asyncrat | 3576a2c328055287dfcf6b61a2e5352071a56d7a2f92b0064ac19eecddcbb3ed

Analysis

max time kernel
107s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EULEN.exe
Size

74KB
MD5

de0891586265c0d49245e1590a7c0658
SHA1

8e227aedecfbefb4ed05ca5996ed6c006338f6b1
SHA256

3576a2c328055287dfcf6b61a2e5352071a56d7a2f92b0064ac19eecddcbb3ed
SHA512

ac4a52c7c3940c403f622da6e3543fa0978f2b96277f73e89a64668980f0931616991b2266a235ae13dbfec01886387af135c5dad197d74ec39e2e333460338b
SSDEEP

1536:8UUPcxVteCW7PMVee9VdQuDI6H1bf/zQzcBLVclN:8UmcxV4x7PMVee9VdQsH1bfrQYBY

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

45.88.186.12:5050

Mutex

uxuwhavlzxq

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 161305.crdownload	family_asyncrat

Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

EULEN.exeEULEN.exeEULEN.exe

pid process

5604 EULEN.exe
5936 EULEN.exe
6024 EULEN.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
5604	EULEN.exe
5936	EULEN.exe
6024	EULEN.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620070337217643"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

EULEN.exechrome.exe

pid	process
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
1736	chrome.exe
1736	chrome.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe
3436	EULEN.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

EULEN.exe

pid process

3436 EULEN.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

1736 chrome.exe
1736 chrome.exe
1736 chrome.exe
1736 chrome.exe
1736 chrome.exe
1736 chrome.exe
1736 chrome.exe
1736 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

EULEN.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3436	EULEN.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe

Suspicious use of SendNotifyMessage 39 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe
1508	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

EULEN.exe

pid process

3436 EULEN.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1736 wrote to memory of 2204	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 2204	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4960	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 2264	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 2264	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4764	1736	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\EULEN.exe
"C:\Users\Admin\AppData\Local\Temp\EULEN.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3468,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=4108 /prefetch:8
1⤵
PID:1412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff88dfab58,0x7fff88dfab68,0x7fff88dfab78
2⤵
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:2
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1
2⤵
PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1
2⤵
PID:5312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8
2⤵
PID:5348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8
2⤵
PID:5400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8
2⤵
PID:5620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8
2⤵
PID:5636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8
2⤵
PID:5728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5104 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1
2⤵
PID:6132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4828 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1
2⤵
PID:5352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1780 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1
2⤵
PID:5836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4928 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1
2⤵
PID:544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2716 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:1
2⤵
PID:6060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3196 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8
2⤵
PID:4728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5128 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8
2⤵
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8
2⤵
PID:3812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5324 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8
2⤵
PID:5160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4880 --field-trial-handle=1908,i,11520956000215164094,9481199772234486970,131072 /prefetch:8
2⤵
PID:5144

C:\Users\Admin\Downloads\EULEN.exe
"C:\Users\Admin\Downloads\EULEN.exe"
2⤵
- Executes dropped EXE
PID:5604

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5196

C:\Users\Admin\Downloads\EULEN.exe
"C:\Users\Admin\Downloads\EULEN.exe"
1⤵
- Executes dropped EXE
PID:5936

C:\Users\Admin\Downloads\EULEN.exe
"C:\Users\Admin\Downloads\EULEN.exe"
1⤵
- Executes dropped EXE
PID:6024

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1508

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
87a6ca24ce2f592d1b6f4c69b7293e02

SHA1
5fd5ff64c1943f8db9d97b1781c284096aac4c01

SHA256
cc63526e51fbfbd8a8d6e8f7d3702085ea62cf1b3321800f4d02f1fb1d0f064c

SHA512
896b8f91b24d64cec978a181cb3b808f150aa444aefec809432889c82876bb727045619f49a935983968a900934d26310f402b12314e29964ac0a9d0a9baeb8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
81d129e652c73579f563fd1ce466985f

SHA1
81697ff3f7c55231304e3215f2d52501fc705275

SHA256
5d795a2c52d6b23bcdac18f26dde2aab29e7810fff02087acb5c8970d9d1af8b

SHA512
5dfdcc10218f23e96b8d61bc5673f4d3a315e4b3ddcb7bfb15360000b3e9d24ada608e3540aca30bfa5d9841468ec6a4075ba932b7950c7ae79f10f74ad06737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
65ac2fcc5b55e796c9e1ee55f622c7fc

SHA1
2364eed797888ffaca5562344bd22e5a863e2036

SHA256
af7e0a7c511d14deeff603951eee53677fb206ec63610c0ed00039465f865f12

SHA512
24f704a567e17d63f003b493c6d9f80e35706adc4a1c1ba1064f21e500158a8fdf93715aa909756a0e068052fd91715e326d05eacd0b823570ae251f34e4169d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
690B

MD5
671442003a16691903ecf553ff432cc0

SHA1
255dfdcc9ff5c26d9847be7e27588017d2802e11

SHA256
88c2d7822f28db9babcdf98e7a4d0f91b4a42d2b604343be7aee145dbf797c83

SHA512
5e3a8a3ed986d369e41bd90b8f588929dd2e8dca999d388a8cbd13d78491353c680fe74665382dfafc2d4744b1fdd075f60bc00b02c0c62d2f2e38a66abc5a45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
858B

MD5
c760ddb8df86d045fb6b72b8a95e1ed6

SHA1
2ff1fd5f36996295c7fff547116ca0447741e0ab

SHA256
d9147e0cb3275c50f460e64776975837a1cc9016a1d34ed9ddad7ec96d77f14f

SHA512
430e7b3c321ba68e2018e2df39e1a77bf2fae8c79db2d254b7a7481a980020f8ecd65c031554dd00c2053b8b6c745b5062af57a86a575122a2240e0df02be95b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
47be82896ad227d70beed48c209a2a30

SHA1
58f1568644a53282fae7a3e430340ba417cbc606

SHA256
6d494f785724812b689f5e8933660ced01cccdbaab3aec43dd7a152581becdae

SHA512
6db6c6677f4fbc2b72f6a13c8e6908510767e9b408bc0b1b7cc9bc7f45ba39f5476ed3b69297e95d8dc674e30659cbf42830d90a7890bdbf79058d7102e13456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
526853b7e497d9616e2dfbbb6b468c1b

SHA1
b9c32dfd609c9d99ace8dd2cd0c84d7d72babce1

SHA256
5ef01654554e8eaa249229cf696cfa8d94561c8bab2de59cf004e8b5d832c769

SHA512
c46d25e87ec73c32b6107407810f11a24eee55e7c56c12f7648a808c3069b2ec93fb4a2c9b9a11a5be392b28f7ba301657cd9fafa95ee64442ccf175acb8dedc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
00683004c3697d48a41e3a593ef0d56f

SHA1
bbc26d9c97cddb448bf076853eed0e9b3f726fd1

SHA256
cb785f3622f13437b320d912fa9114720d17d034f7e246df87dec73365e8750c

SHA512
3d5b0f77eb52bcc141f35af9ad4a45a6369143662ad0160356bd3de1d862fbcc8da4a93fa478ddf9a5e52452a01c11e02dd536a6c3837818091d670eb9a87e44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
365e8e796fd37062d34fd5ada6b8ed8c

SHA1
6cfc757cb17552153c7ef68027552ede8dcb6a38

SHA256
8b12d0330c188398281062c2eef3b45159b4874debffe100109f7999851c50d0

SHA512
912d62a705d7e5a381d89686baa153b0acad60e82939dea77e34a82268347b1608850fbcd8e67d6e9434b4b9a87f7df1ff88b5e013c4a3d40ee73347c1907632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
1e3e39b749b243e6c2b1a70cacfa8e01

SHA1
b4c182d232b9a916744c912cdd6a92c55a191676

SHA256
5507fdae7e8f1e7b8fe586918ac1ee69ba9f65ebba48e5e420bc1bacc2674cf1

SHA512
dd27e105e6496bb4d0d7720a2bf39b1f20e872c9f38c14800ab73459b7f92df0474ea2e1509b30de2116f994c5b63c4f172cf59088bcefb3acd659eb482d24ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
1e0697394fb7f97941e2529d9c56e567

SHA1
a39f7f99e4e9a1fbca1863707feef647c91a7901

SHA256
846aab623a1f0c69bd567edb97504395146d26051c5945173eebce3fbb6a773c

SHA512
3ae5ce16352edf7c2341904ed435edf427230fe37a601a063898606d202b65204a54595dc14535289b388d3eb07e0c30eed1c043b61e6a7c730c101edede6801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
dd363b95f14eeb20c4f445ac29c97fc7

SHA1
b1c811c3277afb8487e479cd27c72f8a53f5cb3d

SHA256
32e62f6683a5272e2495e78c1202e85c7c00b1f17e9bcf4f1a11590604292664

SHA512
702b068111cd4321fbcf44192ed9cea66031c18b7e93f5a45818229f7de1e30ead4fe56e409fff3a5661c1f7de1b6deea1e259f799b314e264b7014a93bb533c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
d44eb7c1cc46f4b91224ab43da7efd25

SHA1
7bc08e5da0108b5bfcf787027f0f29d7af86ae5c

SHA256
2e0face31031df51720836034f10aa444940590146132810d506c8b105787ba1

SHA512
3cfbc38b7e54ec489fb6990fb3c95889229ff87dffb7840f166950cc28166294d5b53201525b0ec17667e2fd339a2288b40a6ca258fdb7d1f2efe1f7f8a66d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\EULEN.exe.log
Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\AppData\Roaming\MyData\DataLogs.conf
Filesize
8B

MD5
cf759e4c5f14fe3eec41b87ed756cea8

SHA1
c27c796bb3c2fac929359563676f4ba1ffada1f5

SHA256
c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761

SHA512
c7f832aee13a5eb36d145f35d4464374a9e12fa2017f3c2257442d67483b35a55eccae7f7729243350125b37033e075efbc2303839fd86b81b9b4dca3626953b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 161305.crdownload
Filesize
74KB

MD5
de0891586265c0d49245e1590a7c0658

SHA1
8e227aedecfbefb4ed05ca5996ed6c006338f6b1

SHA256
3576a2c328055287dfcf6b61a2e5352071a56d7a2f92b0064ac19eecddcbb3ed

SHA512
ac4a52c7c3940c403f622da6e3543fa0978f2b96277f73e89a64668980f0931616991b2266a235ae13dbfec01886387af135c5dad197d74ec39e2e333460338b

Download Submit
\??\pipe\crashpad_1736_ZLFDYXOSJNOYXSWP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1508-331-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

Filesize
4KB

Download
memory/1508-340-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

Filesize
4KB

Download
memory/1508-337-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

Filesize
4KB

Download
memory/1508-338-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

Filesize
4KB

Download
memory/1508-339-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

Filesize
4KB

Download
memory/1508-341-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

Filesize
4KB

Download
memory/1508-342-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

Filesize
4KB

Download
memory/1508-343-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

Filesize
4KB

Download
memory/1508-332-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

Filesize
4KB

Download
memory/1508-333-0x000001FC1C710000-0x000001FC1C711000-memory.dmp

Filesize
4KB

Download
memory/3436-51-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

Filesize
10.8MB

Download
memory/3436-44-0x00007FFF91693000-0x00007FFF91695000-memory.dmp

Filesize
8KB

Download
memory/3436-1-0x0000000000590000-0x00000000005A8000-memory.dmp

Filesize
96KB

Download
memory/3436-7-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

Filesize
10.8MB

Download
memory/3436-4-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

Filesize
10.8MB

Download
memory/3436-0-0x00007FFF91693000-0x00007FFF91695000-memory.dmp

Filesize
8KB

Download
memory/3436-3-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

Filesize
10.8MB

Download
memory/3436-50-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

Filesize
10.8MB

Download
memory/3436-9-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

Filesize
10.8MB

Download
memory/3436-69-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

Filesize
10.8MB

Download
memory/3436-346-0x000000001C410000-0x000000001C42E000-memory.dmp

Filesize
120KB

Download
memory/3436-345-0x000000001C210000-0x000000001C276000-memory.dmp

Filesize
408KB

Download
memory/3436-344-0x000000001C290000-0x000000001C306000-memory.dmp

Filesize
472KB

Download
memory/5604-197-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

Filesize
10.8MB

Download
memory/5604-198-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

Filesize
10.8MB

Download
memory/5604-200-0x00007FFF91690000-0x00007FFF92151000-memory.dmp

Filesize
10.8MB

Download