Analysis
-
max time kernel
174s -
max time network
174s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
20-06-2024 13:56
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win11-20240508-en
Errors
General
-
Target
sample.html
-
Size
19KB
-
MD5
e3386bac182892f961271027999cec62
-
SHA1
b299843e3a4ab1df294cd912c74ab461e2069d23
-
SHA256
bba6a4a7026e2b901244d98faf453582f4795461866581aba530565f4a512ac7
-
SHA512
8a87e99b387f47f57bd694c321cce4dbec968294137f86f6d117f5f49744f534b56918eb6cd4f8d3ec5f044ae01a3410027b9fab050e115aae2ea17b429d5b1e
-
SSDEEP
384:J4rIvspY1ocy4w4lbGa+CvhpNL9/eecYFeK2fa2hOwV0b0QCPNxCqcR1:261ocy4fEaPJpNp/eqZ2hOwSb0F1xQR1
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633654411260105" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings chrome.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier chrome.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3052 chrome.exe 3052 chrome.exe 1916 chrome.exe 1916 chrome.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe 2684 MEMZ.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe Token: SeShutdownPrivilege 3052 chrome.exe Token: SeCreatePagefilePrivilege 3052 chrome.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe 3052 chrome.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 3772 MEMZ.exe 4760 MEMZ.exe 2340 MEMZ.exe 2684 MEMZ.exe 3772 MEMZ.exe 2684 MEMZ.exe 2340 MEMZ.exe 4760 MEMZ.exe 2684 MEMZ.exe 2340 MEMZ.exe 4760 MEMZ.exe 3772 MEMZ.exe 2684 MEMZ.exe 3772 MEMZ.exe 4760 MEMZ.exe 2340 MEMZ.exe 2684 MEMZ.exe 4760 MEMZ.exe 2340 MEMZ.exe 3772 MEMZ.exe 2684 MEMZ.exe 3772 MEMZ.exe 2340 MEMZ.exe 4760 MEMZ.exe 2684 MEMZ.exe 2340 MEMZ.exe 4760 MEMZ.exe 3772 MEMZ.exe 2684 MEMZ.exe 3772 MEMZ.exe 4760 MEMZ.exe 2340 MEMZ.exe 2684 MEMZ.exe 3772 MEMZ.exe 2684 MEMZ.exe 4760 MEMZ.exe 2340 MEMZ.exe 3772 MEMZ.exe 4760 MEMZ.exe 2340 MEMZ.exe 2684 MEMZ.exe 3772 MEMZ.exe 2340 MEMZ.exe 2684 MEMZ.exe 4760 MEMZ.exe 3772 MEMZ.exe 2340 MEMZ.exe 2684 MEMZ.exe 4760 MEMZ.exe 3772 MEMZ.exe 2340 MEMZ.exe 2684 MEMZ.exe 4760 MEMZ.exe 3772 MEMZ.exe 2340 MEMZ.exe 4760 MEMZ.exe 2684 MEMZ.exe 3772 MEMZ.exe 2340 MEMZ.exe 2684 MEMZ.exe 4760 MEMZ.exe 3772 MEMZ.exe 2340 MEMZ.exe 4760 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3052 wrote to memory of 3096 3052 chrome.exe 77 PID 3052 wrote to memory of 3096 3052 chrome.exe 77 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 540 3052 chrome.exe 78 PID 3052 wrote to memory of 2980 3052 chrome.exe 79 PID 3052 wrote to memory of 2980 3052 chrome.exe 79 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80 PID 3052 wrote to memory of 2424 3052 chrome.exe 80
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff98349ab58,0x7ff98349ab68,0x7ff98349ab782⤵PID:3096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:22⤵PID:540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:82⤵PID:2980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:82⤵PID:2424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:12⤵PID:3328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:12⤵PID:5104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:82⤵PID:4904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:82⤵PID:4212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4432 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:12⤵PID:3336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3292 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:12⤵PID:1404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1492 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:12⤵PID:3024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3108 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:12⤵PID:1840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:82⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1816,i,14722346251635441608,506807498855938650,131072 /prefetch:82⤵
- NTFS ADS
PID:2344
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4248
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4504
-
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"1⤵PID:3056
-
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2684
-
-
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog2⤵
- Suspicious use of SetWindowsHookEx
PID:3772
-
-
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog2⤵
- Suspicious use of SetWindowsHookEx
PID:4760
-
-
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog2⤵
- Suspicious use of SetWindowsHookEx
PID:2340
-
-
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog2⤵PID:2064
-
-
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /main2⤵
- Writes to the Master Boot Record (MBR)
PID:108 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵PID:1040
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD5081c4aa5292d279891a28a6520fdc047
SHA1c3dbb6c15f3555487c7b327f4f62235ddb568b84
SHA25612cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f
SHA5129a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69
-
Filesize
168B
MD5e00dab59ffa0670ed77961361902e4d4
SHA11075b1b6a526020001b0a7b6264cf95ce98168c1
SHA25659a87cbbf2769011d87854fd99922b73926310380b3a223320135273dc214053
SHA512ffe37cf2b932453e05a0f1a918135bfdf6dc98a9ac8fdc9858caa57841253b3166ea25daffb1607a0656235f0af1eb57a8e7917dcbb606527c97bf06c28964e1
-
Filesize
2KB
MD5c7da519ffc5358f29b633e0b7f6d7163
SHA10496d8d8d6c480ee4080958e8a952542e777bd14
SHA2564af675c01652524b276ed105fd8896963c303b67fedbc2ea0adc381c6637a294
SHA512f73224e37ceff5b144a894598e094edc8886d272b39ba3e45fba1d4a2cde7474ff7396a8668e138f38fd31ef4846edd6ce88fdf9fe4e7a761973159d7b5d7e31
-
Filesize
2KB
MD5de86a5528b76c10da1a6c8ec85fb1da9
SHA1b8ba72e8342f443f37175aefac90b3510303dbc2
SHA25686763354c556186f135c5dda044e0ec879d0bde742048f94a85bef6c479087ac
SHA512dce5b276fae9e0572a9b2b0cfc7ae7a1dd49b575047a14a810e6601231bdc004efe010912a6c6a9903561a6e58a1f692a1cd9079f7c7545bc2a8d6516df7409b
-
Filesize
1KB
MD5f98a3c1c892aedf521085b2eee5eb68a
SHA13deb440e6f31d9e396a45f847778d0bbacae3dab
SHA256e165d930e8362f657521e2839fb7215dd23f516a68412fda072482f9f2650905
SHA512d27baf1e5b1e5da38bb2f678bb1a908c6e4058ec8c33704ef79642cccbbe16ad3e1eaf4d47780246c9d2aaf90569c7b23ecdf23478162a5756448983f3ba4917
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD579718712a8cc51df37b7e11bb5d58a5d
SHA1c53efdaa0b39ca1e78e1ed49c43e40b8196b82a5
SHA2564c5083c551d811e478e4909bb5f778ad2121b8d9a27b9fbdd54cb59b84559a10
SHA512f8f5f322b1def5ab6d64322ea24fb949b6467e010b9ccbb8676d8c45336a227ef4b79424956365533f60e7a101bb4617780c49aa0d6e9a87579984ff14f0f243
-
Filesize
352B
MD5bd8d59567fc313634b2f07730b246baa
SHA193a1c29d8eafc79e4ba18613e7ca76cd6b9f563c
SHA25629dd3c50fb59cd0cf997ea91d2a0bf0a16c17d4ec4146dc889e71555cbdb1de6
SHA512fd5806d008d4ceb4782507c87b4e7c59715d1e6f2cb9968f56efb73717b29196d9fc26bf60944b80ab7b601b14c4473751e669332875f64e25fec1df46ebf00e
-
Filesize
1KB
MD51704bfdbdf07b2480835b025db009873
SHA1f7e2fa8eedffb493fe8536f8446714d60341d45c
SHA2567b008381be82680f8f95563c935e81a5ac278137a4fd83eb25ded6932f544414
SHA512b0f1b9537e26402e937c19380c9c343a2496f489d229754c2aaa1d1e9d448f59047aaaca53c7aa1d97735b5ff3ae0516e518c1125a28a67c5bf3b2f01a3bb734
-
Filesize
1KB
MD5b8872de8cad121753acd366186e84cb1
SHA19d6c702c3a0aab62326a719a00a0bd9192d1a23d
SHA256022619f721a7321b1744a07eebe526ddd29d3fc1a3d19bf8deeb2072c93b4b33
SHA512deb46444167b8422feb9e243c1c3f64a336a7342ec886ebdc9233ec18e4c34f5e70f7322b5e4a037ed00706867c220904bf500ea5e0ffa5dbd0cf20d54e82413
-
Filesize
7KB
MD58ec9e1540e73a1784fee358dac5fa418
SHA11b7aede824dfdf7174733dc446edc302e3ef9370
SHA25614b59295a9e718e13468a3f70462939accd23c3c92abdbb06f738c8eccf7235d
SHA512fdb000fc10f290ef6cf850d404ceba8d40f28009e7acb0f2efcf1c1607b2c9af4ff487b2f584cddbacc1755c50e38559df8c4cce760ee40a1eff61ade341702b
-
Filesize
7KB
MD559e253f9c08157c103e4d08bcd493f74
SHA162d5a5841e2b9aaed696766e935a35f4a49ebfa5
SHA2567dabf7a244a00340670b1a85bb04f661af189a11a9f090ce706153ef2ba4d89a
SHA51249b87e3f13b1c93bb1381b1273c38bc5e07bf0272d1c47120620155ebde9dda596d199a41b8dd81ce81eee8bd37efc329aaece7ef89f159fa6956a1e9a91b167
-
Filesize
7KB
MD5bb54ec7a46a5dbebd32481d545b3802d
SHA18daafaf9fec2f228b66860b155d8d65258c30d97
SHA256bf5c9fd324de28a78f5ef93d396dc40fb2c14c6a8a6bad84ed56842d03b24c01
SHA512c7c740bc11e9e0aa83598f64b07ff293a44da167b2ebe3f0b8d37e7632b0516de2fc996933eee08605ec1b58090d33c57bea6d103aab6c636a5e47fb93d5894a
-
Filesize
7KB
MD5e1b7011a79eb9a33733eca1be9df6df8
SHA1749165ed95629f06173bde3e43aa392858418f87
SHA2567dcfb03cf5231fd87062fdf702f1c53e6d43e4fdc40187bda3c20716ba958876
SHA51253d4dd4e06275a6b54b5bbdb57b34b204d420572c4161d21c7f1cdb473eab564b0947d210c1b7d62099c9c231aff8e55c7aa0174c274e5fa68a36d6fd6e9f86f
-
Filesize
8KB
MD56849e4ce2bf3d45e35efebcffd35fb69
SHA122f403de4b74b89251798ca040577dc5ffd18ff1
SHA2569fac11c59a90ece0d9dfe1b9b1d8652f4254e15f50b114137d73239e2b536fd4
SHA512872f1c924834349cdbfa605137fa8ce54c3f41d648a73be0f9a02347919ec6b5a5148315e365075c9ddb830613395a2a00ed4b91fd3267de19a98aa7b6ea91eb
-
Filesize
129KB
MD533f8bb080606c37919815e338012f8dc
SHA139f143b3f183563c6c7bfd7980ad4bc0eaa14fa0
SHA25646267c98e6d708bc398172d015e0bc8d654a9bf564b1940cb973d3689269b292
SHA5122efa1b587345856b6636db57ed478172ffe5064907f44dd965df0832904f6e3d7001369c8a71e400f79fc4e96407a92d18d17b0f45a6e7edc111e63da1c11add
-
Filesize
94KB
MD55d6df63a9e99064fa091ee862f3a0f35
SHA161597720e612628e23107c04599285fbad5c6f67
SHA256d135aa7b8780bb23df378197be661677f13667fcdb228e8f0d171f8d6a9d4191
SHA512eb891fb9b6205464404e3034e4c790bd87f73e766907a0c40c8f35d11ec814529174fcf42babadde30f01df5a29f70de821992f398d3bbb387b567d17a9d4e72
-
Filesize
82KB
MD510a8c7cc66728da41ed3868ab2d18b36
SHA165979e9017c7d0114d7f9fd4df640af4b993839c
SHA256c9ba70c7f2a8945684136bef05b5314916211855773a888a9b730abdc5e26e8c
SHA512fb0fd26bd8588477394b1fb4af5b45c6bd700d5a9ab05e69072e9b4399c8278640e8ee08d07ca1b46d1a7820faa348fede2b04c289a4b398c14f2b0e2f584069
-
Filesize
8KB
MD5a043dc5c624d091f7c2600dd18b300b7
SHA14682f79dabfc6da05441e2b6d820382ff02b4c58
SHA2560acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a
SHA512ee4f691a6c7b6c047bca49723b65e5980a8f83cbbc129ddfd578b855430b78acf3d0e461238739cd64c8a5c9071fe132c10da3ac28085fc978b6a19ee1ca3313
-
Filesize
151B
MD5c0aaf6dc437b95d10bb053831c3cba7c
SHA1f3b57f1b2dfc8a4ca0f366b7d1051d68f59110d7
SHA2565d3db06bf246f33b99bfabbac16d6142e6bac695092228d5367b3cc03959653a
SHA5129effe9ccb34ac61508648e32efb4f7fe8dd5ce195259f60707c720ac4cb9ebee0f5e944bda0ebd804eb441a8a32cf56336677389a9ad59a8c1d4402c164f2ff0
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf