hxxps://atemzeit[.]fem[.]jp/gt/?wptouch_switch=desktop&redirect=https%3A%2F%2Futm[.]kadiapack[.]com/trans/?app=padamn@mullinscheese[.]biz

Resubmissions

25-06-2024 14:46

240625-r5legaygrl 10

25-06-2024 14:44

240625-r4madawcpf 10

Analysis

max time kernel
118s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 14:46

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://atemzeit.fem.jp/gt/?wptouch_switch=desktop&redirect=https%3A%2F%2Futm.kadiapack.com/trans/[email protected]

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

156 api.ipify.org
157 api.ipify.org

flow	ioc
156	api.ipify.org
157	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

LogonUI.exechrome.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "221"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133638004226665042"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2604 chrome.exe
2604 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

chrome.exe

pid	process
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

5208 LogonUI.exe

pid	process
5208	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2604 wrote to memory of 856	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 856	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 1096	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 5108	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 5108	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 2176	2604	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://atemzeit.fem.jp/gt/?wptouch_switch=desktop&redirect=https%3A%2F%2Futm.kadiapack.com/trans/[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd77c29758,0x7ffd77c29768,0x7ffd77c29778
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:2
2⤵
PID:1096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:8
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:8
2⤵
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:1
2⤵
PID:3148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3256 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:1
2⤵
PID:4656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:8
2⤵
PID:3644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:8
2⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5296 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:1
2⤵
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2660 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:1
2⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2820 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:8
2⤵
PID:1456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5960 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:1
2⤵
PID:3364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5708 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:1
2⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5688 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:1
2⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5776 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:1
2⤵
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1644 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:1
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5716 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:1
2⤵
PID:1684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3748 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:1
2⤵
PID:5172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4088 --field-trial-handle=1712,i,16419342867601736486,15937246262055511667,131072 /prefetch:1
2⤵
PID:5276

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3972 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:2916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c4 0x390
1⤵
PID:4644

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39a9855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5208

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
Filesize
1024KB

MD5
4c332dd2ebf80a0ad19e2bdd3d9cff37

SHA1
1c21b8052b966b4ab12b5a06ecab74be47321ccb

SHA256
930a1add99fda61f70e8d1c44e4dfc1fea13e7afdd461f0d9c21b95de8847696

SHA512
38b4fe169257cadf0f0cc4c17b8ca68d7cbe62651eaf5884176b2bf4af7bb580f308d1d990cceab4e3cfde74dc4645bbbc6b486d718ab7a14d8365ae2e5b8259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
aed9f00187bf6f9f51095d1c63cc34bd

SHA1
75385c2a8554da066b3af0112daa85c41f48f167

SHA256
a46ff14c3e32388bca63926f9aa783635267ab6e576218ace941bb1cf03e58a5

SHA512
8f9819d2ea5f16e256aa3ca7a25f8d6f9b89c274972e49991ebd3d4cd718e7b5e226545f77ff43bf76e01fc948a1778ee1347f392cdae5ebff4c82dadcabc3bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
ebf129daf8f826f069009cda6765f1a9

SHA1
7f42ac5a0d6bdbb211c133acc45f18e8a24c5755

SHA256
67fced0c99a90151f1118f0bf934062d91e9e1d47855f06d6d8ecb52d207ed10

SHA512
1683cb3744d47bc0dcec83a72dfe0c467605355a4c8c3694089b77c2604acdee33dcec249e87e2d0cff5273bf9fe0845aa37e36a8fce72db58facebc87a8bb33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
ba3bfe18a9e193f0653a2c6eaf3539ec

SHA1
4d883d0d40c6d34f03411b04471b121c1eb1d46e

SHA256
bf935edd3ae2f1be28d6799556af4a28aaed2eacd17d49de24a20d98ef09a900

SHA512
c13eb535befedf706c8b6a9bcc42f15ff7c89617ac9115b2d4853a14464bbbbead9e4dc72ffae95bed86b0c045c24605746a66b9b83ccdefaf1ed121fa0b6bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
7bb90f2cd50f006f440e94247c975681

SHA1
70fe0db894c522b478e5bffd1f97737eca3db42e

SHA256
f3aee60172b86b8465cabedb70c782449dd5f62b3c7f7f843c88e74a24959aac

SHA512
40024ebf24e1500ae68951ce97e9af689c2caa1015e2922e80c8ab633f7567a6f50edf47dddca7395a01df3659571cfcdb1b49a3902e68c440fa283ffa684a24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
aa172edc7426b94f1115693983031167

SHA1
78b09a8d20f44041f8726b320529ff95762c9abd

SHA256
934130b22f60ae240e1b63fd256421b1cca6b204274f2bf03ff82cdcbd95e81d

SHA512
a06d2107d8b6f2dea9c384fb406d2522eb14851c29683a16ef7f5f4644a094ae184df08af017e2782e2670d45413fe3923dc05c7270ab58f7dae3a0dc8f17e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
86ad22aea9186398883f290949325745

SHA1
f3c3bc3b962381dbc43529bcfc374fd682ea9b9b

SHA256
b2c508ae984e0878195a48a0fc253f7852a0898cc0c04280a40aea31b06d4e8b

SHA512
b85a0823396bd1b60d521d6ec21ff83f9d55094b561ef2c83d427754a3d472e1dc2a6c9d84cae0eba4def167e68cbbde0ee4ac08debaab9d89b46e69bd881bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
18cadebd25c93fd30dee80232ed4e62a

SHA1
970631c6698fc072fb416f6fb7da84e12ce1da34

SHA256
62f05f0d6d2fa627cd3e91a2134674cd0a3fa6248129a8289735095b79380b57

SHA512
493879baa7ca3ab7d5b3f9c623c43ffd31f51b54361f40e6ea1416864308a672f43984015aa7b31a3d12907bea0b6dc910b5097e3a595cf0363cc3e7efe4986d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
ecdbabf9e2ee8818c99fc43b493f719d

SHA1
4dc829915d5d1e7cd3974fd7b6c30b7360129e1c

SHA256
0a9448bf075cff8bd7aff37935e8e83c5c64a4696d3101887462b463195eea3a

SHA512
ec19c5ba2efab146eede0de8ac2344f9a0543cdb94be4039ede06efa22816bb6c26e3cb5150f91ad6e7efb197baec6a873d9eccb04132b6f566b3609769c3547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f1f951af8188078654fb6d173f6350f6

SHA1
24c3c0e8b8d6598506cbe917a644242e06bd99b2

SHA256
8bc0222b03789da7974be803d79010732106ce7042ba9bcb45f7b7655c95cfb6

SHA512
d979d00aa51e49e102fff0380d9964accd24c8547165c43afb2eb1035920818a461e2370bf1da16ab7646af529b654f74bb41d67b96167bd5a1eb4e68a462419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
8ea0f65f394c98a0d87e77a258d18f49

SHA1
08f323848573b2f07a35de3c0a94aaafefd828b6

SHA256
914b6db5add982eaa16167aac337c90718fb5e612776e6e24a16c443731169f8

SHA512
ebf160a2e0c14c97ced836a79f9a76473627e026bba50dc5400f1b18acb6f3aa1cc0b2e77bad3e3d799a0e9e0a357a03d84b0c353dbccefd236cd73ed30edbd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9c861ac0c9fdb23338fca96a62dc22cc

SHA1
1dd28088484153ae8872a097688e2776ed8a7423

SHA256
d11c4f0f5ab1a2d6deb8ef9ee9796cee78ff66bf6ac4d05fc3ea86a798fda82e

SHA512
b50ac2c70534a1da6aee1993610e9eed77caf9b6ddb019da438af1c782b29ac2e112fa86fc0aa14ff33a76f3c73e47d28f39ca3a9c7b5df9f1641f79d4a90ef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
a91fc925deb6df7da195079765228187

SHA1
c85c0196b6d3d2bfae4a0387e08e4c81ef83b996

SHA256
ee591aa22edc66217835683f2cf54d71a0c0b465fc739625cc1fa7f33e0974da

SHA512
16cb984a405ac8dbd6b3bfe2bd5b233252c17e75e4eac397c0d9dab42688582e7dbb0eaed31b6a74f3a9d9d82f3afc34ad9d270ed0514b48a16903409c445280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
a94978672894da4c33568f0375ae5820

SHA1
ed5c573a27a38c905b05fc490b27385a3f1a7949

SHA256
bfdce6a82e226f5f2a3d6757f17f1a0fd6390a55bde91636fb7e94a0fd1c399a

SHA512
8a61083182b2762f604350fcf861c71a968f5eced0745b235acc71134fa7738c6e66feba5a76ab9f487d7f2260bb425fc45900244c6b4c6cbc46d3f3e0014578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
14b6179dce2e1758476f43a0ad0ddd96

SHA1
9377cb5bd94fd690b8115f08aea3ac6fde1867a8

SHA256
de835bb1a013bf09a5ec97200fb02918a37f3505dffa3b601b0e762aec34f93a

SHA512
ea21e42cd9211a959d2f542bf79ef9d2c1ad19c60d796f958c4fb88a75b3d05b05f5b9bdf1b3550bcb58772c662d30480ae177086739fa6f26fcb6e7a36151df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
cf036111f3f25ac490d742d3fc8f6a11

SHA1
b7c3550815abe9128d77a37a1058c03092eddd07

SHA256
666193a9351b3a22affb4821a9d53c6c9c04e65e9afa950fe6caf52549506d8c

SHA512
190f13a6fa55f88532049c2e30751a4d2af4bf7bb2cf147ce24704fb09d910c63972432c2338bcf89a66a2cf44faa5ece34cf6b7d7c7b6fa18f611d36507f053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
4248b18bc07295b25f0be7cd63e9f882

SHA1
c71ead31f3ec78aeb09f5f9118ac4bcd86870469

SHA256
4168c7d98b8d4e8df6800b760d0af7c9c793f7e31dd1f336b0dcaea64b97d6e8

SHA512
5cc3e002167e3c2af5dd8057e38e3d0fe972c7b38e3c81d81d72c432b475e2e2b255982e492270608b50b7fe8bc702ac6921d1976f3ece447d8335d3ce3e65b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
11cb67956714ad10e28bdb46fc6e6df0

SHA1
d3cca459505bae9d9986a3a03e5a8cf76e9de36d

SHA256
86e40bfaf1f5e7cf5202d08298074f373131fc78a5c82d57e8bb9c83d774b7e2

SHA512
20a4be294628f249f4681695470bfb4789a4811506a31ee392836bb508ea080e4a811b0892558a1f7511da1930b218003ca31361034ca0d2271b1bfba83e0118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
3f97607fd2c66fc718fdd0cdf5e78eee

SHA1
c0bc9ed80829f0a82f966869516cfce44ab7b841

SHA256
1f1829dcf3766dfc5640e859b3f9ecc91ea9feb0229d9979bec6c75c69e4e404

SHA512
2c94cf57d966924e7874291283ad6406df72a2a45f7ce49d04792bbfcd1e492d746a62da9ae163b5f7a440613cb0833bdd807e3c4f5f8d3b84c6112a4f05d295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
a76c88a26d7e01cf249348a2525d07db

SHA1
777f3adf83dd123eba28322e13b7e1ca413a7d4f

SHA256
54fbd7404b04296af705bcc8007bddd16aa8b89289669f1bd1fbea97a27d1bbe

SHA512
7c5278d5241f95acd5abfc95b1bd58c5bb06cd7bcd946e7c43031d898423e27066a26111ec7bff6a1c93f6d37930bb8feaa1a6b671b3f950fbda155b86978c21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2604_HZMJYBZWJYBWPHAE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads