hxxps://github[.]com/Bricky1337/Discord-Boost-Bot/releases/tag/Download

Analysis

max time kernel
135s
max time network
137s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29-05-2024 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Bricky1337/Discord-Boost-Bot/releases/tag/Download

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
4860	winrar-x64-701.exe
4276	winrar-x64-701.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614818034085340"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3380	chrome.exe
3380	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1108	OpenWith.exe
4860	winrar-x64-701.exe
4860	winrar-x64-701.exe
4860	winrar-x64-701.exe
4276	winrar-x64-701.exe
4276	winrar-x64-701.exe
4276	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3380 wrote to memory of 2580	3380	chrome.exe	74
PID 3380 wrote to memory of 2580	3380	chrome.exe	74
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 4680	3380	chrome.exe	76
PID 3380 wrote to memory of 3064	3380	chrome.exe	77
PID 3380 wrote to memory of 3064	3380	chrome.exe	77
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78
PID 3380 wrote to memory of 4884	3380	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Bricky1337/Discord-Boost-Bot/releases/tag/Download
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff887b89758,0x7ff887b89768,0x7ff887b89778
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:2
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5908 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=6124 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5604 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5484 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6148 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6240 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4780 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6000 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5960 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1476 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6136 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2260 --field-trial-handle=1764,i,11657008959019109031,14293915531123570556,131072 /prefetch:8
  2⤵
  PID:4500

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3636

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4960

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4860

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\e10a0b0c3e0d43f4b7a27a2f1738830e /t 4780 /p 4860
1⤵
PID:3688

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4276

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\5f60fc1577de4e7a8f614bd84f4d91cd /t 1228 /p 4276
1⤵
PID:788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f788769350efee17642ae790e4d00d08

SHA1
7ae2de067d862085bad7648e28b40a7ea9f474aa

SHA256
4901dcb449bdc6e658e66b37535dab4310229581443d354621b344a5592bc87c

SHA512
def7ae595a92d31fcac57ca1863ff64065bdf3c7448aedf58d0de836976f6e25e080c17b19de3fc83a6a9167c7ce1d0c47033c9e8e6894926458514f5e763cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
b36a0e4a842df764b735e2193644211c

SHA1
f39009cca337930b198e1cd3425088290e60b641

SHA256
40b591e85906d63a24684c21630092aef169b838229433f609eb2e89086e10a9

SHA512
5156e212a28a8fd5d0d67d7eb2f23ddc2de0801b46d97c272b30efe1a7724aad38fba80592d9569747664aaee4bf12f674f37e9793412d52461115ffddcb99ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a301243c8a42ab08f7b4bd91c5ce2611

SHA1
9cf8743c4d8c2bdbfc1fff73e3280d5ab7507b51

SHA256
f0904eb8d0a5a53defd8da6b0502ee2b4b764e6094a9c284dadcf786c3fe4d92

SHA512
39662cfccaf5d1e500c81fe4688200a119438fb12a441572d7f04dbc401962e3fdb278b36d24430b448efb2374cab3126cf1c314f6c7e915f4a8f1078cfe9650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
5435b54bdbe2805683afdf5092fc4f86

SHA1
550d7df9f46a6876e674d7ff3e69abd9b599f754

SHA256
f8dd5f298043e8a17c8784b8013a51613e059d3c49640f46c35fca7f32a5f976

SHA512
1c1debe3d4a6286961f9f2baa53c944392d9a6e58d315733c5aeb9c13eccc98146c7a946bfa1ceb648f26b343ae85c19d91c7fef57abe6d75d326667bcad5c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b7f3f73911c431e47b8f3fca36775d23

SHA1
5e953ec9128b7f809789fc822ee3f1d916389248

SHA256
a1a953c8172fe07ccf6136208da4a885350f223442143a7fdc1341278ea196ae

SHA512
81878e08b93a82ea46490a440fb86ed6b4d17d72767ea0e2486a6be1b38f6d407b1e2bd38a622e3c05424e57fd0069e46e8d9228943c60e0cc94f62b82c3800f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5ac925a9414a34907135e348836821ae

SHA1
26a67c80846348427f29116410fe4ded76be9477

SHA256
456a053941a083060b78c46b9e6aa671548e73511065f904136476ab436e0cbe

SHA512
10708b4d2ed991e414868dfdb7377d8f9fd212297fe99113b4a12db179c615bd63f9ac69a0929a94f4df73a58eac39de8631a030cc0fed4e6871e5ab623422aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47d743784fd597202fbdfd47f3280608

SHA1
58ff26693777528d1c263b7c799ed3b78488b597

SHA256
11fd62f172971a960743655263fab419bc4498e2aafc8f8851864e4489922500

SHA512
798f2af5cb167179d17704735ddfd33981b66c16ce8e8b68a5e8f82d000cbf8f20745d42468acbd457e916111b3cd419a14605ce6834ded4f22331d4e1ce72f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e0b7ee505ffa3243cb9daaccf173a264

SHA1
1f90c49163a0860c086b83bc3866fd399ca6308d

SHA256
5d2da32e5abb19572e67a6de8ac93ef26ed0a8e5a675c826a84b923ea7dc9365

SHA512
5f286e7266e1621c398232f7c36b71caee0d4e8a533575b844983fba44a64421df7aff7da5dd462cd458d7f248fc5dd9c3610a514f7466f6dd6bb0b96a636092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f62521650984736250a30ce18a69df5c

SHA1
e9a75c50010bc3a6067f5c8ac2acf495d419e748

SHA256
8196ffe594c685c9059043bda25a9b6116fd0d61589baa15ac24954849e841b6

SHA512
5fb69aa6f090a330c0b1219bab808ab85b7c65ed5198f3b1f5a562ed5e089830fd5c10a1e4ee8cc40d1981298772f524e07e8f1a178535d5014548690f59b5c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c3d87e78dc58f06daae3cc0e2893ea11

SHA1
35a002681af492262a677889b1843849134ff9eb

SHA256
4ea851b5015d2a1a899e1cb01c7ec9771b5840d9ab1337db9d36c522003e11e6

SHA512
8c016891c744f3864bb8a8ea817e65b989fdd1d758e32f7e9295163f472fa8f7c0e95eef475089e58ec2ff1908e7097e83c66795d095d9600b8afe30a832d27e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
98cb9e27e575fd0cd24f01c396b7c033

SHA1
fcb94434749409914fa1697ee8ea6daef67fc3be

SHA256
3437814fff7a79ee175468aa60ce8206d655cdc34df1438fbff9bfede52e70e4

SHA512
494495bf9cd09a3ec20de69b6877597d4c84beaa95f45bd5f8e0918e10b506acf01f7575f62d35ed92d5f8fb1f3557948bf42d2f618f91f331ff5258eee1e1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5ea9b8504b800366d586cd7f816f6246

SHA1
9397c030e794cd032167ba3207bb80152284a5cb

SHA256
43e070480bf78e6883bc36f171e5c4f7e5f85ff18fb6a489bb77e8037a28b1d4

SHA512
25c8e33e4cb7470a7b9104e6ef6a7ae7ad8c1cab8bcb2b75d172639f0a4ba016f8b9ae1b53b4aa339a1448533a415886844a82bc94885ac98561b58e706aa4e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
729f6ed7094160a67fd6baa5574ed24f

SHA1
bd15ce62fa285e5275936e479d3a931ebc247b15

SHA256
ad9759125118de63fc7d2ef1994c60adb7970ed33527531bf7d30d72f70a6e11

SHA512
ced92f1cb19d27556ac51592eb954811d415d3d5b0fdc1da087c8f1c945ee18b6b146382a541cf1d58e7b41df1a1d34a73f8979544ef44447d61477bcc65abd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
d6be6ef8938503f5a73b02535d745d1d

SHA1
93e5391d82b87dd75d3211106f1ea5f62d68f56e

SHA256
a15fcfb9c23440d144279bcb5455bf6c13ddc71d63c957482aa138f06c24472e

SHA512
2e4cbf0dff479a9fe6f0551b1a0748d08c329cfdbfed2dfaef3871ffc56ac2f7b1cf23a08636e0b5e65cefe492a37484ca3cf1e47fef99fc458f12ca6d9db59d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
f4e2bd0af2225d660956183d3c6555bf

SHA1
e7d22f4081abfd041684ddfb76ae5583392209a5

SHA256
f1b217255fa8c66c1f206ef76fea1f6e799d6b0c72a805e2cbc8a8d26c217693

SHA512
02f3c20830e6c752bc4ee9c9caa78ee400500720cfd6844441b8b46d6deb34d8c9e98a2ad2e3787fac57f19feb0a8c181263ff053b7cde7fde7360352770759e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
60509b20dd53bf524b58d0ef3fe7523b

SHA1
7fa61277bf2d6fcf69112728c67865601b103c80

SHA256
7a3aa77fe52546ba59d1b6284a8dd76eb7a66f95ab31b1bd40a6d4b1e172b4c5

SHA512
a31969de17fdd9647960380d94d61f577138988a26cc41a95ccb2a2d368cbe04611bc0c918ec1ade616fd54ac5e147f07b960ce678f8030c423718fec26780f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
58e239beba6f3dfc4458cc1754c54e80

SHA1
e29e34fb8284a04b8fe7e8a38d080835719f51e2

SHA256
f29ee7f15e6c47f5fbfa193e8eef28aaf52dfdad8e743c2a048fdb2f395a3ed2

SHA512
d14020b11844a933b272ef65f6f21ad29dbd7d8ec11201cf1102305f7dc0a66545934cbfbab1c6c1d8a85b1d5247dc520ff10b10f329a472c3c925c3e6605d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581f5a.TMP

Filesize
105KB

MD5
fbd39d2e61ab4007fa337dbdeee19185

SHA1
f9996ba3fc88e44d2fe0dddbab6160528c212fb5

SHA256
cce8919501524344bb0554d0cefa24671ca688959631cfee05777d6c115ed3c8

SHA512
37c495a304aaaf2f1e752873e965491b37287ae51bd680b2de09ac7f520ac9948bb52bfded77f0757b01fa1f9adef82f19c2c69803a51e57db8d3fe57deb6be2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\DisBoost.rar

Filesize
1.0MB

MD5
a363b576e84cad84ebd190e6dbb99d76

SHA1
a2ff180ce0acb8f4f49c1d263f43242238942524

SHA256
3db2a0ee8663a439e1cb1440e343d5ba6efea3454fc880097af788a7789aade2

SHA512
64ed91416df5b7d374f4c302886db8961aa556667edf3cf5a6f704548dca39eefae0fdddd4c22a8bb90a3d94ad47f5e307c5265e19225d5a389d4290687c2e26

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit