Overview
overview
8Static
static
1file01.js
windows7-x64
3file01.js
windows10-1703-x64
3file01.js
windows10-2004-x64
3file01.js
windows11-21h2-x64
8file01.js
android-10-x64
file01.js
android-11-x64
file01.js
android-13-x64
file01.js
android-9-x86
file01.js
macos-10.15-amd64
4file01.js
debian-12-armhf
1file01.js
debian-12-mipsel
file01.js
debian-9-armhf
1file01.js
debian-9-mips
file01.js
debian-9-mipsel
file01.js
ubuntu-18.04-amd64
3file01.js
ubuntu-20.04-amd64
3file01.js
ubuntu-22.04-amd64
1file01.js
ubuntu-24.04-amd64
1Analysis
-
max time kernel
184s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18-06-2024 18:45
Static task
static1
Behavioral task
behavioral1
Sample
file01.js
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
file01.js
Resource
win10-20240611-en
Behavioral task
behavioral3
Sample
file01.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
file01.js
Resource
win11-20240611-en
Behavioral task
behavioral5
Sample
file01.js
Resource
android-x64-20240611.1-en
Behavioral task
behavioral6
Sample
file01.js
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral7
Sample
file01.js
Resource
android-33-x64-arm64-20240611.1-en
Behavioral task
behavioral8
Sample
file01.js
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral9
Sample
file01.js
Resource
macos-20240611-en
Behavioral task
behavioral10
Sample
file01.js
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral11
Sample
file01.js
Resource
debian12-mipsel-20240418-en
Behavioral task
behavioral12
Sample
file01.js
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral13
Sample
file01.js
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral14
Sample
file01.js
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral15
Sample
file01.js
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral16
Sample
file01.js
Resource
ubuntu2004-amd64-20240508-en
Behavioral task
behavioral17
Sample
file01.js
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral18
Sample
file01.js
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
file01.js
-
Size
85B
-
MD5
035fcf1a2f6722934f56846b8df9ff5f
-
SHA1
4c13ad3cf6e8783615e8d4a42a66decdd0b4f8c2
-
SHA256
7d35208b00c592d483ac98bed41448ef816aac6e20df697b7fb84cc224a086c6
-
SHA512
8edef50d1f7d734cdfcb4792ec7c1d8be5735eacbae790730009b209d84a0e206063f23233a699e640ee1d171429246484f17b223265a5fdedc59850addf83f4
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies registry class 12 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell\edit\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell\open rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\ rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.bash\ = "bash_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell\open\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.bash rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\bash_auto_file\shell\edit rundll32.exe -
Opens file in notepad (likely ransom note) 2 IoCs
Processes:
NOTEPAD.EXENOTEPAD.EXEpid process 2540 NOTEPAD.EXE 2876 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 34 IoCs
Processes:
chrome.exetaskmgr.exepid process 1748 chrome.exe 1748 chrome.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
Processes:
taskmgr.exerundll32.exepid process 2432 taskmgr.exe 2984 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe Token: SeShutdownPrivilege 1748 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exetaskmgr.exepid process 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
chrome.exetaskmgr.exepid process 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 1748 chrome.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe 2432 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 1748 wrote to memory of 2556 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2556 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2556 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2612 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2504 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2504 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2504 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe PID 1748 wrote to memory of 2444 1748 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\file01.js1⤵PID:1996
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1748 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c19758,0x7fef6c19768,0x7fef6c197782⤵PID:2556
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:22⤵PID:2612
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:82⤵PID:2504
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:82⤵PID:2444
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:12⤵PID:2904
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:12⤵PID:3000
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:22⤵PID:760
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1428 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:12⤵PID:304
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3020 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:82⤵PID:1876
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:82⤵PID:992
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:82⤵PID:1764
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3740 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:12⤵PID:936
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3196 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:82⤵PID:1768
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2408 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:12⤵PID:1328
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:82⤵PID:1320
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2416 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:12⤵PID:2544
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4076 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:12⤵PID:3036
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4192 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:82⤵PID:2100
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4312 --field-trial-handle=1376,i,17906223621543448907,15336067068990018641,131072 /prefetch:82⤵PID:1536
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2664
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2432
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\fun.bash1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2984 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\fun.bash2⤵
- Opens file in notepad (likely ransom note)
PID:2540
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\fun.bash1⤵
- Opens file in notepad (likely ransom note)
PID:2876
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5660ce4a16acfd9300d7d90586907b91d
SHA1dc2213e37a480a8c328390ae7bf9c4e988f30693
SHA256c22d29c44f1031f196777e7c57b5e08168507da9d140fc19268e2d10e2926e36
SHA51297318da2923df2aae809ca77e88ce65917b3a596602666df5a34fe77f5e3b4913b17a020b613c576f1f7fa02166e7e21f21d411aed5ca9b43217f7bede95378c
-
Filesize
279KB
MD55e40f06fecc929ba7f0fd9e002b9b99b
SHA1cd83374eaaac0ba012f86447de30719ad0f95567
SHA256588dcf5f9a46edb3d2e5976b79e053b0f56295b30dc9a206996ea4d6a1d5f2f1
SHA51243220600b4e448d1e0a25f341fc1b79d5332cf096a3da471c3a0b1e5a582e6a5db2149567e120e345a44606bf65fcb8edffeda4676b8a9d106359369f58ec56b
-
Filesize
69KB
MD5921df38cecd4019512bbc90523bd5df5
SHA15bf380ffb3a385b734b70486afcfc493462eceec
SHA25683289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f
SHA51235fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5
-
Filesize
326KB
MD5f9aaad4ba56686b732f585534a79ba29
SHA1d8f7c5244b305dab6e9a157a032e6c09cb599db8
SHA256ad233529f61ef20e088a5f0068bea402097d028e06849c14468506aaa292d824
SHA51204101d276be1561515b76167f32df22f14976ec36ee485687f709e18f52aacde2c5508b1fb068b1e744b10b6192954942cfe0992df62ae1c4ba01da1d928eb3e
-
Filesize
133KB
MD5b609af4f8ac31c8ca07d489d909a6902
SHA132450b199004e269a69fb211dff176cdd5170976
SHA256f5ac7e1c949dee2187d2d94e8034da9727eefefbd3ad9839c70356c1f05fabf2
SHA5120717c49d0051e1a69f175fa95bfd7deb4b8071e11e9b8bef3199f7dbd2b126421c7975cbf54a7f0bacd10bf626a640991d03bcd166f9fa2ffd1b860007b53c38
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
361B
MD510ae043f674a7b29549fe2db9d79acf9
SHA1a746bd5c28c958bad1668f82e9eba544920397fd
SHA256d4de60b0c228062f5013732ac47b31217edca12d7c51c9fd5b24fd4d6ed5e5df
SHA51231be2e4834f372f8fcaf2a7fa91a25a11c5ccd7dff3cc9d64c24f0c3c9e784b02e723c38e466cad6f0a490983fa224ad319c3c212f77206dd934e6385048f02d
-
Filesize
520B
MD5ea9b914f49635576fb96ee033057a508
SHA1f401f51581c13b3e4d8be732dcd237055bec91e7
SHA25607dc8b7ae5e700e2e36299cba5a6eeffa1c53807701a30d7551d744e1a0d66a3
SHA512e755d0dd029d43b71bed599232d3244387d908f1c79ee3106ebbe4138b6626e9377f1c2b404f0306db377780c9317dfda393bc87e7994dd74dea3357079132c1
-
Filesize
361B
MD557194779ca7b21a1da5202b8ac68e006
SHA111d4dd69fa1650373c54984d758b74c1ae7d0947
SHA2565581815a95d1a7992ffeb56e82fb4926497d2e0a98aeef3de66d0b19f74ec384
SHA512bd2779b12547deafc8356413347b49a8b71f748464cb040413bf29eb42676d94ea0172c59dbb8b2a42d0d4451f046fb40c98bdc632d4ae95d400287f5203e460
-
Filesize
6KB
MD59855d678dd1fb5c7ff3b38bf84e99b5c
SHA11cb53c7b0edce095380e9eadd20af245560855df
SHA256dfd09e94f97377df51751eb927cb42a145df1e52cbd0fcbbd0f23056d4523c20
SHA51279341d7e4c26f32fa09321ab8885ae255885f9f66d6784eaa24441040770528ffef0e2e30f70d03e4509ab85a7b112ae4cae4203a91dc078964713ac318f092a
-
Filesize
6KB
MD5eb6e767aa07aa394168c3ec65c9d3cb5
SHA12538b1daf5ee99422d36c2497e5fa83ba0c05ff5
SHA256871a0b3c60b7a69fd5a90e8309d4baeebb410ab6b0ca69d84ea4a7d636f86989
SHA512f042012a675bf8b4539b76598e3ffdf8fb5a524754e7a420059ea61719bbfdd3debe82ba839cd4e389719bc64c27da26a980ff1b7e8e3a1ed7130b4790d8f69c
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
279KB
MD56d8d3b6388f7afb3a5f1dc584a138f88
SHA151c2f62b1e45f3904ba984c234be15d0172c93c2
SHA256caf5ea6ce22fe095809890b0231bcf4b3e0b86783525038c55fdbe1646ebcd9c
SHA5124c1310958676cfc973469b8215ea3df9303bae33a549d8225f7741ea0eac24d8b65c88ebb635fc0077185bfeadd88ef5e4c2093c6bc04244b8aa86d2cd7185bb
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
8B
MD596db3a4107eb507ebb9ce86f1b172e2a
SHA1c1891a0edaa4de3c5d510afc9dfcf11561db3a5e
SHA256b0a6c77ad0b003d97234240bf05fb9cbd6fb393fdab5f185c68a2e9d6db72c4a
SHA512be903f0e4eeca27ac6906297a38de3a3316f738a23e27ea585a793bf24f4b6d9b4af32a5074338c07ef2231410843a3f779daee87e529548608f279917dc3335
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e