

SHA1
2b81daa662ecd03d2228f34622a1343ca5fa19d2

SHA256
3b0c31179866d02e96bc22056c17e63408a0c58b2b2673c44c029945053b3dfc

SHA512
36ee136d76b6ba986f4cfaaa96d16a30592b8e04f6a78fbce28134ee3233454edfd3a26b3aac3532cc17ad12f99c52c99d525a91676c6d83e95f7f2f8e6b5b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
3d290db3d2eb2afdf2ce11c1f0402cf3

SHA1
67b337f23aa62d4ee57b26549111054f480d0840

SHA256
963075fe0d2d42770dfc3f6fb5583417857a13e3d6a16706d6329e002009b08c

SHA512
294cb28382e8bdf3316b9d444b478382472433a0674b961367eaa6bd144b9e814e886c19121f09c7ecb17875ecbb4f22cd675fcc08d9583fe71629551253d1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
049b6b5150139a33eb8d0ecad6b538c9

SHA1
7761c358807608bc728fca8c4d98a33a091730c5

SHA256
aea3db590022eeb90bebd8149fab96157ab5cfb1536521283404980e916916c5

SHA512
577262c872a12cb0a22c6bdd450c87ca99b71622ab57bee7658a68bf620551c3f67aeb85ca54dd2c8ded5c90de8f962579775f260493840cdd4e68e3612aaee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2f30ab14e139344c55d53e96d31dbb63

SHA1
c55ab03b75746ca171d10e24bb6ea600e78502ad

SHA256
1ce2ba450a01173268dd1eeaa06968108d49959a2b50dcc048a18565d3a29936

SHA512
41f5b82f0c4cfcce244b0e88a7c5407e913a6c830b649c13f2c0c6a6d73dc37f1715c5598cfff076e835d543410be5121b2a290527974c7a2ef0dc62d433af55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2b48022adcfcc318ce33172f27a823bd

SHA1
71867bfdbdc79886625670de1f20f86d27fad42d

SHA256
47eb2db363286a125db46031205e2024daa2b5ac017447170fbe14e923fc88df

SHA512
3853262824d6b68771fdc554be7d2968222330916f8965975bcbfe96a7fa6674f2885bd310fee8741cb1d5bfab4a05412464ad78c30716083efc9c7474f0558e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
68f0947b3eb23eb4851cd914d9cac657

SHA1
e29c70618b50d1113958e80f5eed2d89c48b9f2f

SHA256
0d5b3fc787c954f2f64078e39a1130236a55d48128adea2bfb4eabde50cd59c6

SHA512
cac8381eb2673630ec80411ad0df73e2d014fe0f0cfc7ceab35a027eb451708a3713886b273c1a1f6662bdd44edf794054bc132ee274e847d43760956ef31ae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
15887a0c786c0c663213160bd7dc6987

SHA1
3223924a1b63230ec41f2f5e630460bf0dca99d5

SHA256
df7ec341f3c76830d5bf5065cb40eb7a45b8e8cb45f0fb5dd988928609488461

SHA512
bc0bfc52687ce19b9f1f29c370e893b253218addeb80f5cda6fc207d3746b970f0001165d3046618fad0f022bcdd6292a1f4ae03bb0b7c830e6b8403d2ab1364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
530217d60ecbfeefd0dae440b8efac38

SHA1
991c5a27fb3dedf690a73cf5059e599f3285a026

SHA256
30b4383bcc261adae870f36f495c1d33d202a8c2b47bd6ac740ccb1786a82db3

SHA512
23e3eab6961e48b3fbe0795a7dcd8d732b5306e2943fdeb0324034f6dd2dbab93c59dd3f00610f86dd6125a81ff37ea4088cc4421df946832b67b3f4e11d36f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5858d9.TMP

Filesize
120B

MD5
28bf6cc7f207af45365f37832dee1d3f

SHA1
30310be2bd2abbc258b56a0a43f136836d454c9c

SHA256
da10b1f6c10cb020cd3b01f069375dacc0f9f22f96c5b5d4ac85a86473e74777

SHA512
b19179e718e552fdbcec485282bb5be1a065952aa4f5971383dc428e16621b5898d493ee05b262114d267c76bb716f3df21a6b7a402ab45444e68d9efc74c6de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
d11051acea54328915a9d76949dfd75f

SHA1
c5c2b62dc4d984fe22dccbcfdb0f130231bc9cea

SHA256
9592532d65e5eea6382b09c5b1bc8b34661b8d3931e04aee01c1386b787608fb

SHA512
8c5465acc4128b9c108f00e827db2a6628b9f9fb73cc008845c2e535d1e8828ec865fb88a12b2f72f7f4eb4f78dd3c06788f9a6613085aded41d71c0d5231b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
b0636e9cbfb7afb2e48e11169d873eb7

SHA1
a74264b1570ef7289875280421e08eb420472d49

SHA256
7e3e79be2f3af095b6656e028db0eca30f704381f4320746f935e2122b913fb1

SHA512
107de3b2efe787f16f1b9fa1edebf87d70030a605dd0dcd008a3748dfe1d002a0d4031a3e4a887f5ac65f5feffd9a4bcea903c09b16e1986d40b28a1bcd7237d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
85B

MD5
ec6b9ff622a054f25dc70d82db5a8055

SHA1
f542a2ecbf8405860035b7f5b3e56fdef2c3dc19

SHA256
611e0e1c7fe48509a4883116eb091acd8283896f0d4adb223bf65e38361f4f75

SHA512
779799d08665f25e096f36736fa3d2ef43807224d68413a426364fbd982aaa5e19cb6f5f20ea26d2835da6df7ca5b6bd76af3fedcc20d2039f62cc85b9058e56

Download Submit
memory/2084-26-0x00007FFBA81A0000-0x00007FFBA81C1000-memory.dmp

Filesize
132KB

Download
memory/2084-36-0x00007FFB95BF0000-0x00007FFB95C6C000-memory.dmp

Filesize
496KB

Download
memory/2084-17-0x00007FFBA86D0000-0x00007FFBA86E7000-memory.dmp

Filesize
92KB

Download
memory/2084-16-0x00007FFBA8AC0000-0x00007FFBA8AD8000-memory.dmp

Filesize
96KB

Download
memory/2084-15-0x00007FFB97160000-0x00007FFB97416000-memory.dmp

Filesize
2.7MB

Download
memory/2084-19-0x00007FFBA82F0000-0x00007FFBA8307000-memory.dmp

Filesize
92KB

Download
memory/2084-52-0x00007FF740510000-0x00007FF740608000-memory.dmp

Filesize
992KB

Download
memory/2084-54-0x00007FFB97160000-0x00007FFB97416000-memory.dmp

Filesize
2.7MB

Download
memory/2084-53-0x00007FFBA8370000-0x00007FFBA83A4000-memory.dmp

Filesize
208KB

Download
memory/2084-55-0x00007FFB95C70000-0x00007FFB96D20000-memory.dmp

Filesize
16.7MB

Download
memory/2084-25-0x00007FFBA8240000-0x00007FFBA8281000-memory.dmp

Filesize
260KB

Download
memory/2084-40-0x000001ED54550000-0x000001ED55DBF000-memory.dmp

Filesize
24.4MB

Download
memory/2084-33-0x00007FFBA2DC0000-0x00007FFBA2DD8000-memory.dmp

Filesize
96KB

Download
memory/2084-24-0x00007FFB95C70000-0x00007FFB96D20000-memory.dmp

Filesize
16.7MB

Download
memory/2084-35-0x00007FFB9D090000-0x00007FFB9D0F7000-memory.dmp

Filesize
412KB

Download
memory/2084-18-0x00007FFBA8310000-0x00007FFBA8321000-memory.dmp

Filesize
68KB

Download
memory/2084-37-0x00007FFBA2DA0000-0x00007FFBA2DB1000-memory.dmp

Filesize
68KB

Download
memory/2084-38-0x00007FFB95B90000-0x00007FFB95BE7000-memory.dmp

Filesize
348KB

Download
memory/2084-39-0x00007FFBA8F40000-0x00007FFBA8F6C000-memory.dmp

Filesize
176KB

Download
memory/2084-14-0x00007FFBA8370000-0x00007FFBA83A4000-memory.dmp

Filesize
208KB

Download
memory/2084-31-0x00007FFBA50E0000-0x00007FFBA50FB000-memory.dmp

Filesize
108KB

Download
memory/2084-34-0x00007FFB9E390000-0x00007FFB9E3C0000-memory.dmp

Filesize
192KB

Download
memory/2084-27-0x00007FFBA8180000-0x00007FFBA8198000-memory.dmp

Filesize
96KB

Download
memory/2084-28-0x00007FFBA80C0000-0x00007FFBA80D1000-memory.dmp

Filesize
68KB

Download
memory/2084-29-0x00007FFBA7E90000-0x00007FFBA7EA1000-memory.dmp

Filesize
68KB

Download
memory/2084-30-0x00007FFBA5100000-0x00007FFBA5111000-memory.dmp

Filesize
68KB

Download
memory/2084-32-0x00007FFBA2DE0000-0x00007FFBA2DF1000-memory.dmp

Filesize
68KB

Download
memory/2084-20-0x00007FFBA82D0000-0x00007FFBA82E1000-memory.dmp

Filesize
68KB

Download
memory/2084-21-0x00007FFBA82B0000-0x00007FFBA82CD000-memory.dmp

Filesize
116KB

Download
memory/2084-22-0x00007FFBA8290000-0x00007FFBA82A1000-memory.dmp

Filesize
68KB

Download
memory/2084-23-0x00007FFB96D20000-0x00007FFB96F2B000-memory.dmp

Filesize
2.0MB

Download
memory/2084-13-0x00007FF740510000-0x00007FF740608000-memory.dmp

Filesize
992KB

Download