d755331262471b1c5fb7c47ad5e0e5129f8c103f3e5df06120b3f8db61c31aae

General

Target

BrickHillSetup.exe
Size

1.6MB
MD5

085c248832ef03881059faec18eae7ff
SHA1

8477892aadc283f5d000b2c36e4c44c370f59727
SHA256

d755331262471b1c5fb7c47ad5e0e5129f8c103f3e5df06120b3f8db61c31aae
SHA512

80d3327168c4597554f441cf29360d9ae982bd36afa7e6409c6e2b779eddc7a522f2bdcd190a82517fb445bf7714377f30a79c2cedea168f19139d82cc94c43f
SSDEEP

24576:u4nXubIQGyxbPV0db26ifZbRQKiFDhbGh3+shiy/wxwWIFgi5LPxf0XE:uqe3f60oKil5QhiyPbFT9eE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

BrickHillSetup.tmplegacy_autoupdater.exe

pid process

3144 BrickHillSetup.tmp
4724 legacy_autoupdater.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 5 IoCs

Processes:

BrickHillSetup.tmp

description	ioc	process
File created	C:\Program Files (x86)\Brick Hill\is-BMUDD.tmp	BrickHillSetup.tmp
File created	C:\Program Files (x86)\Brick Hill\is-6Q7DH.tmp	BrickHillSetup.tmp
File opened for modification	C:\Program Files (x86)\Brick Hill\unins000.dat	BrickHillSetup.tmp
File opened for modification	C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe	BrickHillSetup.tmp
File created	C:\Program Files (x86)\Brick Hill\unins000.dat	BrickHillSetup.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629401182992202"	chrome.exe

Modifies registry class 6 IoCs

Processes:

BrickHillSetup.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\brickhill.legacy\shell	BrickHillSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\brickhill.legacy\shell\open	BrickHillSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\brickhill.legacy\shell\open\command	BrickHillSetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\brickhill.legacy\shell\open\command\ = "C:\\Program Files (x86)\\Brick Hill\\legacy_autoupdater.exe %1"	BrickHillSetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\brickhill.legacy	BrickHillSetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\brickhill.legacy\URL Protocol	BrickHillSetup.tmp

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

BrickHillSetup.tmpchrome.exe

pid process

3144 BrickHillSetup.tmp
3144 BrickHillSetup.tmp
2788 chrome.exe
2788 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

2788 chrome.exe
2788 chrome.exe
2788 chrome.exe
2788 chrome.exe
2788 chrome.exe
2788 chrome.exe
2788 chrome.exe
2788 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

legacy_autoupdater.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4724	legacy_autoupdater.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

BrickHillSetup.tmpchrome.exe

pid	process
3144	BrickHillSetup.tmp
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BrickHillSetup.exeBrickHillSetup.tmpchrome.exe

description	pid	process	target process
PID 2132 wrote to memory of 3144	2132	BrickHillSetup.exe	BrickHillSetup.tmp
PID 2132 wrote to memory of 3144	2132	BrickHillSetup.exe	BrickHillSetup.tmp
PID 2132 wrote to memory of 3144	2132	BrickHillSetup.exe	BrickHillSetup.tmp
PID 3144 wrote to memory of 4724	3144	BrickHillSetup.tmp	legacy_autoupdater.exe
PID 3144 wrote to memory of 4724	3144	BrickHillSetup.tmp	legacy_autoupdater.exe
PID 3144 wrote to memory of 4724	3144	BrickHillSetup.tmp	legacy_autoupdater.exe
PID 2788 wrote to memory of 3716	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 3716	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4908	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4300	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 4300	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe
PID 2788 wrote to memory of 2556	2788	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\BrickHillSetup.exe
"C:\Users\Admin\AppData\Local\Temp\BrickHillSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2132

C:\Users\Admin\AppData\Local\Temp\is-UB975.tmp\BrickHillSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-UB975.tmp\BrickHillSetup.tmp" /SL5="$4020A,810935,780288,C:\Users\Admin\AppData\Local\Temp\BrickHillSetup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3144

C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe
"C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe"
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc74cbab58,0x7ffc74cbab68,0x7ffc74cbab78
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1944,i,15788246442691012808,10738012663504890639,131072 /prefetch:2
2⤵
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1944,i,15788246442691012808,10738012663504890639,131072 /prefetch:8
2⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1944,i,15788246442691012808,10738012663504890639,131072 /prefetch:8
2⤵
PID:2556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1944,i,15788246442691012808,10738012663504890639,131072 /prefetch:1
2⤵
PID:4136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1944,i,15788246442691012808,10738012663504890639,131072 /prefetch:1
2⤵
PID:4108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1944,i,15788246442691012808,10738012663504890639,131072 /prefetch:1
2⤵
PID:3276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1944,i,15788246442691012808,10738012663504890639,131072 /prefetch:8
2⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1944,i,15788246442691012808,10738012663504890639,131072 /prefetch:8
2⤵
PID:1680

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:4528

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff761a2ae48,0x7ff761a2ae58,0x7ff761a2ae68
3⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4656 --field-trial-handle=1944,i,15788246442691012808,10738012663504890639,131072 /prefetch:1
2⤵
PID:552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4448 --field-trial-handle=1944,i,15788246442691012808,10738012663504890639,131072 /prefetch:1
2⤵
PID:3900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4172 --field-trial-handle=1944,i,15788246442691012808,10738012663504890639,131072 /prefetch:1
2⤵
PID:4724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4664 --field-trial-handle=1944,i,15788246442691012808,10738012663504890639,131072 /prefetch:1
2⤵
PID:3800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4884 --field-trial-handle=1944,i,15788246442691012808,10738012663504890639,131072 /prefetch:1
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe
Filesize
739KB

MD5
89fa4ff754a6c62e9bfeaac61e7faccf

SHA1
eaf18795d6442324429f44cda43d6cc36471f7e4

SHA256
b148fbcefa7934109d472fff2cc37019febb6f7a05db4d78abbf57939b0a691d

SHA512
dcec885762fb86ee5077ce5053d45d30570ffad106f06038f615dc400632a2633cdff1cde48436a325fbc3cf6862d5a2e1ee2f802b6dd7361f74d1a2afcb83c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
88b1f94b070ccfb1625f5cb2eff8928b

SHA1
4f3165f8ad156383aa947c3ff350af5e0337c7bb

SHA256
42cbdd994e6f930e045fde4fbfcc9a4be6ac0650c71399898f99651c8b9e1259

SHA512
ecd7abee6efd4c402525fe8e2b9483e93fd3d08546d6836ea36f50a6975cc3cf8bcc96b20c5a93f08b0ccd05bd23ffc9b46e75937d9b7b37bf18c5aad8ce4e08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
34ca29547f9761aa58e1c49748a22533

SHA1
02cd76bf8e38877a4d4a07b5c1452968d6aa07d3

SHA256
5f7970b18eabdf8c44011c60ad9f8bb1b47f45dd83ac403498ab6ef9d634d50a

SHA512
24b49c96761786d764ac0eca3fd03c2f77e2ca67d4a90b0d6f3f00ee5d02e5500397b861f7246b24ebbacdadc3bcd3ea0770eca459640fa324ea68a823f0982a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a553567608268437d5a72e8bac7b416d

SHA1
cef15723826f299b98b11b9a3b25dcaecc30b159

SHA256
3bf73f4f4f72a5a69451aacdaf625ecab89a64084966c6939b146d80517e82d6

SHA512
a3ea82def0808d228371de71931ba9eaaa9e6be8213e7217cb3e89091647afac1613297618fc6da524218f8a18048e94c7a4b16e63aa868acf827ec670ab01f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
c0a4e22853250b3e04f30b1fc30ce44a

SHA1
756f99faebfc6b99dc6ded7506d79291fabe431d

SHA256
c7b6444a1d4d2624e2e64b2941cf76a3c934b5c66d17479434db4bd5c676371e

SHA512
6ca5cea9ab273ce150f2b28cdb6b36324382be566f0843aa05db0c1db786a83c570de58d332c1fe5383a73a6f9de8d087c72a24a9a92cddc2b8acbe2b7082327

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UB975.tmp\BrickHillSetup.tmp
Filesize
3.0MB

MD5
7e06750376491b308c2a6e35eca13b1b

SHA1
36ae9cc7ac76bc97288ff1c36c4aef9cbb8b1e47

SHA256
628a8a5e02456d23de8dec3a952f9e0ae3c464aa4a2ef884242e4486920828ac

SHA512
a77e1d2917a5e77abb25732b056da980107550eb1e801c02f71db6c6941690fc20a4ee52700205d5c1d7f8a981b2b13c7fd6b79b582eeb1ce5f9c97f7e0ffea0

Download Submit
\??\pipe\crashpad_2788_NEGXOEYKSLWCEGEI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2132-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2132-0-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2132-9-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2132-32-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3144-31-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/3144-26-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/3144-10-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/3144-6-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download
memory/4724-29-0x0000000073140000-0x00000000738F0000-memory.dmp

Filesize
7.7MB

Download
memory/4724-24-0x0000000004EA0000-0x0000000004EAA000-memory.dmp

Filesize
40KB

Download
memory/4724-23-0x0000000073140000-0x00000000738F0000-memory.dmp

Filesize
7.7MB

Download
memory/4724-22-0x0000000004D80000-0x0000000004E12000-memory.dmp

Filesize
584KB

Download
memory/4724-21-0x0000000005230000-0x00000000057D4000-memory.dmp

Filesize
5.6MB

Download
memory/4724-20-0x00000000001B0000-0x000000000026E000-memory.dmp

Filesize
760KB

Download
memory/4724-19-0x000000007314E000-0x000000007314F000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads