Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
27/06/2024, 14:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
15 signatures
150 seconds
Behavioral task
behavioral2
Sample
9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe
Resource
win11-20240508-en
windows11-21h2-x64
14 signatures
150 seconds
General
-
Target
9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe
-
Size
2.3MB
-
MD5
6be2c97dab14a4d3cbd8631c70c0108f
-
SHA1
501367acaaf8b475fcb8af9d679aa222b1c3b18b
-
SHA256
9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695
-
SHA512
dfba259d1bab62190667b0b4e3961bcb9997c0278dba3e673772c014ef99052dbfe4f11aaca10f43073e23f757d471a1d2981d8f419fdcacb09d19e161ccf1ee
-
SSDEEP
49152:+dDMmLsoQLaY6I1oRZsA7/xVFHeL2H3+Z8za2d:+p06nRuA7RW2X+o
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Wine 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe -
AutoIT Executable 14 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral1/memory/1204-3-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe behavioral1/memory/1204-4-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe behavioral1/memory/1204-6-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe behavioral1/memory/1204-5-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe behavioral1/memory/1204-7-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe behavioral1/memory/1204-9-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe behavioral1/memory/1204-10-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe behavioral1/memory/1204-60-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe behavioral1/memory/1204-85-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe behavioral1/memory/1204-86-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe behavioral1/memory/1204-87-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe behavioral1/memory/1204-93-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe behavioral1/memory/1204-94-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe behavioral1/memory/1204-95-0x0000000000FB0000-0x0000000001517000-memory.dmp autoit_exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639735468667600" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 4480 chrome.exe 4480 chrome.exe 1948 chrome.exe 1948 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe Token: SeShutdownPrivilege 4480 chrome.exe Token: SeCreatePagefilePrivilege 4480 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 4480 chrome.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 4480 chrome.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe -
Suspicious use of SendNotifyMessage 61 IoCs
pid Process 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 4480 chrome.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1204 wrote to memory of 4480 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 92 PID 1204 wrote to memory of 4480 1204 9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe 92 PID 4480 wrote to memory of 3664 4480 chrome.exe 95 PID 4480 wrote to memory of 3664 4480 chrome.exe 95 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 612 4480 chrome.exe 97 PID 4480 wrote to memory of 1816 4480 chrome.exe 98 PID 4480 wrote to memory of 1816 4480 chrome.exe 98 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99 PID 4480 wrote to memory of 4512 4480 chrome.exe 99
Processes
-
C:\Users\Admin\AppData\Local\Temp\9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe"C:\Users\Admin\AppData\Local\Temp\9e4d4500aee96a7526069b441c51d6c3dc34ff9b9e456656ff70cd02feabd695.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1204 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7fffafaeab58,0x7fffafaeab68,0x7fffafaeab783⤵PID:3664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=2036,i,4490300979508061206,10753886860744358220,131072 /prefetch:23⤵PID:612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=2036,i,4490300979508061206,10753886860744358220,131072 /prefetch:83⤵PID:1816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=2036,i,4490300979508061206,10753886860744358220,131072 /prefetch:83⤵PID:4512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=2036,i,4490300979508061206,10753886860744358220,131072 /prefetch:13⤵PID:1912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=2036,i,4490300979508061206,10753886860744358220,131072 /prefetch:13⤵PID:4952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=2036,i,4490300979508061206,10753886860744358220,131072 /prefetch:13⤵PID:228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=2036,i,4490300979508061206,10753886860744358220,131072 /prefetch:83⤵PID:5232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=2036,i,4490300979508061206,10753886860744358220,131072 /prefetch:83⤵PID:5284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=2036,i,4490300979508061206,10753886860744358220,131072 /prefetch:83⤵PID:5356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=2036,i,4490300979508061206,10753886860744358220,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1948
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4112,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=4060 /prefetch:81⤵PID:5484
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216B
MD5a40ec90bbcd22c74869837c449160f77
SHA100e967c11c2d2aed6c6dcf5970babd5df9090f9e
SHA256145956d18b0409204a28c078c9552ae0ccc6f63c8351d47fa4d39710caeccadf
SHA51212260e7f010cb8197579d920a74abca6a0c117883450edd90482d462ef04c878612f517d876ab99b7792c3acea168501e51cf5731714c91db7efb439d3e13794
-
Filesize
2KB
MD5b5e4cc882de90eaf768aef8942788193
SHA1ec4e04476e57e382de4de0f73be06369a1717522
SHA2560044c9f8cb98f17d93934556c5bf45fb035dbf461bc554ff6b935cb98841d17a
SHA512f254a355879fbb05077c75e0530c6876455a03ece0a4e828c02914a239eb06e168f5e7b25bc0b682e6fbffb4cb8ed5055b1dc76e6c237471368d83a184571ca3
-
Filesize
2KB
MD557c53fd30bd3531170aee73ce90ff905
SHA196315442ab0ae26e8dbe475b38f6add5bd0b4d5b
SHA2569cfdf4755aac008daafda642bf827a1f74962272a24fa00f956c0ccb773d5804
SHA51281f5dc4ddca2fc4403b6b89a334db091c29185634a177113a9a9f4eeaca28cb9762ba18dca050dab8abc62383e37a8dd9d8ae1be4cef544e034a14f77533096e
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
692B
MD5a4ad21451fd7c154b5a4dffc78acaa59
SHA17b5a268a9019fa1d02b29f685824478411ac0c41
SHA25664e3f035022a4a3a922f85080a44e7bbb9504ed707ea50c4c6ac878db442c689
SHA512df80412c27d4f806b126339a5f691542e7dde762715b28439e20e8ed29c87cd21918f4d5123057a397af84ac09f0760caf217b1096302f936ba10bb24e12baf8
-
Filesize
7KB
MD5ccd085e8b716231776573d6af02d0f9a
SHA1d735bd6d38118feabe117cc769a6b657f4bfe110
SHA2565cadb29944b33529f9a02b1598e14b77b302a92fb78b43bbb0d7d5c5cea8676e
SHA5125f2a268274a1cf97684a196bfc5dce4d0005691963058f48f754116f8fad7f30d9dd3fd6c02e50901d9421f041764e20c3f203814fcff46a46fc0294ed07e04c
-
Filesize
16KB
MD5db99d610e61a149c46d721db3226012a
SHA10aecc3a3b191728a2d012975e1857afae7137594
SHA256474085f8c5b7d0599b133578135f4e4c7edcfe7c7504adf48a286dc10b93a7c9
SHA51206d6db5126b16e3c11f4ab63c738e43bcdde80d1564cdf2db3c1e5feec08831aa6fc9d83614ea691ce744147cef94cd3a5887ce8eb3b644305e151e9dfddd2d2
-
Filesize
281KB
MD504a8cb044d5f0a3fc5d09619fdb7f3c4
SHA16bd242d74729e61e602f620f5ac936f4e6cd4c22
SHA256eb7f8297e4ee0ec9543d2613f35c0d2598d2472604b77bf36aee9044c482aa9b
SHA512973d0195fe05c0e7493dc0e9c972df646c55111433d986607ed1dab4c2b4b7df53930caad592bf428ba48983e1ada8ad5634408f21dfc1cd046dcfbbd7a017b3