c0a64062375a690c4b7c3dda242973fb3e342f7e611ca7e9e5ee0398b8e7f435

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
12/06/2024, 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$77-Example.exe
Size

47KB
MD5

b503babbbac8d370ca0de5752ada2eb7
SHA1

5995adbe90e6fbddae320d7af780749918f86c46
SHA256

c0a64062375a690c4b7c3dda242973fb3e342f7e611ca7e9e5ee0398b8e7f435
SHA512

a0ee4bb021bee3651144caf13a1235dd46c5a4f13239364db97ec355381e7b8d37e3c40813c1e1c217d51e81cf2348ffdfd148e2a75dcd12559f6419b4798181
SSDEEP

768:OLA8Bd9tqyt4m52qJWXcm4owy78Lw8Vd9OPyt4m52FJWXcm4oq:OE87Dqe49JDwy78Lw8nkPe49WDq

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
8	discord.com
20	discord.com
21	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2198854727-3842442895-2838824242-1000\{6EEF1329-FA3B-44D3-B7CF-A9D760CF9057}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
2692	chrome.exe
2692	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	396	$77-Example.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: 33	4864	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4864	AUDIODG.EXE
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeCreatePagefilePrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1164 wrote to memory of 2000	1164	chrome.exe	81
PID 1164 wrote to memory of 2000	1164	chrome.exe	81
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 2832	1164	chrome.exe	82
PID 1164 wrote to memory of 1444	1164	chrome.exe	83
PID 1164 wrote to memory of 1444	1164	chrome.exe	83
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84
PID 1164 wrote to memory of 756	1164	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\$77-Example.exe
"C:\Users\Admin\AppData\Local\Temp\$77-Example.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc303fab58,0x7ffc303fab68,0x7ffc303fab78
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:2
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4184 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4412 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4500 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4780 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4640 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3276 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4724 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1476 --field-trial-handle=1848,i,5269886765539823411,7759213729821214456,131072 /prefetch:1
  2⤵
  PID:2840

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:240

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\78ea37cb-a862-46e5-aa9a-fe3f59e76ab0.tmp

Filesize
275KB

MD5
259aed5861c835150de7e86b9e189e81

SHA1
8c7d4cf6956ed1103f1492f72f5616bccb44eb20

SHA256
8e8a8ce6bd79f6b44c50cef05535ab1260d30e009c5917a7dbacfde4231ef77d

SHA512
fe3ade6de957c135f0af5d2f8ad0bc910700ce6439cc2f9ee9ae737ce1503cd669d348e2b2523636d32364f03aa2f6f25ec2a8498b915fc188734335a0940c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6376c90f2e2e52e491ade482c25ae1dc

SHA1
8c2e828b589ea41504511a37598dff2e251e7463

SHA256
ece66c099cfe2759459a0fdeddc808bc8e44e25daad09e4ae82af7af083b4b7f

SHA512
2897cb29150facc3daff3e4ca14f3e2e9656c19e10320d1511d64e63831e50054fd0bb85d8d27897029c6dc86aa51786530cf7d8609373275d39c0037beb6089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ec32b14cbf8ac16d451c162cab81a1d3

SHA1
0e862e589c62929f5360c9dc6cf2efb628f9cf0e

SHA256
80d53bc3ed8fe3f09346f13bce8d8104d748720db1d48dbf635a701776e0172c

SHA512
5dfa1e987696718e4a417d2e5203edd0f3f5bfe1293e25df518d18ba21e0aefa3acef4415065440b00bb33168fa2acb78dfab10504e5d2cba192dfd5c2698242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f4c3e81aba932d4d12d4191bbd3c78ba

SHA1
fd9cc2dcedd7f65ded0963d68f81d45bde10454d

SHA256
9da45a49b06579b05c9121213bee772b7031d59d72b85eb11f3c19b139d861ca

SHA512
c13ece4d5f1430e60bbe0ded7c1f44e60129327759b3e604b7ca5ef6056bfc5615bc6178e8f7ce921ebff38886c2e9008b2ce93435af3b59b057f9095f65ecf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7e159930ccaa434d60510c66d74d7160

SHA1
d603ddbb74ae972c594c58861b15b2a41794cbff

SHA256
580ab6923cd46114f9f1a9d1881a7260720d2e75252b9679da7922c4fb56bd5e

SHA512
4421db5bce862738abe7c0ac09f18a45ae476c4d8746bf44820a966c37546be6a2aa189951a623f8db81016ff7c1df0575950ea4b5f366786b401300d9d5a360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
16d68abf183836fd998ba89feb07fca5

SHA1
d15f493e0901266dad3a88935a805cdbd550d6ee

SHA256
49870a79f397fc0ca7b430909ee740a1eb25750072fad768b496d7f2c7291006

SHA512
44e17a6ea89819266daecd5d6e21b2db75b8ece8c4b7e506ddb97a54cd4a9b1fee6f1705347b77307c2d3e3b9d991925f8072fcfd78e36da70818f28df014440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0b8f74860258ac16d5c21c74811e5d20

SHA1
3b7a36d34e0fa2a5b5a423cf6dc6ac40e205a2a2

SHA256
f458be2e2e695c49373a0f754436e2b9ce19e38953f0a51dc10afe0dccd7beeb

SHA512
931bc9f7f922eed3c3fe4e5872c31fd8e6be5e8d66476cacb35418614d8a7bc12019b030e4d2634c0591e9b8d0163c82b26e3aa67ecdf30e4bfd73337655e5a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f315462176e13e0b5469c9adfedd86f0

SHA1
33d4d97b8bc107f6f7dfbaf7ce65c53137cc4469

SHA256
3b6b4a75f07de9b6308b4b599aa31376a6e12eeb728f1520a10caed6e97f13ec

SHA512
ec609fed7064eafe9eda7314d490f938a26c28683b0bbba90481cec6b17a39672c432f883dc7940a7a7f40468a459a97c33f363325b2c203d9875581deba2766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dcf9668fd4ba722e6dedb47d80122e73

SHA1
b58c7309179c36085e1d2dd8b19b6a2cfa2ea1e5

SHA256
65ed28636ce895a917d52a601b346da9a5595813731c42fa9b5748f3516ca606

SHA512
af2a425730680a89290121650826df7bfa58aae2e9f94c53b226995aada7b2515c5e3985795420d20bf0c4e67044e55bea1747f5c4a6baded6661e849f99a7ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
139KB

MD5
df3283dae3b248a1fa5ac492de03caf3

SHA1
367d1b8bcd3e85d1c8e2639d5c7f96a0b0f29cd1

SHA256
d4a9728d57ce716376d1a735bab2b207e152183a6a03aadefc6199aca03bb561

SHA512
36a0f8a54d35cf944f0f0fc1e8115727e4c78b32448acdc8e735a31827235e76a49529a292ec9c659db82571d89c6c48044986032ec2badcd42beae7af74f71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
466703698c8573b7afb34da09f9f8d18

SHA1
6947650cc1df6cd02a3164d4e4ca3b6763f4bdbc

SHA256
519e708ac2e8e27cf29a2384610f286bcd013924b672107e7124f7802babbfbf

SHA512
b9b38263adb67cf00113540eb21a6634f99fb861befeeedc9b299801457742808c22e4d6b9ddb628d9acd195d4383b77184325b7bca826aa577076acbb7ff72d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
296KB

MD5
b7d5cd4ca9dcf87b9a42eb2f302d9adf

SHA1
06db29ff2e2b0591603e258455388a30bc0000b5

SHA256
5e6a2aa85734f146e324322285813f86d61b6e86bab237d9e6a86530759d5962

SHA512
49f6f3866b0cf0e622d94e4a47b9eafb7fcd4b6c71324052fc868188c0a11c254c01531cc7ea3192d67ef71d5a396fabd2b286827a6965edf0dbb957e0174fba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
1f26e9b6da756d8635b62362e22d70cf

SHA1
8c57c76bdd43de8923f1b09f37945f712bd8789e

SHA256
bb44a7f70d478196612ee5edcb36802776a9731325949efd3f1f0a0948d83a1a

SHA512
6e1df9eddd9961452d92ddfa550dd13834ecedee8d0a2a00c14672e9eec9a41d727b55f746cbe552933ad59bd455f79b3277ab1925cf931e010b2b36b961048e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
67b15c4fd508b8c03125fd26965a5ccb

SHA1
34ee230c4d7ca10f2bf7c8ab03da0be53c05e5c6

SHA256
f65f1b4aa9d1959b336d90d01965be625bfb6d26ee50f77560157d030a5e6a8f

SHA512
4a223842d03331a0fc6559c3d548270479de4c03f8fe4379d725e013fdd0ea528936acf90c9d690e4ce22f34b64f81abeef806fe43f238af77ed929770bc2397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
87KB

MD5
c3a26eb62e70a1facbda3c026e4c1a0a

SHA1
5fcd37b6520f93ebade84f96b7c6828b2075d4be

SHA256
1665b51dcb31598f9f4a036fc1ddbc5cb64df828ea22bea0ef8620cce65e4994

SHA512
2485e73f3b88110727cc3a01e2d8f0845ee9aa61cb207ecf458e9fdf3b4f402ac03efb845659ff6aed36c7e7c13e4979524ce3de48377762509f50047fe4a473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b6e7.TMP

Filesize
83KB

MD5
9cdd46e9a74fa821a3cf7e6fcdd81834

SHA1
366592f77038daf232471958417c467230dda9b9

SHA256
2b4faf5fa6f660b920eeea09c1b815dfac134c05e0f7b6f95a65214aafb44dc4

SHA512
70d5cd08a6475c9244b68f614e887b5318ff28b78117da581a14f4d5f8976edb7441a1590915aed7dfa46ea469b3c0d71ea56b58e8a94a290a0a66051865c86b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/396-6-0x000001DB8C400000-0x000001DB8C40E000-memory.dmp

Filesize
56KB

Download
memory/396-7-0x00007FFC1E3F0000-0x00007FFC1EEB2000-memory.dmp

Filesize
10.8MB

Download
memory/396-4-0x00007FFC1E3F0000-0x00007FFC1EEB2000-memory.dmp

Filesize
10.8MB

Download
memory/396-5-0x000001DBA6760000-0x000001DBA6798000-memory.dmp

Filesize
224KB

Download
memory/396-9-0x00007FFC1E3F0000-0x00007FFC1EEB2000-memory.dmp

Filesize
10.8MB

Download
memory/396-3-0x000001DB8C3E0000-0x000001DB8C3E8000-memory.dmp

Filesize
32KB

Download
memory/396-0-0x000001DB8BEF0000-0x000001DB8BF02000-memory.dmp

Filesize
72KB

Download
memory/396-2-0x00007FFC1E3F0000-0x00007FFC1EEB2000-memory.dmp

Filesize
10.8MB

Download
memory/396-1-0x00007FFC1E3F3000-0x00007FFC1E3F5000-memory.dmp

Filesize
8KB

Download