Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/06/2024, 12:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
15 signatures
150 seconds
Behavioral task
behavioral2
Sample
0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe
Resource
win11-20240508-en
windows11-21h2-x64
14 signatures
150 seconds
General
-
Target
0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe
-
Size
2.3MB
-
MD5
79893e931a1368ba6724110ca28247fd
-
SHA1
c0ac618dbadc8862bb774746d4e6184354fa0872
-
SHA256
0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182
-
SHA512
3e06fad67a5bb4260fe4d13b208428315258a75f6f014bedfb8ae9544be3b6d1ee5cfcb22232729e9006f25360a5996bb6d6402990b4af742c578967e71aa75e
-
SSDEEP
49152:R75gfdDlqnt41NdL7Lo45+5gYx+m+l6Id+csx+GV22i:hSqnt41P7RE5Zzm6IJu+GX
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Wine 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe -
AutoIT Executable 19 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral1/memory/3360-4-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-3-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-5-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-6-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-7-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-8-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-10-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-11-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-12-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-13-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-14-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-16-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-76-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-91-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-92-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-93-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-99-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-100-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe behavioral1/memory/3360-102-0x00000000002B0000-0x000000000081C000-memory.dmp autoit_exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639651488841533" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 812 chrome.exe 812 chrome.exe 4464 chrome.exe 4464 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 812 chrome.exe 812 chrome.exe 812 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe Token: SeShutdownPrivilege 812 chrome.exe Token: SeCreatePagefilePrivilege 812 chrome.exe -
Suspicious use of FindShellTrayWindow 63 IoCs
pid Process 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 812 chrome.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe -
Suspicious use of SendNotifyMessage 60 IoCs
pid Process 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 812 chrome.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3360 wrote to memory of 812 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 88 PID 3360 wrote to memory of 812 3360 0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe 88 PID 812 wrote to memory of 2828 812 chrome.exe 90 PID 812 wrote to memory of 2828 812 chrome.exe 90 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 4348 812 chrome.exe 91 PID 812 wrote to memory of 772 812 chrome.exe 92 PID 812 wrote to memory of 772 812 chrome.exe 92 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93 PID 812 wrote to memory of 2948 812 chrome.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe"C:\Users\Admin\AppData\Local\Temp\0544ce429a95ba5699c43d4ff5f5609f245105c82388296e852b5ad3e2ba7182.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3360 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:812 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcd2e5ab58,0x7ffcd2e5ab68,0x7ffcd2e5ab783⤵PID:2828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1952,i,5766851797443827500,3179165690803309434,131072 /prefetch:23⤵PID:4348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1952,i,5766851797443827500,3179165690803309434,131072 /prefetch:83⤵PID:772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1952,i,5766851797443827500,3179165690803309434,131072 /prefetch:83⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1952,i,5766851797443827500,3179165690803309434,131072 /prefetch:13⤵PID:1384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1952,i,5766851797443827500,3179165690803309434,131072 /prefetch:13⤵PID:2268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4028 --field-trial-handle=1952,i,5766851797443827500,3179165690803309434,131072 /prefetch:13⤵PID:3028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1952,i,5766851797443827500,3179165690803309434,131072 /prefetch:83⤵PID:4428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1952,i,5766851797443827500,3179165690803309434,131072 /prefetch:83⤵PID:2032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1952,i,5766851797443827500,3179165690803309434,131072 /prefetch:83⤵PID:2860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 --field-trial-handle=1952,i,5766851797443827500,3179165690803309434,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:4464
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4256,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:81⤵PID:3304
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
240B
MD5f2398c202babae24fdcd71f728003193
SHA1fd8ef7ad8f29eb0f37b335a5543476f813310749
SHA2560edba084f7b43fa27bc52d1b69dcac0455be17b5692d22e4ffe535a806989a40
SHA512401f60a67197813c25f6f2dfd5ad0b4f65b8ac4263524ad99f6e5242d1465fd9ca53dbc276b4bd249ade0a735abaa9b1cf8af2ea5d913147ecd85bc7858cc177
-
Filesize
2KB
MD5c0d4399a810b7a73f5bbe41d762cb3fb
SHA12805615eb2cc3cebb5cc6def7f979b0696af9987
SHA25690bebe6158f05548034600cf2d078e7ebec014e634d6cec0bb2c0b135ac70ea4
SHA5121b816a5d8ad60c2fe6c90b4f009cfee887c7b3775f8eaf156e6acc9bd4eebefc466850a861b6115f2ba316dd4b2953f90b1281d7fcc5eb17c61ce9d5a9dc9891
-
Filesize
2KB
MD58511884394ebeb9b3290366d469e7305
SHA1f062b0cb446416cafe4ede88bd9357ac514a8770
SHA256b1280bfe771cde6f702023fb32cdf42fe75c234d4dc22845ff229d8d40c533f0
SHA512b0e90a974622af965a72747defef31f87e88bc7753645578d41176be9abeb503794a826760657a6e1d30c44bb6f2d87f34d2557431445f269f601be8dd84ac5c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
692B
MD58479527bc381a481f1f292db98f66282
SHA1f9ef63d550151f6f3fe3e27a16389d4a4601e298
SHA256d1ab6a60e31c4e4e00927ac5be2f44510da46a3a1168e39de812f758ed4133c0
SHA5125ee1396bf2d25f38a4532716d164c57c6ce12d14ee24f12b1857ba5391061e3a92bf79b089febf08b52668ec6a35fe16939167b7f32c05fdf4fd1bb50e237cff
-
Filesize
7KB
MD57be2551c7d4297f026ba337fdd913071
SHA19367dee739c95716b475e0734319329bcf5b0f79
SHA256cdd7eea7cc6af268b89b6f64456a8422c42b2c36613ec8a197548fedf03b5a6c
SHA512c437daaddc5540ca528fed8c79fa324dd3ea5b6e7d0e31ec8da9533a51a00ff538470e9634b47c2d6cc0466edb6b3c72510184ef75a8f2a2b20497a407741d9a
-
Filesize
16KB
MD52d72e178614978445b6e5209a7bb67fc
SHA1651c2c5c493e836bf3483fdbffafa5a9cd1105b1
SHA256cf068ce377c75ff8fc2cc999ccda7d375ac999a0cc2e929e38d19553b37d9c04
SHA512dbe9eef3b217a9f8096e29b9a17f8619fb6da12c93f5e2ce566b314dbcd9806909766bc38e4f6178cbc75015fb465322897c32be07f4feb706434572ceb97e59
-
Filesize
273KB
MD56f1108acac0a988963016566cac59334
SHA1040cdf2d6b6bc2b920d87403a7901ee68f592177
SHA256d3da01a665b9f5259a7d5f9c54713a367c2b246fcd36189a8271777b8b57c406
SHA5126828170e6a30d9636e52c155cdaa72d9656b31ae799e0980ab9db608b989975366ad9a2fb7718fd809c5ffe467ed9b72e73ae6babf1c64baa2aaa8e23025151a