ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb

Resubmissions

07-06-2024 18:21

240607-wzpbdsch35 6

07-06-2024 18:03

240607-wnchfsbf6w 6

Analysis

max time kernel
27s
max time network
115s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-06-2024 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a.txt
Size

1B
MD5

0cc175b9c0f1b6a831c399e269772661
SHA1

86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
SHA256

ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb
SHA512

1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

390 raw.githubusercontent.com
394 raw.githubusercontent.com
395 raw.githubusercontent.com
396 raw.githubusercontent.com
389 raw.githubusercontent.com

flow	ioc
390	raw.githubusercontent.com
394	raw.githubusercontent.com
395	raw.githubusercontent.com
396	raw.githubusercontent.com
389	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

1808 NOTEPAD.EXE
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2864 chrome.exe
2864 chrome.exe

pid	process
1808	NOTEPAD.EXE

Suspicious use of AdjustPrivilegeToken 52 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

Processes:

chrome.exe

pid	process
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exe

pid	process
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2864 wrote to memory of 2904	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2904	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2904	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 3060	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2592	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2592	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2592	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2660	2864	chrome.exe	chrome.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\a.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7af9758,0x7fef7af9768,0x7fef7af9778
2⤵
PID:2904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:2
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:8
2⤵
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:8
2⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:1
2⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:1
2⤵
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:2
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3260 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:1
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3504 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:8
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:8
2⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3496 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:1
2⤵
PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2584 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:1
2⤵
PID:1872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3940 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:1
2⤵
PID:1724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:8
2⤵
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2680 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:1
2⤵
PID:1076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:8
2⤵
PID:1888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3920 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:1
2⤵
PID:2032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3684 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:8
2⤵
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3796 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:8
2⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:8
2⤵
PID:2056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:8
2⤵
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3800 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:8
2⤵
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3672 --field-trial-handle=1312,i,14176214086416591502,11603495755129960552,131072 /prefetch:8
2⤵
PID:1664

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
2⤵
PID:2812

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
PID:908

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
PID:3040

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
PID:2208

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
PID:2188

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
PID:1916

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
3⤵
PID:872

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:1372

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2664

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe"
1⤵
PID:676

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
feb52c20d645a6f2208776b6dfec1659

SHA1
4f00f7c39d16ff0e69c1323e38ff7ad0f5d5b5e2

SHA256
0b2250df760d42217f6bfb300ab438a6d2f391481e2af75f689f2962ec437195

SHA512
935165d22b20e879f8e0042d471825372a3740a3d30d544b7a46d7b88fa6fc5884977410266262dab4a8d46df24560c2c9c622310da1193a00d7cf9cc2e1499b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ec4fef4976203bbdf1c0f4cc28171f33

SHA1
63165bdd5160fef10af7d660fcb9e64df83527d7

SHA256
92e57875b46d9e8422e8bce7b851361633943b168679a47fe291b9d4abcca48c

SHA512
38a271be8db8a5dd53ab23d444b41e54bcade975200319ff65f73368686115b6fcba899972576cc3a02909166af300d89abc81da345cda49bc840891baa8a5f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
66c895f7ec5c7636329bfedb5daaddf5

SHA1
e2af11fbac8fad4a97a13031a9d1b405057e8033

SHA256
885ebb4963ba65b9ebf97841268f0d0e4194bfc06ccdbc9eff4a32c4a9c9d74d

SHA512
50d0a0fc738cb0d12d27223cd8b39524cf128eda80a5c33b7d8b6dd4ad764f480e68cdbca3c05cb8623f56471ff8a0dad01437a88226360eea1c08b4ef1038c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
c66bf558052e8416e40abb3c30773890

SHA1
abe634161b2e367db2913c080b63d104289601b1

SHA256
57676bd0583731afb0f031ba6bc1f9d712c1e8811c66af872928b6591677c553

SHA512
d61880a62bee8acd63dca45d7b67fe71c06462178b96c7d35ff39df8eea5a23804e0b7cf37029cba64f071a7d44958811d893ffe7ebf9759c1c43daadb2b8749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6d4adce6-0e4b-4265-a4f6-06fe996b1735.tmp
Filesize
5KB

MD5
1b004afb68261108e5f62ff0a7ac6f95

SHA1
0eea97e774e4210151ea7104285a514c1fc99e5d

SHA256
4278e33396e76444075be83254769b22bb1e9098923a5082c9934d1ebc4f86be

SHA512
91d042fb2d6acc5549731330a159f5865c205ca18a89102ed263c728d4be986dc7fc044c1417231414ea37d65d18e0ac28948226ff41925ff99ef75fd14b13df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
690B

MD5
20247cde8fa493616474a7b812280cd0

SHA1
ab4603559f21083e05b6f7ba2f27f59a8169e9bf

SHA256
0ce6c5db6aec56e4370c8fe3d5766033e121637753ac33fcfd1ce32a7d2cc960

SHA512
3cb956ec1e5396b754ad0c247a7452eaa831669d98e1921d804f83affd87a51c00369d564f09e3476b5280bffed3f885580c0d44cbfb41929134ed08c9a005ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
690B

MD5
0d956ea0e7af9f881a6fe2f9821ee7a6

SHA1
afa83b259d2747155d314965fded9b7ad124e08b

SHA256
874596f6371f926349e40ef905e3ef041a7a988e66c1dcd25badf0a4127aa13f

SHA512
a06f70e27a196d55a123d4ced93d7475e2b9561f5a22116273be13b7ba773de33f35729c782f6742b494e0d93b98e704249f3145b47a5d200320e23afa81451e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
690B

MD5
0c96ae580730f60b76241c00225dce32

SHA1
69bb50d6c4e48f853317bbbcd31e928d01a004f2

SHA256
489d799af465292fc40fa0832b288bdbb1a5a65ef0b2b2d97d9f55eee138acd0

SHA512
e35821c9709a7c893e00273257d7e39a97984484aac4817de19828c872bbf99f1ec6fd1b808ff88f1927fb0c65837264a70273038d28dc23896aae2d07417664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
690B

MD5
0d86acc2278d42532c02e031882db388

SHA1
3adf719c8e1bda23fd16f951ef07b98d05a3e4ca

SHA256
b0e752d336bbb74b21103d1fca14f546f4b757e4911cbe44253dd9dc6e72efff

SHA512
fd67e6d5dbddb349cb7e1714b0279845d9ec58fc047097718130d512ecba71607a70a8281069a0f5db110a94453f284f3480f2d5616953bc2e0a8846702f744c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
4e1377160973a1a196ca4755d73732d4

SHA1
4d1cb6321c16fc434d363b23d564727aaa6c281b

SHA256
424d5d55543b8424df29d56caf5bae7fcc62386d162760f599a3012f8c469f1e

SHA512
4f1da6a1e9d08116e76bd11a8eecbcca82969f6854591078e5b81148b6263234c9d3d9072b9af48b9a5f9449cf20313bc44224738b7abb2adbac9ff89ec37e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
5671feef7917584fbc0ecc945186f804

SHA1
ea36ef7a063169d0a5846491b8305daa636a6a3d

SHA256
aa5d34c5f047dfa0b4ad293bd3c614bb7bba21420cc23b081e9ad019ee5a4725

SHA512
2f2d93655e188cd178f564496e63ef74c4cdaf9a85532cfd2c781e67807957460489492827016c8252311e3da475422e511c769ad882663892fb0450e661910d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
3892a0f4c90bfeac93f6dbed934a7cf1

SHA1
cd1280044b6a6a71a233c9fd6574575689481d8f

SHA256
ec74e4a9ed9459494de16286268fb2d7b4950a20aae31701cd5dbe14ef460d01

SHA512
2cbc8b48668ffdeb8278c66e7f55360cc3d28796ce4576316d14c6a62a5b13f3ab676d1fc02d99fdd221feabe23ce19a1a6f73649d47743f99bde717a9aa52fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC8D2.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_2864_EPCNJFXPKXGFFKQK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/676-561-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/676-562-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/676-570-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/676-571-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download