Analysis
-
max time kernel
112s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
31/05/2024, 14:06
General
-
Target
https://www.google.com/maps/search/50.8505,4.3488?sa=X&ved=1t:242&ictx=111
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 56 IoCs
-
Opens file in notepad (likely ransom note) 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/maps/search/50.8505,4.3488?sa=X&ved=1t:242&ictx=1111⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadc09ab58,0x7ffadc09ab68,0x7ffadc09ab782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1720,i,4759147026598094337,6447043231325143104,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1720,i,4759147026598094337,6447043231325143104,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1720,i,4759147026598094337,6447043231325143104,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1720,i,4759147026598094337,6447043231325143104,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1720,i,4759147026598094337,6447043231325143104,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4288 --field-trial-handle=1720,i,4759147026598094337,6447043231325143104,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\SplitExpand.bat" "1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\SplitExpand.bat" "1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f8 0x40c1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\start.txt1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\crash.txt1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\start.bat" "1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K crash.bat2⤵
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192B
MD5dafc43137efa48ada116fd87b59be4f5
SHA1f18ace2ab7fc6fa652c12c27934939ae4ca36dc6
SHA256cbdedaf0422249e545eb048b1cb8f9bac194ce362fa3444647a90cd0488f0ed4
SHA51214a5ed2d775d65cd781e2998ab9d00e059b5840e82fe7b5d481c7f22feb3778e08afc081dba6f4ca4d0ff4a1c2cc34ad166ee8ff9ab739bea04e16eca32e6ea2
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD571a2597fd774711af62da97c69900ac4
SHA190774712bf8f7097a1250bf113bf0ec91b8d7081
SHA25637a3cad68ac98761150359c4c4cc1bd99ff143a23e9a57294e32856f297af90b
SHA512149e70b1110e798c425c6e83d62779fdd25b6901a57880415b6690893688dd8ec8d83a6b0b79415c44105214a0f0fedac2f9d5768a0aea6263002bddf74254c2
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD5aa2477116124757d8b0156b512f3ce59
SHA1573e55f8e5024ebd59738d7ec4f816b47b5d7db7
SHA2566ca0e881e655d16023ee338955aac2183e80ffeec86c367704108e6d1042b529
SHA512f3def456c5f086c29aaed0f63eb01642ddd540726e44b4b107269c5118da1646436aaf0c036d51c6b432df9f9aecdd4eb8f44c95169f84c8ced78a367fbf5110
-
Filesize
130KB
MD58d5eb550cf244943925372042d7e70c0
SHA152d8f317b5488055925da948ab3b97e3fc393d49
SHA256791573b861b9f4e7b490071e7f3d26028ae3c238aa0924c25a297d4b0e1b62d2
SHA512852264b73974faec46a0ec4611a5a5d52faf6ab87d3fa6bca89ed490a2b8d582be5efe6b816ead9fd2934e4b898d62fb9c37c4ecafbb2a7b75a3e89e6ed3cba9
-
Filesize
25B
MD586015e62e17fe75e3a9511ae2a833c2d
SHA1ee7791b973a8caa47295bf3e263efb28803fe250
SHA256b34b703b4ffe2c02c2d4e2f2bd21ebcf054535b82997117a5271002cb2176531
SHA5122aede8bebeeb93b71e1f502593921c105f844337fd4d055f1dce9adfe19495738bc691cf1c39b9a7fbb3bcf8be597f84f7bf123ec03cdbfd245868450cd1bfde
-
Filesize
38B
MD5d118a0ba82aaf04a3fe1725f69aba6b2
SHA1981c819968ad6946c14d3907c8514ebcf864787d
SHA2568bb0e24313916f6b3e36c09bb34997cdbba612e4770eee22d2aa2744e784f275
SHA512e0c6e4336dab37bb723849af8293b8d35f641e6aec46d2657af601c7cfcb75be9b630399030588d9369b955609f4fffe6cf58688a186f8054d00581959ae8195