Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 18:06
Static task
static1
Behavioral task
behavioral1
Sample
f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe
Resource
win11-20240508-en
General
-
Target
f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe
-
Size
1.1MB
-
MD5
ec377e92adfa0307058d5833068df2aa
-
SHA1
716a1cf152b98adbb374881375c286aa4e5faee7
-
SHA256
f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3
-
SHA512
a231696ef707cc7f3e4b0e9ce7eee27bdb77c80b2ed4e82431a5f9e4a08e80dc9504d3771f6e9b843730621d8629f365f6d722273bb115eaedab0d5b3615deee
-
SSDEEP
24576:x1qDEvCTbMWu7rQYlBQcBiT6rprG8auQ2+b+HdiJUX:bTvC/MTQYxsWR7auQ2+b+HoJU
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627756078622148" chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{DB98AAF6-EFCF-4D09-B558-1CEE4FABAF6D} chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 4536 chrome.exe 4536 chrome.exe 4732 chrome.exe 4732 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
chrome.exepid process 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exechrome.exepid process 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 4536 chrome.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 4536 chrome.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exechrome.exepid process 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exechrome.exedescription pid process target process PID 656 wrote to memory of 4536 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe chrome.exe PID 656 wrote to memory of 4536 656 f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe chrome.exe PID 4536 wrote to memory of 2752 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 2752 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 4776 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 884 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 884 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe PID 4536 wrote to memory of 1280 4536 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe"C:\Users\Admin\AppData\Local\Temp\f9ea38eee9c671e2d62ebc18af5bc456a25847fbce8bc96b2830ef8859e5b6e3.exe"1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:656 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff984f09758,0x7ff984f09768,0x7ff984f097783⤵PID:2752
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=584 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:23⤵PID:4776
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:83⤵PID:884
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:83⤵PID:1280
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:13⤵PID:1624
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:13⤵PID:3164
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4656 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:13⤵PID:4400
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4836 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:13⤵PID:4364
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3040 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:83⤵PID:1268
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3044 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:83⤵
- Modifies registry class
PID:4064 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:83⤵PID:644
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:83⤵PID:4580
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5180 --field-trial-handle=1828,i,14364789207141557802,18321134792066547197,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:4732
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:81⤵PID:5568
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
336B
MD51b259ee2b10caf44f8cb4b3c0b627f0b
SHA19c23b1f7390a4b744a310f27618b9064d8807708
SHA2566462320ad3301ce1fca16325508ddfe3ee924f7b7b86b221b618f4db1bfa22cc
SHA512602312c6bb7f6d17b37fa0542784608b9cebef310a804461276550f2eb845d4c4956292d3e4f7b9a679200b0441dae96b6bcf64e5621e4d818945bcd7b2ad219
-
Filesize
2KB
MD5ef8ce33608fd231fdef45f42f0e78704
SHA1f56b01955ee0b0e51edd7a973ac507c7cb375338
SHA256340692c9f92ad5045914727105dce5fb3a2c78e301f1ee9d528e04844ee2723b
SHA512b0797e470f62f5d2e9fda243a817038152d98f05f3fddc97fe9b2749d0dfbde424e0bd3a9ff84d98c6671f291b229d4b509f24011ad251c36c565c1b5e7779ba
-
Filesize
1KB
MD5ef4408f5f4b5a97748ac20a30d35f54b
SHA123e7b64564b8a8149c3f44f5ef17edd0affda9ad
SHA256bcff9479945de985cc92a2181f805287df55d6288c6766cb91ec46fcf3cf2638
SHA5122aee624fd2c5e5957bebbad2a1f7290fa3bc7b523fd1e262af68e362e1cbb446ad84c6af0d59d9df314be4aba9042ee2a9887a257bcebc48be9b56b0183b56a2
-
Filesize
371B
MD5186566aa5139611f04f5d72c03c9f598
SHA1c10add5a0fbd08bbb33c0668e66570cb81358979
SHA256705e66dac5b860c6ea21d710151aa68e67cc04b53a85a49f7f529330a097872a
SHA5129bf5a8ac54901e05682c67ebca37d721e64edf0bcddee84638e48253d55b0f027066d393ba3d09bfe0254c214a91c3ab6dbfeaa706480f1d2f88756ff866f79e
-
Filesize
371B
MD5b5dbf84418c34c24c5858d8106a80b6e
SHA1c683363a1e62855b4c449161d1552a897559422f
SHA256da8a9b2cafb4845fcf7a3306bc5d615868c0c9e7c0a1827938c0815392cf637f
SHA51251083b1c40451e5f82cd694ead0dbacce3a2f082caeb0f374426514c10c2dff060cee979aa68c61c918b6a7c7a0d238c6b04e5ad2b3d7d173fd8d2fdc2a69261
-
Filesize
6KB
MD55bf32a2591d8cdff57a01b5128ead775
SHA119ef4f6879a1bff445caf62977ab49bd510dc25a
SHA256eb56477594648705be9cb4952cf76476dbd2cedd2887d567a69dcb18e716294a
SHA5122463b698ab57505044d600a135d28c03ff3c6a9b98a3c518e5fc6727bf0fabfda56bec4943aae24da8df2c04e8c78271fa8028ab4b7b1fae52bf29b2acc74dfe
-
Filesize
6KB
MD535bda0294bb9054cc28562e430599877
SHA153d09890981aa34cb0cc112f99dc408ce93ae7c7
SHA2566862b2b7e2d823f1c9345e8089be5e2c8ef9520218362631dcd65aa94d979e13
SHA51216d375e9b812b3fc5fda45980c14ba29c6e62b188921b389f96cba4a05063696ccb382219d5a3fd469693309a5221799cc2231de5b98076cc11d96c7859f0283
-
Filesize
6KB
MD5c8eb37fb49339f1fdbe9f96602b02729
SHA10b0bcadb9a0354e978896af5d57d5eee4070136c
SHA2563b42154319c6f9a3338fc82d4af4d286f9918127114b619eb8795258d1e8501c
SHA512d017221bc859704de425262f7ad26706862677cb628edd70678220fe64ce3aed095cdbac985529084de4ef4590642c0847e59da5e8c2e2d093f0f1b2f8b420ec
-
Filesize
276KB
MD5b980f347652b18a85b1e089a9b4f8d2a
SHA14a4cb5ee76a39db843e55390d2577a11f6928261
SHA25614865ea5273bad820aca33b3d67afb9b0b6e46109527525638e93cb18b8f2ffe
SHA5123503500ea1dacf85c08455c16d6ad82b05310acde741c3d1968c3bbf1ab831fb9c9d6f6f4c6c2130454d0dcdb570920dd674301b3e1976e20618749ccf0e23d0
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e