460bfc0c7f4f54283bc0a80db04c664a9c382dcf53d6a5876b0add1b0163d403

Resubmissions

07/06/2024, 16:57

240607-vf8p9abc8s 10

07/06/2024, 16:47

240607-vag1cacc65 10

07/06/2024, 06:24

240607-g52rcaag9t 10

Analysis

max time kernel
515s
max time network
1578s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 16:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TR4SH.exe
Size

21.8MB
MD5

1ecea7c2cadbab8e2d578df23eaa5ce7
SHA1

100a31e4b2df453709719cfd606b5ded63c648aa
SHA256

460bfc0c7f4f54283bc0a80db04c664a9c382dcf53d6a5876b0add1b0163d403
SHA512

d71a7f759d27c1620ff80abb94f6c9b556b23c02ee51eddbead221b0308f148f96adaa1f6c1bdcdcfb9231dbfd51810ea97d6496e1e15744614e095ac790e90c
SSDEEP

393216:ezQtsfh5+Kmr2pu0tTkQETS5vJQn+5PjDCA75umzTdrgDaMwUI6dA:ezQtsfX+Kmr2puIYQEW5hQ+d3fnJrewD

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1704	python-3.12.4-amd64.exe
1748	python-3.12.4-amd64.exe

Loads dropped DLL 9 IoCs

pid	Process
1532	TR4SH.exe
1532	TR4SH.exe
1532	TR4SH.exe
1532	TR4SH.exe
1532	TR4SH.exe
1532	TR4SH.exe
1532	TR4SH.exe
1704	python-3.12.4-amd64.exe
1748	python-3.12.4-amd64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 1532	2932	TR4SH.exe	28
PID 2932 wrote to memory of 1532	2932	TR4SH.exe	28
PID 2932 wrote to memory of 1532	2932	TR4SH.exe	28
PID 1312 wrote to memory of 1752	1312	chrome.exe	30
PID 1312 wrote to memory of 1752	1312	chrome.exe	30
PID 1312 wrote to memory of 1752	1312	chrome.exe	30
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 2172	1312	chrome.exe	32
PID 1312 wrote to memory of 1656	1312	chrome.exe	33
PID 1312 wrote to memory of 1656	1312	chrome.exe	33
PID 1312 wrote to memory of 1656	1312	chrome.exe	33
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34
PID 1312 wrote to memory of 1940	1312	chrome.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\TR4SH.exe
"C:\Users\Admin\AppData\Local\Temp\TR4SH.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Users\Admin\AppData\Local\Temp\TR4SH.exe
  "C:\Users\Admin\AppData\Local\Temp\TR4SH.exe"
  2⤵
  - Loads dropped DLL
  PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72d9758,0x7fef72d9768,0x7fef72d9778
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:2
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2136 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2144 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1180 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:2
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3220 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3620 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3776 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2636 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2632 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2532 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3832 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2724 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4220 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1768 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1716 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1372,i,14122525110839100675,10985172985832850426,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Users\Admin\Downloads\python-3.12.4-amd64.exe
  "C:\Users\Admin\Downloads\python-3.12.4-amd64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1704
- - C:\Windows\Temp\{095A0032-F09E-43FD-AE41-BB2930E7C7DC}\.cr\python-3.12.4-amd64.exe
    "C:\Windows\Temp\{095A0032-F09E-43FD-AE41-BB2930E7C7DC}\.cr\python-3.12.4-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.12.4-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1748

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
349497ff241d7f849d8d47f34fb17d1b

SHA1
c2c6b11e9c9896dca493b6cbb486dde96b491210

SHA256
906a29a2ce58e6cc6fa5c08b1cdf40e07c3d0ed13b74ff326a1b7c2e4f436b32

SHA512
afa143ddd610c88ec1834f5d788806f8acb892f3b14e2d81e2d5d1615e25f46d922145df3d1be669cfc6578c7e26eafd048b0af01c1cb4f07975da4b1ae818e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5251882cfae53578455ecef3a8c97f5

SHA1
baacae61b681c19571b1fd4d9e5a25a82b070a72

SHA256
eb01d5b38f525ee1dbd5d624ce5f630b34f6490fe1f9cd543a1fb2adfa16d299

SHA512
0c7a7fe01cc05efccbb0f9affcad4f7b491466b23966b37a4f8a4241c00202a8e870e38c832da4f913b6f5f2a0c5dbcc28adb6245d125610f903a624ba51418a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a27944c9c43564dfbf126016ed732188

SHA1
df4842690e02d689c1fcf6bc80af08e10f318d1f

SHA256
55f57d97eae92ee4b2a79c75090caa73a956cc7f3e4e604e1c69c25528cf211f

SHA512
e5255dd68eb6833279085a926f737324838bf197ecc489425ead8570c63b1ca02aa07b2268b720dcb5247e05327dcc0934469c213531c242654e73200592348e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7dffb73d9b1b66a8fcf9039393ebb0d

SHA1
225ae3c7dd9ade71e1401d713f3bf582122ca753

SHA256
f0d46c3b90e30ca79bcadfa931c57603a24d4e39c9a4c8d29de23e4c2eff5270

SHA512
cd81449539df9cdf0bcb094e23bdb0db6fb32616d9b365495ecc7342f158b4efa27a61646d1fe85889c3f68adaf2d1ce8e3bd90eaf9e785697cd19a365b32a3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab106676999183d58741fb3ecfb61cae

SHA1
226eb8f5bf408c943ba792d86be62085ffe7115a

SHA256
1791856eb5e3c35dfe364605725acb2a8f3f0f9dd46f510cb1d2003ce3ed08ed

SHA512
e340f06d46c376ce9208007caebb1d30033ca4c7f1bd8ffa15805b385773e23bfeebb3badbf16da879dafb655494ba85eb558f5b4bba58181b1a5da63409d60b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf766326.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ea26c8e543dbe6e679b003de97bc6a4c

SHA1
b517c6391a124124821a64303a8c8b6ebd4c31b7

SHA256
517b4628105ae59840c2c38f9191b0d9a61935f968ec876327ce7644b9d88f5a

SHA512
5dfae5b29d2e772196143adce35472978c35a9256232e80b3c6aa17925b03cd9ef7a68b0f65e44525de2c59cd1e1586f3e6094c48350777b52ad6563c4225003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
525B

MD5
49b19e1f8c8e4ff97671cab9674ff6e1

SHA1
0ecaba21663f1486f229b6a2626b6dab0e9d75ca

SHA256
02b9db3b12d5d22683a5a8830c9966f94536b4fe31716c9b65bd90c237c5f08f

SHA512
5ba95c5af2d7d7d914aa11f110514daf8ee4b9e2c5f56500ae31a27c67b72c5e458025d712a1e0bad6db1f31b5720a9f921e7b4700c717fc23cfffce4092890b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c642860f-71fd-455d-836c-bf2514504be1.tmp

Filesize
5KB

MD5
23f11ad5d8af1207c4bd6daad128537a

SHA1
73d5c8b152fd5d8630a0bd729d42ca9df3f146c1

SHA256
00c52860ce7314d2640c0aa8ba5080a9f6f3d4e9e7726bc4e251bb6d5e02b4cf

SHA512
c214dad62e78f8bf4a480c4be8454948ab502f7659088a8b0b708ac61ae3c31d11bec086db5d0221dd5f9cf4c5339bfc3311ee828f335e2e92f84f659976d6e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
85c4d5ae5719e89c5053099e20a340b1

SHA1
bc62d856077aadb74805718f8819d38384539c3d

SHA256
380ee3af708f2203c62423b5509a4feb691ff5274f4568f6e5c09e3a20327b22

SHA512
6d9a48053677b344b8604691123aa7fa23e41c79c33843c304981a6da08f385b9693556ffa036ce98ec2c832bf12782571193b5d50aee8f1f1c47d9fb860363d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c7c9e0101f008554d337417a6a5e4fd1

SHA1
0804044fe7b7f2cdf5cd3000fb2e620a8b69a6f6

SHA256
4479d95dfe55c2cc0fe656e38779d38c2c10d074690e1830ff14c5f23a6a9c0b

SHA512
17d11db40369bcfa5668b59f3d4f0006f206e7786ded5f49e173bc954541087ea663021f449e1a2b10c6ff87550e88a39eddb14010d16470e65ce234dc23ac58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b9006e59-36fc-4f26-8c8e-c07d0bbd5de2.tmp

Filesize
7KB

MD5
5bc967cccd7bf4a0077c462499149c43

SHA1
e6e902cc6e5534a8b901a91242bcebefabfdcdec

SHA256
db4ecb290ed0e550a80d4b033b606f6411ef48b6d629e68c10f71c8e04403a62

SHA512
55537f8335eaa16e2904c3b013541249b14a535ca3fb2ce875b3df5c3d147d028372f2af591c031f7783f6c79c4bc3969d635e66da8764b16d1993560d21a005

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6484.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
b9207fe4f683b7bc99afaed15418f2a8

SHA1
60ff112e13e3697bef357415b7a0a98ef9f0b240

SHA256
15e75e9622a17c6250c3258a2c0f0be5376275185a25671a44b18375e032396b

SHA512
5b2af2ffda1b286a473d7d761b00dca08e89e133c0089bcdffa305002e6164f6ccf01448fd78cda2eff81067018ba5ffdd877480e655240700485156bec1ab97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
f16e0d42f5294154d8cfce35cb74a599

SHA1
e9cea591b5cfaa9a6f7b36ea554cf7e7c92ca74f

SHA256
a0f5964785fee3289bfbc5d40e68740aa408fe2049a9a8bd328694e37d300a42

SHA512
a14c4515b38a3e60155d4de9f80f3bb85c5ab63f58ad4a2f5abe6df18d35f0930583f17e837928683174e678bf1ede4cbcda1a2bb35aa489d80a9e1408e5f153

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
c9c74b664ec89a563b505df7cd1a43db

SHA1
f82d8341b8962d6ebf1a9bb3e53400cf4864e0c7

SHA256
39c5e4fa51ed17e2edefce0f6c0f577b52138c526a69b9763ce562618f959a5e

SHA512
3f5aad204020b90102ad483c323850794acfae78902b9e7ec23937bbf66a95567d98b24720dc73eb1f443ba9284543387b5705ba3e0f40f90204eb8c88ec4c59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
652a6e06056ef20d498d386ea710dea3

SHA1
d85cb215bb33dc943065a025b810f51127d6196d

SHA256
d5450dc00bcbe823627d2dc5074bb25f772cde65305d511698bbd518667094f5

SHA512
cefd6f09f9a2414f0018f52fa4cde0f15d392075e1744f90cc506140d0f9ee2ff70e0c8c64a9adad376fce8b9fbc67d168a09a841343cf1973eae73316dca387

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29322\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
b81b677c1c3b76c07cdc41bbb2ea519c

SHA1
cd581d99ceeb2e1cef863e4df7af213aaf70759f

SHA256
4b4c5eb98253a7fd13dfae51b88a1d3afc364c310499c013703f0b7542d65ea8

SHA512
a06ecebeb39b6d5dc617dca9b9d535e8cc6989f83ba7cfff0f7b67afb56076aaa47197aea0f5aef72ed8c46bbf44106b01b64849849e0d39a6615d9738f9a97b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29322\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29322\ucrtbase.dll

Filesize
987KB

MD5
0a5632da3e5d51ac53c58f965be121ca

SHA1
b585d2b902214c45ad8072a9126c0d464d1da4ad

SHA256
9f627acf1839cdf1b503080ea98f4da3e2e273cad7e6f07c7f64c3fd3a2563c5

SHA512
c9991e18fd4685bb327b59d1fd5aa18973f10b67a01eafc3ffef72988caf6e5f07a5f4c56c9d485a3b733142152cbcc8dbf43122112f952f525cda57a8a56b18

Download Submit
C:\Users\Admin\Downloads\python-3.12.4-amd64.exe

Filesize
25.5MB

MD5
f3df1be26cc7cbd8252ab5632b62d740

SHA1
3b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4

SHA256
da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258

SHA512
2f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89

Download Submit
C:\Windows\Temp\{3F54E770-FB45-4D83-B4C9-0A997836FCE6}\.ba\SideBar.png

Filesize
50KB

MD5
888eb713a0095756252058c9727e088a

SHA1
c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

SHA256
79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

SHA512
7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

Download Submit
\Windows\Temp\{095A0032-F09E-43FD-AE41-BB2930E7C7DC}\.cr\python-3.12.4-amd64.exe

Filesize
858KB

MD5
504fdaeaa19b2055ffc58d23f830e104

SHA1
7071c8189d1ecd09173111f9787888723040433f

SHA256
8f211f3b8af3a2e6fd4aff1ac27a1ad9cd9737524e016b2e3bfc689dfdad95fb

SHA512
01aa983cbddfe38e69f381e8f8e66988273ef453b095012f9c0eeae01d39e32deb0e6fb369363cbb5e387485be33a53ac3ec16d3de1f42bb2cde0cfa05ceb366

Download Submit
\Windows\Temp\{3F54E770-FB45-4D83-B4C9-0A997836FCE6}\.ba\PythonBA.dll

Filesize
675KB

MD5
e58bf4439057b22e6db8735be19d61ad

SHA1
415e148ecf78754a72de761d88825366aaf7afa1

SHA256
e3d3f38fd9a32720db3a65180857497d9064cffe0a54911c96b6138a17199058

SHA512
8d3523a12ee82123a17e73e507d42ae3248bd5c0aa697d5a379e61b965781bd83c0c97de41104b494b1f3b42127ab4b48ac9a071d5194a75c2af107016fc8c9c

Download Submit