9d423777d0bf152acf13f6017af18b64462abd6f00aa7b21fac0b0270165383b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Silence Login.exe
Size

28KB
MD5

b7b782ba061b6fa0cdbac41272472e42
SHA1

7a4dd5691bce965d9bdf0970702669e0ab7ecd37
SHA256

9d423777d0bf152acf13f6017af18b64462abd6f00aa7b21fac0b0270165383b
SHA512

b522a3de9b0dc497ac35c456f092d22d25d328286075324c4d104fc63c00cad7cc449c78fb8bdc7c3a8c9dc60150377198bdbfe67236ed3fd86511840598027c
SSDEEP

768:zrYLWNcUMS+dD7U81oSybVJZSqKVBCtYcFwVc6K:PsScUM1dXU2oSCVyzVBuwVcl

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/3488-1-0x0000000000FC0000-0x0000000000FCC000-memory.dmp	agile_net
behavioral1/memory/372-163-0x0000000003160000-0x0000000003188000-memory.dmp	agile_net

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1572 3488 WerFault.exe Silence Login.exe

pid	pid_target	process	target process
1572	3488	WerFault.exe	Silence Login.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623569772003147"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exetaskmgr.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exetaskmgr.exechrome.exe

pid	process
3260	chrome.exe
3260	chrome.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
212	chrome.exe
212	chrome.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

3260 chrome.exe
3260 chrome.exe
3260 chrome.exe
3260 chrome.exe
3260 chrome.exe
3260 chrome.exe
3260 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe
Token: SeShutdownPrivilege	3260	chrome.exe
Token: SeCreatePagefilePrivilege	3260	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
3260	chrome.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe
1672	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3260 wrote to memory of 2072	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2072	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 3540	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1460	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 1460	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe
PID 3260 wrote to memory of 2776	3260	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Silence Login.exe
"C:\Users\Admin\AppData\Local\Temp\Silence Login.exe"
1⤵
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 872
2⤵
- Program crash
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3488 -ip 3488
1⤵
PID:3288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4cfbab58,0x7ffa4cfbab68,0x7ffa4cfbab78
2⤵
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:2
2⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:8
2⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:8
2⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:1
2⤵
PID:4024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:1
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3672 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:1
2⤵
PID:4092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:8
2⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:8
2⤵
PID:2400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:8
2⤵
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:8
2⤵
PID:3524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:8
2⤵
PID:544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4540 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:1
2⤵
PID:2356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4668 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:1
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3332 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:1
2⤵
PID:2576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:8
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:8
2⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4532 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:1
2⤵
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:8
2⤵
PID:8

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:8
2⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2628 --field-trial-handle=1900,i,11848419910388292144,1448970767985171025,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:212

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:940

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:708

C:\Users\Admin\Downloads\Silence Login\Silence Login\Silence Login.exe
"C:\Users\Admin\Downloads\Silence Login\Silence Login\Silence Login.exe"
1⤵
PID:372

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\948bd8d1-ae86-4b6f-a087-b181bf0d3f8c.tmp

Filesize
7KB

MD5
1bf2efc70e2e852b422808462317f5d1

SHA1
19c1251997c44ead0c9e55232112ce900c560175

SHA256
199493aad1900457eafb892fabcff327183ebe51f7eee757506f21ca24599cb6

SHA512
5319bdc0995b7d75096bfd1c651beae48c827a10232137555ddb31410848890d8aaaac3160379e37d75eac07ef85059b1158fdebc95c8c5a6317f0411aea9f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
5eb77eced695a966e5d6dd92ea735e60

SHA1
9437b4975f7c0a095eda3d523ac889a09a224177

SHA256
051a225e105090135754f0fdccfe5bc49a04e3718b1615f222dee7691780d7e9

SHA512
27c57db4179fc0bfe99fa42ab1bee0db2c5efb5218a45171abc0d66e59b840dc07bac11dd12e9c2b0ec8a260c6d22554382101b5153bede6282540842a85b725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
99e15085c9a8383cdcef28e1e14f0fe8

SHA1
efb30f8d37cb80584460cdde2511805fdc196b29

SHA256
03f5ff3e9281fd40d81dcdfd84e8afc5be38358b06e325a4f7391c29e93c761a

SHA512
b43cf923fe65a54a4958f6822a038303322a4470048f82ec9d488557a7ad29cbc7aff731adbce44353c8888bb48b4d72cf574c139bef6a55d71565e4c9126b25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
aec32b2a97afad5add4efcde6fdf926a

SHA1
04d42009eababb0115c9fe0a5e0f9da4210ccb98

SHA256
b9cb828ed18fd38432d886b6eacf7eb8abf640c913bf10a045eb92ffdc9a651d

SHA512
78309ccb491858ca7017b21b17339b26fc81ad37dcdc8de53dd4139f55b309bcb66f6d1d43c7aee857f60174704d84117858764b967bd0d79ff29b24ae4465cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
682B

MD5
7b79ae5ada1120a6e2da2d8ec9cba8a8

SHA1
965d80b10f66da2acd04e0556ea449b2e34e5967

SHA256
d3e6826d58de6496409177851d9e2ed2b41cea688435eac7578be118cb63d515

SHA512
aae91393610ffd9db7cba24778225d89a85bbdb8cf12f9e3fb11b94702d825aaf42cbb9554ec0b5664ea075ee6f8c718c3a6331769178b194317f03cf0f83378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e6eeccca6b3b7aaa84c4cbde4d614fc4

SHA1
1e5a9769180cc2cdfba0adf81092b925049162e4

SHA256
c3982a50fccf90882e1c34ac6173a445b6e82936c5b0c128e998117d5f48d9f4

SHA512
e3f6ac2b569a952a944acd434c919e15c9a911e22e4952effdea93a159f52b97c1b340882562f61759b661597c6cbd6af6580d5515d01e92e1404270cb4c3d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4e20c262dcf8bf48fcb9184d15101854

SHA1
05bcabfb654104228f40ad88d24d1c2c5c160a4c

SHA256
acb2e955d35d9b1103a43b5f9ea2d962d69f8f5654cfad016f072e597b8a0db3

SHA512
51903c12ee1c14a6a98dd13986415e4cb26bcc11da81755bb66accf98ea24ed34cebc7ae1cd60324ed4b6dad5bed3b641f4bb265d23cf4665383551a4bdd37be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
db1d9f974f31c2003e8eadd9f84545c1

SHA1
f525f424fa23db8083a26792788e5415c5ad3b8e

SHA256
8d830cbf8ba79ee41e78c737134511c0fb3f99ad67cd39a0288ba929405cd6d7

SHA512
306c1e75277a1c303fa759889b92d7b92a9654865225dba2f97decfba54f28c63c1c092fd78d3fcdea0880c58b07384fd2419a78184f9acfdaa61c355eef835c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
f6e858576419afaffe1048b1b5d7d99a

SHA1
1b8f7c8fe77ee1ba46c34047154ecac1faea4f29

SHA256
543478d0ba8e1a3140bb6af3b9a91bc6987e0d9e97a6c4b9369bf61970601f6e

SHA512
b54c80dfc0d5c703457f57232f430e6fceeff2cafc0a0be7f4882e0a39501923335d4b11662e37a995ad0cb5f6dd2db1dd679fc96ca219229eaf48093145c6e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
e717467cfbd2dd42f5e2f790ca343db8

SHA1
e4ca0749204af2c51e17c05f6366ea7f1bd317a4

SHA256
9aca77b29958167c2da759516fc48e31d4189b14de8ac54ecb8a9ebc15f03b5f

SHA512
e305aa5da547b8588438031e1581ad2c500b874aa94b2d2ae58aa0475e0ba825af6da861c4653e10fd6c10cfefef6a99f41bc6ae6790beb4b1f7a012b4f8cfd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58361e.TMP

Filesize
87KB

MD5
d4e77ef5dfdb7284cc8e7b0883d361d4

SHA1
9fa88d795499468724755791d53da9bb62f3ef6e

SHA256
dfc47d56eeebde8d574b02433c1bfc74cb9dc6b02badac3b562a19e14cb43a1a

SHA512
06c4fefc9b542f254de1e5b87f8ba974370c47f6855f30ed6a986c107bb49c51315155f5378c9c13af8932a389fbb87542bc2b76ea15c510c97ccdd81e4d290c

Download Submit
C:\Users\Admin\Downloads\Silence Login.zip.crdownload

Filesize
480KB

MD5
16a632cef68ad116773fe189693653be

SHA1
d2046ce0a82d22d91d9d9dea7dc8c37f1c2ff830

SHA256
f69e31f853d562daaf6594f6a547407be9e22ef6625a6e12c062157ccc461e24

SHA512
41469e065e3ade9338ed2881c785a5a72757778b74e95dfe0c6d117f8e086fad76f5080f4df278bffcd4441491e7c6fa72fb5584a2c72e56bb99c207e3562cbe

Download Submit
\??\pipe\crashpad_3260_DLHTQOWZBUSBDQYQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/372-164-0x0000000074AB0000-0x0000000075260000-memory.dmp

Filesize
7.7MB

Download
memory/372-169-0x0000000005670000-0x0000000005682000-memory.dmp

Filesize
72KB

Download
memory/372-197-0x0000000074AB0000-0x0000000075260000-memory.dmp

Filesize
7.7MB

Download
memory/372-163-0x0000000003160000-0x0000000003188000-memory.dmp

Filesize
160KB

Download
memory/372-166-0x0000000074AB0000-0x0000000075260000-memory.dmp

Filesize
7.7MB

Download
memory/372-165-0x0000000003150000-0x0000000003156000-memory.dmp

Filesize
24KB

Download
memory/372-168-0x0000000005650000-0x000000000566A000-memory.dmp

Filesize
104KB

Download
memory/372-167-0x00000000056D0000-0x000000000574C000-memory.dmp

Filesize
496KB

Download
memory/1672-184-0x000001CEC6600000-0x000001CEC6601000-memory.dmp

Filesize
4KB

Download
memory/1672-194-0x000001CEC6600000-0x000001CEC6601000-memory.dmp

Filesize
4KB

Download
memory/1672-192-0x000001CEC6600000-0x000001CEC6601000-memory.dmp

Filesize
4KB

Download
memory/1672-191-0x000001CEC6600000-0x000001CEC6601000-memory.dmp

Filesize
4KB

Download
memory/1672-185-0x000001CEC6600000-0x000001CEC6601000-memory.dmp

Filesize
4KB

Download
memory/1672-186-0x000001CEC6600000-0x000001CEC6601000-memory.dmp

Filesize
4KB

Download
memory/1672-190-0x000001CEC6600000-0x000001CEC6601000-memory.dmp

Filesize
4KB

Download
memory/1672-193-0x000001CEC6600000-0x000001CEC6601000-memory.dmp

Filesize
4KB

Download
memory/1672-196-0x000001CEC6600000-0x000001CEC6601000-memory.dmp

Filesize
4KB

Download
memory/1672-195-0x000001CEC6600000-0x000001CEC6601000-memory.dmp

Filesize
4KB

Download
memory/3488-0-0x0000000074ABE000-0x0000000074ABF000-memory.dmp

Filesize
4KB

Download
memory/3488-3-0x0000000074AB0000-0x0000000075260000-memory.dmp

Filesize
7.7MB

Download
memory/3488-1-0x0000000000FC0000-0x0000000000FCC000-memory.dmp

Filesize
48KB

Download
memory/3488-2-0x0000000074AB0000-0x0000000075260000-memory.dmp

Filesize
7.7MB

Download