00304df98f53530d2ec1f38078442f3eb70fe0ee7d915ce2268c754b126a963d

Analysis

max time kernel
89s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 20:33

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Solara.zip
Size

459KB
MD5

aae266dd3adeb883645fe988beb9f7f2
SHA1

506b4535d398c8a8d807c155d8ab0cbd5e6b6829
SHA256

00304df98f53530d2ec1f38078442f3eb70fe0ee7d915ce2268c754b126a963d
SHA512

b2081e0abb302492c7a6f80af54360a2dd38160063f4a7c736dac6e36a543d62d114bdbabe650de68b42800be44af7681473c4b38eccbe115135e0b9e8880f6c
SSDEEP

12288:hq4z/KNGAm2Zw3NNYLepb/x5HmhO3uu6ZWc/VWmJzFiW2/Y18j6:44TdrAgNYCxlm03uu6ZW2VWyQW9M6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

LogonUI.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610564557255902"	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "217"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4920 chrome.exe
4920 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4920 chrome.exe
4920 chrome.exe
4920 chrome.exe
4920 chrome.exe
4920 chrome.exe
4920 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe
Token: SeShutdownPrivilege	4920	chrome.exe
Token: SeCreatePagefilePrivilege	4920	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

chrome.exe

pid	process
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

3580 LogonUI.exe

pid	process
3580	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4920 wrote to memory of 1508	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 1508	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4424	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 1208	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 1208	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe
PID 4920 wrote to memory of 4772	4920	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Solara.zip
1⤵
PID:3080

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff958fab58,0x7fff958fab68,0x7fff958fab78
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:2
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:8
2⤵
PID:1208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2136 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:8
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:1
2⤵
PID:3228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:1
2⤵
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3652 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:1
2⤵
PID:1796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:8
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:8
2⤵
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:8
2⤵
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:8
2⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:8
2⤵
PID:3132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4768 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:1
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4012 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:8
2⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2908 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:1
2⤵
PID:2596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4228 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:1
2⤵
PID:1212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3304 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:8
2⤵
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 --field-trial-handle=1944,i,14568085772129724311,4076610878280064287,131072 /prefetch:8
2⤵
PID:3856

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2172

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x244 0x4a8
1⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff958fab58,0x7fff958fab68,0x7fff958fab78
2⤵
PID:5028

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa391d855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3580

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
23e6ef5a90e33c22bae14f76f2684f3a

SHA1
77c72b67f257c2dde499789fd62a0dc0503f3f21

SHA256
62d7beeb501a1dcd8ce49a2f96b3346f4a7823c6f5c47dac0e6dc6e486801790

SHA512
23be0240146ba8d857fc8d37d77eb722066065877d1f698f0d3e185fcdae3daf9e1b2580a1db839c1356a45b599996d5acc83fda2af36840d3a8748684df5122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
59KB

MD5
7626aade5004330bfb65f1e1f790df0c

SHA1
97dca3e04f19cfe55b010c13f10a81ffe8b8374b

SHA256
cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e

SHA512
f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
c1a33e973354884bf1757e3b53ba0f7f

SHA1
9be317db75e55584863db6a9eec04683a5633735

SHA256
64c1838074c490e1e4d08c6ee3d9a5c16a2c18cb49cb2b8f888088ed213669d2

SHA512
5a2ea1c3d4acec2e094381bb90e4f21f5247f8631275acc5f1f43d48e577df7dc2df5379dbd72265c53fb2d0e167d74d3e8650666c40d14907a50a902d4331d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
de0f8871e088081eb3ae2978ab9850b4

SHA1
3ed5a129a062a6a07f4cc6da0d0d38f1052a96a8

SHA256
b49def332f13823f52d21a66788fe4563d786bf9f4473f1323c5f25e45fa9ffb

SHA512
32197bb78c90f473843b55c6d59392875d24d57c00337c1b10cdc777d05039dad7e754d5b3b0385590d569031c0398b8479fce97bf8225e67061f44f4a8f504e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
291d1852da53763cd50bfe177ff6865a

SHA1
5b1c51712e65ec151164990d853652b8321b8027

SHA256
54774947d319234c59f3795ce524255f549054eb7fbf07b41d9ea341d5907260

SHA512
ef6a89be885696a7810b6ac5872c1d9303d0de10ae362269733123df9bf5782353fe3cfe69e77bdd94e81579b76a92c78ba98aa327b4a66e7997fca8a26cad66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
51cd580b315ab03b3795aac08f680883

SHA1
bf92768eed7cac1e647485b944cb9b0c7c78dd4f

SHA256
9d14b17e75fb3cbb3ca7f07bbf4541e8b7875f590fa36a7ad6a342c33f338110

SHA512
8dc83d0f6211fff98d5a7f2f87f28935fba5404ab77c6865f087f4834350aaa5ae84245b4d44538520581ee3d6b0d1cb2b40efa5ae03b97a15d317b24d32cee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3b98e560c726d96c1d862c7aee63a5ab

SHA1
ae018e8647584cbef98547460978d4667b84f11b

SHA256
a4bd51cdb952eda740d8369d91672a53258c715550ee15382afacaaaa13089fc

SHA512
cb9e1bf09b2f8728d9f0064d2d42e1e356a625d0dd2f46b707145c7f096836d15c1f06d0564911df6094715f63b1753d80fb7fff617fbf118d9782c45bfbd164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
774cff863a5d47fd3272d571bba1cf29

SHA1
b42e3a9aab4a2369810e2e534e1f1eaaa32dab6f

SHA256
17c32f2f2e5bb963c7262296a55369ce9d0c35963c34b2bc72fab2f3873db81f

SHA512
38d1347acefc708eddac4e4d0ff81ba3ed49fffaec2fdf2ca90423f38c3288eaf6c616b19de1d6410d560c5ff882fa4ef3e3d65f82b674fee91080eae46d1630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
697012804d607d5edce980af91849e6e

SHA1
1154e2ff7fb0a442f1fd774805bc936618497e88

SHA256
980ff95bd898b896c752dd824fb47c4fafd95c4a50bde84cf9c40fb114ac344b

SHA512
00eff2611b40fe86a0fc6decf89134de229e4f254b2bd280a01eff70f0678f448396a4fdf3045a7e1b1dad81b62d19dc2663f926dfc03a650b45c13287c92ce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
5d305a287797464a87c4916aa9ce1495

SHA1
8d44e5807939d94ff4c0d1f0b4483af9c998320f

SHA256
1281207bd00359420cf210b078574626f60f068c151cb7cdda58c80a4cb61e38

SHA512
5821bf64c2c85373027ba3fd7bd4b3366b3e3f6958f08b822953e8ff252840aac55e4f5df016e1092a9df5e41955e017d66cb04e4dc70b8fafed244d8a434b95

Download Submit
\??\pipe\crashpad_4920_WMLMRWSJTGLPKKFK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads