Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://inspector.pypi.io/project/discordreactive/0.7/packages/f7/f6/ff0ab33489843b6891125fe516296efae08328bedc2ec2e15c3ba2fe0987/discordreactive-0.7.tar.gz/discordreactive-0.7/discordreactive/utils.py was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 18:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 18:28
Reported
2024-05-27 19:07
Platform
win7-20231129-en
Max time kernel
1475s
Max time network
1561s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://inspector.pypi.io/project/discordreactive/0.7/packages/f7/f6/ff0ab33489843b6891125fe516296efae08328bedc2ec2e15c3ba2fe0987/discordreactive-0.7.tar.gz/discordreactive-0.7/discordreactive/utils.py
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6e99758,0x7fef6e99768,0x7fef6e99778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1372,i,8077230474054983322,356216964003199556,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1372,i,8077230474054983322,356216964003199556,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1372,i,8077230474054983322,356216964003199556,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2232 --field-trial-handle=1372,i,8077230474054983322,356216964003199556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1372,i,8077230474054983322,356216964003199556,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1372,i,8077230474054983322,356216964003199556,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=1372,i,8077230474054983322,356216964003199556,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | inspector.pypi.io | udp |
| US | 3.16.119.39:443 | inspector.pypi.io | tcp |
| US | 3.16.119.39:443 | inspector.pypi.io | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 142.250.75.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
\??\pipe\crashpad_2364_VXZHICNRMWUUFSWF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5c2f553deb261dc6a6b748d603aeddb1 |
| SHA1 | 2bf19ad14c1549c2032d5cb59b1ef1bb32710fbe |
| SHA256 | e426f5b112bc8d55aa82355ce228c042a2444577d920dec49e32fd2fa1b40860 |
| SHA512 | 1e82c717d9c0452a4e8bb7b326fec10da73e557bf231a07bcb5739aa1fd50879e2b22d3a01db8476ed1dbf2923ce676f2201507305357c4d061b99867e4c78d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c2454d4cdfeb457479e8ebe113ed8a3 |
| SHA1 | 2b2aa87de1d471813e9716bb5e4ae3c7b99171cf |
| SHA256 | 826985af39ecfee811e888b48c016116a7ddddea8fb13adb18c52866cd7efec4 |
| SHA512 | 01b50112aa21e1c9d7dce3d4c896529d4dd4a2c140e862e48b96385aebf3faf9f8ca6756b3b957bd1d78f951c62ae87d726cbad3a0c007b82b2a9c45befa4424 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ae1de6a26e1eaec2ab99f61805d67fad |
| SHA1 | 416fbc898338a90cd9ce9ef02d5b2e5f0c1f89ab |
| SHA256 | dc5e7505717e32c2627d7f2cb4c3331557afaa0c593846abd536a2a57142be73 |
| SHA512 | 26fb0be940f45fc91b0a074d5944eeaa65e1fb1bfb47ef90db5a4d85b3c8484df719fdbde53f3389d892746ad4437fcc5bff0058ced86ff6d9dc5aeadb9c2f77 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 18:28
Reported
2024-05-27 19:10
Platform
win10-20240404-en
Max time kernel
1799s
Max time network
1685s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613088448051219" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://inspector.pypi.io/project/discordreactive/0.7/packages/f7/f6/ff0ab33489843b6891125fe516296efae08328bedc2ec2e15c3ba2fe0987/discordreactive-0.7.tar.gz/discordreactive-0.7/discordreactive/utils.py
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff1c899758,0x7fff1c899768,0x7fff1c899778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3820 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2520 --field-trial-handle=1788,i,6243741188801160705,15166307711451821045,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | inspector.pypi.io | udp |
| US | 3.16.119.39:443 | inspector.pypi.io | tcp |
| US | 8.8.8.8:53 | 39.119.16.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 142.250.74.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.74.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2856_QZSPZDXHNCWELBOM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5668331129069c7500f1ec8d65ab542b |
| SHA1 | 9afb39698d34280b0eb80b1281874b36e809d801 |
| SHA256 | 56b390a3923c54bd9c9042ed6802ac84a45b2b4bb56d60c377dba4d9e3406dc5 |
| SHA512 | 5dab11ee408491ac2d7c769fdc1b241c9bfbe3fc9b064b697650838d56f0a630d1947206f203974729686c44151e77b9baffdf9af62e6906e24092a596e0bc45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 10fbcdffa8d8a6c376efbfe14403f0c2 |
| SHA1 | 57ebff6ea810a819ef09711f4c2bbb4f67f85acd |
| SHA256 | e35f821c2f18bf312cf005afdbe5f7474625a2e4686bbd98d2bb5ec88e262e9a |
| SHA512 | 04e7dcc598ae0b270619f684ddc256a0ff9a5808c2fa5f5da1737c9fc77f541c59bb2ad5fc755e9a0da6d13721d0fc8fa7407e27dd7c389ccda762e58cc11fbf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a86e28b8346a77a72a477b73ec64eb9d |
| SHA1 | fbe46583bb269e47b77a802c19bd14446f9a081e |
| SHA256 | 1b11f98506975f26d2569cd2bfdcb1346ba4730809e3428e7d846c76f7184e06 |
| SHA512 | f606f7e35ad836f01be3fb4de67b73f70483674bde747cd76ee12dae46a661254067a913dd333c56f9d546b71468c1f3ffb466e4b14daf8d606e9be9781377fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0c3dcdc833fe5bf3590d4a5fe08a0976 |
| SHA1 | f369ea4b83b44333b3969fe7c033c8e2d13c4f4b |
| SHA256 | 1feec55e237c988bb8bb2cabdec5b5442b7ccb78cebb761830cfb77c08cad4f1 |
| SHA512 | c5b3eec2e8517178c6fc112ce13ac17da24ba81abab995e7d441d09a9f0dc8445b20d7766c0264e20cfd287e6e3cede7cf3954447a068830069a77c26879130f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a23d3c4dc94f53c9b74363db118b940 |
| SHA1 | 062a4c49040b32f110e4bde0bcd7e31d699de456 |
| SHA256 | 4ac2265261caa60ce4a87453c470f517d3e8420280546299cf3bccd4ee0e6efe |
| SHA512 | fa52ce1b0a840b3360a10617332c0a6b4b36e373cdf976c05f47cc22f219f1c3fd358fa297d14a6b79b70e35eac53c359735919f7a99d068d46e56f4c28ca263 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | db096f6050c630268aaf38d0209c15ef |
| SHA1 | 478e25358a7902a7baf439bc091ddad829986c6a |
| SHA256 | 712b498c04a9e6741d02cb0371355aead362bf1eccc5f7c31163b0cc98a09598 |
| SHA512 | 5ecadd6d19d21811ed4bbd694a603513d9d74bc9ad391e11b7008768ae0d91a162ba1017433d3b7b794a03d146e0a3881354fcf41b760037325f38186193c9d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e5947ded718dc06ecdeb984bca332db5 |
| SHA1 | 7b31e7c9b9a72ba92c4ea3bc1bfd4d8953dd867b |
| SHA256 | 399aa0959802b6e111ffad298968e63aa8be37e41175b20aab9041c2caf80590 |
| SHA512 | 360b664aa1750a2645ed8b93787279fa3573382e8655c1c254e770069dd8c145a767037ef37e090bddb2845b259c1d8a50e7f573b155a467f5e550496b3b6f7a |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-27 18:28
Reported
2024-05-27 19:10
Platform
win10v2004-20240426-en
Max time kernel
1799s
Max time network
1687s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613088510088795" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://inspector.pypi.io/project/discordreactive/0.7/packages/f7/f6/ff0ab33489843b6891125fe516296efae08328bedc2ec2e15c3ba2fe0987/discordreactive-0.7.tar.gz/discordreactive-0.7/discordreactive/utils.py
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffd3fa1ab58,0x7ffd3fa1ab68,0x7ffd3fa1ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1916,i,8169448656982653819,15341994197138664119,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | inspector.pypi.io | udp |
| US | 3.16.119.39:443 | inspector.pypi.io | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.119.16.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 216.58.214.170:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 170.214.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.229.138.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5d4d61c57536f2b20c5bdafd74c1155f |
| SHA1 | a8c1e548904b10bc82a8883fd237f419a4fc3c75 |
| SHA256 | dab31708e4233e3831ea53c262f422e18f8c5575a04d84204b1e36b715d04a41 |
| SHA512 | dcdd9d730a003cffa9d7a12c340652462fa8ebb8c9eaecfaa914e946eca567d13c54237545202315a615b7815d069d62034c6f183ecd21a725adc0e44e108562 |
\??\pipe\crashpad_2656_YYOLCYIQBQIBXCKC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5cdfb1a0-497a-47d2-bb3e-3f5353da4203.tmp
| MD5 | 43a70fb51d5fcc217a7d150f34d63252 |
| SHA1 | 2a36137b6dc6e47d72ef1aca86e6b45cd1926c02 |
| SHA256 | c4a98be4ed0cf184e53fdeec38ec79f55fabbd088497414a581deff0145f6922 |
| SHA512 | b6116ce97e6d041e1e055aec53c55ae9efe2e617a372a555c60a938d31ac72c3ce1f21eeee87fb53a93e7f9593f646fe97909dad8c7e0d8a88cd79f871b1a84f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 45bd2988e967f7687a5285a6f20aeddd |
| SHA1 | 794362cc2b551d55257099409ac9a131b69b2504 |
| SHA256 | 958274d933eb85d160c375500557582b26b643bb40d122caddab7b94b657f727 |
| SHA512 | 120edb2807e36d3081ff44875859763bfa93f3c7561898fb54680d9c686ae4442db84859e7cb10f3ae3e1d2fdacb94495680ee2417b83ba0f08860c3add5bcd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dc8df38283e7bd6f1e01fa877796eab1 |
| SHA1 | 2657023d40db9c78a2eaa4f15ad2c733f4464cd3 |
| SHA256 | 787307569c76bf668f8007116c9e6e7f71ca55300f8c654ac85569b8482be2d8 |
| SHA512 | 407bac22e2d296a9b1a10afd5b0b500ae548999d42239cdff7a1ed107576f236bf1899f5de9e3960eea6bb3d5c8ec406f4c4b2ede564bbeb70cfbfb438d5daeb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 829f1ed1df3c285a661d6371f2f867d2 |
| SHA1 | c5861e5028d42ad40d4a9f0a458b03d61d60b93d |
| SHA256 | 853504f7ed87af59ee78d31ac3a354cb2945e39b334c1aa037587edd4a99d80e |
| SHA512 | a550cdfe25f13ba371c22c0a57a6fc9eba2fe7b1f547c0aa38486d9fcdc2a20fd3924903abaf54201536fb4090e5cdf937794343fba70ec34de090a5bd20b076 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 8d110a02ef8ab7f330dae140c3fe8edf |
| SHA1 | d22f036607aa5557b184d04a092f4bea2ead4fd5 |
| SHA256 | b49760bfcadb0859ad36c98432da90cd0824b3251ab3bf611cbea5511cc21f46 |
| SHA512 | 7c3fec15667efde17fc2ae3d01e0a7b0dc5e3e387e11f93f9e25a438d4bc07430bd99a8239848baacc0328ca26e6a616dd75ed6c16b0aca483d269dbc84574e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d580.TMP
| MD5 | 15e15430ed3dd0199a8cc8f8df7d28c7 |
| SHA1 | c5cc0a51b3d5b4b5eb090efdab39cb6d6f174a27 |
| SHA256 | 9c7905e466aab201e2c9865a8ad8431c64daad7a64b3c9dc0808ba88f5b7d17d |
| SHA512 | a7d25309d83120a7d6741e21379e66c823145bcb0ee5c31e0d996c442483f396f62f57bb5874cfa1a849b69e45ae0857da6d439afe6a9b307d411cf5bdc20e8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d8ba1584d8f6ba598393f6c2b2490652 |
| SHA1 | beb9a7efc828a555ddf3d27a0fdc174563764f41 |
| SHA256 | a40dc4fa44eb81f7f19b6d617ca01bbebfcaa4cef8a8b647cc98402693378862 |
| SHA512 | 3a1ab57975f07e6b2b249d7ab9e86da5dc55bcd6343c393592989d6e9cabdb39b3b5fcaccb69a78a7329d1fd1fb53f2fddca34a0dd01e483657a8bbaca097f71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9f2ea251d3fe33677f58b7e0d8f4034e |
| SHA1 | 19b125dc9512b799dabcfd1cf7b60b8284bb7445 |
| SHA256 | 2c8f55ce708674c7a56b8bcb90e569b6037600d443b5ef904faabfabe8163a7b |
| SHA512 | 9f78b92220b839121823d1c5c5fd51a067c61590603b08f388b091fb79fc3a400d49266113b35bab320bb2d6c4824e3f0198ed6575758c3f0e0467d456a7e79a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bf26557a7af49eacef75d1ebd1154e81 |
| SHA1 | 44fffa3d25c3501aee02f481884e4403ead3297e |
| SHA256 | 1d427b0ef13b012d031b5ea19289495499058385f1d361d5c11432a52b8b1042 |
| SHA512 | 12c977a85d607cc03e789fa8cf508835323847b6d9542468a53ac3051e88202d89434fe0dc7f1d83a24f903f0237f026acfe3243e9c1ea7cf649f002e388386a |