0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9

Analysis

max time kernel
116s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 14:00

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

SolaraBootstrapper.exe
Size

12KB
MD5

06f13f50c4580846567a644eb03a11f2
SHA1

39ee712b6dfc5a29a9c641d92c7467a2c4445984
SHA256

0636e8f9816b17d7cff26ef5d280ce1c1aae992cda8165c6f4574029258a08a9
SHA512

f5166a295bb0960e59c176eefa89c341563fdf0eec23a45576e0ee5bf7e8271cc35eb9dd56b11d9c0bbe789f2eac112643108c46be3341fa332cfcf39b4a90b9
SSDEEP

192:cDnQvi7auc35nuKdhAWVIanaLvmr/XKTxnTc1BREVXLGDlNjA:cDn97auc35tAKIanayzKto1jEVQzj

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

Processes:

flow	ioc
6	raw.githubusercontent.com
35	raw.githubusercontent.com
36	raw.githubusercontent.com
40	raw.githubusercontent.com
43	raw.githubusercontent.com
44	raw.githubusercontent.com
55	raw.githubusercontent.com
7	raw.githubusercontent.com
37	raw.githubusercontent.com
41	raw.githubusercontent.com
42	raw.githubusercontent.com
54	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2920 chrome.exe
2920 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

SolaraBootstrapper.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2172	SolaraBootstrapper.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

Processes:

chrome.exe

pid	process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2920 wrote to memory of 1628	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1628	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1628	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 852	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2384	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2384	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2384	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 2648	2920	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2172

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef60b9758,0x7fef60b9768,0x7fef60b9778
2⤵
PID:1628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:2
2⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:8
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:8
2⤵
PID:2648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:1
2⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:1
2⤵
PID:2036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:2
2⤵
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3236 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:1
2⤵
PID:796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:8
2⤵
PID:648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3596 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:8
2⤵
PID:548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:8
2⤵
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1132 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:1
2⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:8
2⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3444 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:1
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3196 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:1
2⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3828 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:8
2⤵
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:8
2⤵
PID:788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=576 --field-trial-handle=1188,i,11320660812841554915,12322784192738532383,131072 /prefetch:8
2⤵
PID:1672

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\Temp1_SolaraB.zip\SolaraB\Solara\SolaraBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_SolaraB.zip\SolaraB\Solara\SolaraBootstrapper.exe"
1⤵
PID:2468

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1956

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
1f4d8f00bcffc7989aa46d5d1c7e2ffe

SHA1
08354f4a28da464fdb5a515b1d2ab1ac8520af00

SHA256
392636e612040550efa3b2422631612e085b6286fc69f821d1937335aba38739

SHA512
79817f78d4cdcc0bec583224a61bab731cb0d75e89ebe7d1be1468e3867f0c4ad238afc141d7d90acf3745b955d92f27c7c0103d46bd36c219f3b76b6a1cfba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
363B

MD5
37e97cb0263366d8466273763e10a683

SHA1
d413a3012731800cc7bc0e951700277c71d26272

SHA256
4cdf5d33cec33cbb9c13ea3e6ea2927604ebadbed98c38266427d1f036fa8850

SHA512
1de724362386c5b8754e419ee8c3ed54663adf804f86168946b02fa15efe353be09e3460deea2b8117bd627a39ee2aea788d7aab52f88e80797e2088b2e00633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
35005472b9016890600d9a31f4398de0

SHA1
4125565d11f22a0ead2f9da6eb69143b0ea43c26

SHA256
ae4727e12ddc6a54f3a94bbef5138227e761fd60881ebd090e5acb273a851b39

SHA512
8155940b62ac1b3b4d6a8539c169e106bbfb1ca10365ea624866d6111b7b7e5b12cb6ee7c598eca553745126b7856839193a4e9a7c487d4440a897367d8f3760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
dd4b776c3f15d440d458b123782977fc

SHA1
0e9a0ed14c3e90a770565f5c19b9238723c90276

SHA256
05851908bf9ca77fd3f53ea6170fd4a6adad1297381c294dc85af1cfd24c7383

SHA512
61da77609e60d6199f8fd7709a17a1b3576704c3d86f3656805199af76d8b5976e6d4db519c55ac006f272ff4edab2a64b77224d035d9fce181e673207f8ea01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
a58a052a51db50eda92a45859c071569

SHA1
98c0f0b1fc8449842076050163d37cbececaa1d9

SHA256
514a0b6ad114771f0c392e144a9433dd503657a3e3c89d92a0845a5d0c9da99b

SHA512
16cbf9c3356eaa083ea2c774a1ee0dc2967d30b041497d80dddaecc639132351adafdaa5ea31c799926f6f204911ad48c850c2c90fe8f9bad72c6c2a1d601700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
dcbbf493209e778bb35664fbf97dbf7d

SHA1
ef8cf8fa3d3ba159a042ed2224ed295d72553ff8

SHA256
1e0175bf81437d53d9519cc539bec67281756751633fccc6ee050e6099a0854f

SHA512
9b4f6d0cd055e47e319c833c56fbda2a4c13cd16d13b4ff451a78009acc5a4d68b79955ae96fa03ac697559fee9d323935e6f434cc937ee650f93f9ffe4b1f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
267KB

MD5
33b6b39bda7cbacf10ea41f132be3ce1

SHA1
016fb183c91c09ef6f42f1a19dfc61a75786af99

SHA256
2ef52d7c8d44356ccb4570737d07d4d0226b10fd9c169d5b8eda4b80fdeac620

SHA512
bb30069c52cf011aea5e7b7c0607a5247ac2a13325c359bbb0a36d337eeede31791868de4bd36b5b93055cda2f97714b7b50af1def97a8bacb37884deff8c8e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
75KB

MD5
cf8b59198b018fd6200663c70e4eb0b9

SHA1
61e03d2178a2c62435bea6107e544d4e9d4a94a1

SHA256
446869560830461dce11d1d7d757b4bd3cbfb20bebd58dd2eb06f15a52b3fa4b

SHA512
f9a312b106105ee86c8263e6d9ea8fb9ebb4d682baa79361940e682ac4a5424b066094eba8f9c28be4f305f686977e87922edd852c0f2eff6463cb08effd070b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4004.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\??\pipe\crashpad_2920_LDACOXGXCJDSRXFS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2172-0-0x000000007469E000-0x000000007469F000-memory.dmp

Filesize
4KB

Download
memory/2172-3-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download
memory/2172-2-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download
memory/2172-1-0x0000000000880000-0x000000000088A000-memory.dmp

Filesize
40KB

Download
memory/2468-320-0x0000000000FB0000-0x0000000000FBA000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads