6323a05195c0df0a234ceb74aef4d58eb4bcaccbbb3e399855cfad175219f0a3

Analysis

max time kernel
297s
max time network
276s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

runtimes.zip
Size

295KB
MD5

be9cb8bb3ac4e3e5b7554c3477632765
SHA1

632cb4c7e1456a7a43403315877f851fc1e96e44
SHA256

6323a05195c0df0a234ceb74aef4d58eb4bcaccbbb3e399855cfad175219f0a3
SHA512

db017f92777c772e2281185f5d91b5b7bb765b1da0c3fa46383be3317a3917806162a3d199f9cd6d014fc26dcd3452db9f91ed46e4a5f3f4449b30df2d3aeb28
SSDEEP

6144:4lLmZzXr+xPNy2D4b21RHsFZqDGtrzkGyNFWMuVc9wZ9:45mZbyxPgFKWeEbCwZ9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
3008	TTY-SPOOFER-CONSOLE-C#.exe
2120	TTY-SPOOFER-CONSOLE-C#.exe
2360	TTY-SPOOFER-CONSOLE-C#.exe
5100	TTY-SPOOFER-CONSOLE-C#.exe
3628	TTY-SPOOFER-CONSOLE-C#.exe
4548	TTY-SPOOFER-CONSOLE-C#.exe
3988	TTY-SPOOFER-CONSOLE-C#.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642913727785292"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
852	chrome.exe
852	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe
Token: SeRestorePrivilege	116	7zG.exe
Token: 35	116	7zG.exe
Token: SeSecurityPrivilege	116	7zG.exe
Token: SeSecurityPrivilege	116	7zG.exe
Token: SeShutdownPrivilege	1700	chrome.exe
Token: SeCreatePagefilePrivilege	1700	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
116	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3008	TTY-SPOOFER-CONSOLE-C#.exe
2120	TTY-SPOOFER-CONSOLE-C#.exe
2360	TTY-SPOOFER-CONSOLE-C#.exe
5100	TTY-SPOOFER-CONSOLE-C#.exe
3628	TTY-SPOOFER-CONSOLE-C#.exe
4548	TTY-SPOOFER-CONSOLE-C#.exe
3988	TTY-SPOOFER-CONSOLE-C#.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1908	1700	chrome.exe	96
PID 1700 wrote to memory of 1908	1700	chrome.exe	96
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 4136	1700	chrome.exe	97
PID 1700 wrote to memory of 3452	1700	chrome.exe	98
PID 1700 wrote to memory of 3452	1700	chrome.exe	98
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99
PID 1700 wrote to memory of 4352	1700	chrome.exe	99

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\runtimes.zip
1⤵
PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffbe613ab58,0x7ffbe613ab68,0x7ffbe613ab78
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:2
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3616 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4912 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4580 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1924,i,65964378491633521,222288365172962047,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:852

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:464

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:784

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\runtimes\" -spe -an -ai#7zMap26288:78:7zEvent13490
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:116

C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe
"C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe
"C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe
"C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe
"C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5100

C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe
"C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3628

C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe
"C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4548

C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe
"C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\20052b42-b76e-4498-9970-1d87705a4bb5.tmp

Filesize
278KB

MD5
f4b271e27a8292552b825531689e1220

SHA1
89ae2b912be58822283e4bb84234d5d384b28f2d

SHA256
19f8d443a7573113514b830c13cefedb278ead33cb46108334edd9a1fd9dbef2

SHA512
152d8e7dc78c6e0d7a6de3dccbc686c4180ea9353d184f7a84beb643a47eac1499d13258714301e3dda4ae5f07b5c8a5f102180eba01833996377f3597be4377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
765be95ae41c0346561261ad94925cb8

SHA1
bef4d2429e0b54c9af5d40d1248beacb87fa2dfb

SHA256
5c2e00ddd28140172267e003129685eeb157f44d3166910877ffce7b805ed5ba

SHA512
ca9229c0902aa2d4e2378f8e7a454158a9561ee1a3d4c1feca2a5a8563d5079514eb38cf61a3868e380c4b43dfd8a9f1fe851a60e3d77ac9a369a5a0187a5e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
682e99dfc9f9239bc3d9341cf5e84f71

SHA1
735ffb70d4fd0595b9a5f110c9e904ea1d7e53c1

SHA256
b7ffaff13d1b332d1b021c776d03c219044847d58f348a3ee294021a3d046a1a

SHA512
1daaa0a4c8192d2abc2df22ac6f0ab97fe00a886fd3e1b7f05013b70f25ea9cad6ca1abee6a66f0f2ffa699b934dcb06f2b548e8dfc9b198e2a27be5fc37908f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
22ae5ea072f33c2bee43553cd2f4a635

SHA1
1b262552f6143cf1b1008ec6b2ad55b8ab8c82bc

SHA256
ebc933280180fb9d568be2680c1c78a8c5a05763f20616afad0c18d418042756

SHA512
8208939d5c645c45b1c00dcbcd45efbe9033fca8f032d93570c4872be09f8c67c16b3db87ea55127f989c4f343250cd10ba78e19a32b7fa06a96a5bb4e107ef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b1fd6a92c6de933be9318a09a116f588

SHA1
21a1056eea6b1e60e746a2e011df6bc6236fb355

SHA256
f4f9b6b5c8282d9a1576071e05197e27248a44b525cb781d632b642413b08107

SHA512
e09f2970bd22d94776d21b91d6ba57a17099274b19e386bae17b9076232f2d37883e40cbdd6cbe62e5fde4f42eb654086a70f0c8d23d3b5729466d3316caead4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
bf6ae09b6c224f3369d445be03697bca

SHA1
6471ae78ff53da22446e1c719ac97980bb5f95dc

SHA256
237d377d402bc5ba052a6b1e99fa21a124f5253329b1b93775087b09a3c55d7d

SHA512
271698c24c3aeacabf74b6653520d6a8c60b879181c104ca45a021b50ecac6b3fe0ef1768b56b60f53631811083afe030779ad18ff22224a89836a0343ccc947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
72f0d020393521564611d7c36438e88d

SHA1
df996061a55fd876f01ba34f2f38b3e4b865ffd5

SHA256
74ab8a50eaf3705b5483ac588f41b1569f3c00ba748e8abcc1c4c9df20c4d6a4

SHA512
081d94eac8d3256bec0593c97e411463765dba30bc065ec1043cb855485ea0da13af6d6c8724b7770b4955333ab2e15016ff02fd5a93976a46a99d203e75b6b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
47e379127c639a7629b4edc8e6b0d37e

SHA1
384895b3385d29499ca668fe0c020523e3a9b548

SHA256
fb4698722e5180b8daad7a4324436426939b0795c69d3105a9b2b173c1c855d2

SHA512
4429de1daa323a7aeda0cc7383b4771778f87880207b334920c2a8aa3c085586aa11f6cf6b9276596c16df424c733d27f1acefb41d5225ed5b5b5df0e77f5af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582a86.TMP

Filesize
88KB

MD5
34d79374d1095e106ff37ba16c4a55e0

SHA1
92a73a21fbb698747b96278e6ecfc2118d24d2a4

SHA256
ecc9dfa9fc27535f2b9572ef3273c1f1eddec24c23424f58901611880c52af44

SHA512
4348d36cd9c9bb1bbd2d0643c3b9a2e5157ca0cb5de4e2f3fe8aa263374e8268f74dd4bb27ebab4834a5cba33b3fe0c2baa0de998692f95c526f86cf106183e1

Download Submit
C:\Users\Admin\Downloads\runtimes.zip

Filesize
295KB

MD5
be9cb8bb3ac4e3e5b7554c3477632765

SHA1
632cb4c7e1456a7a43403315877f851fc1e96e44

SHA256
6323a05195c0df0a234ceb74aef4d58eb4bcaccbbb3e399855cfad175219f0a3

SHA512
db017f92777c772e2281185f5d91b5b7bb765b1da0c3fa46383be3317a3917806162a3d199f9cd6d014fc26dcd3452db9f91ed46e4a5f3f4449b30df2d3aeb28

Download Submit
C:\Users\Admin\Downloads\runtimes\TTY-SPOOFER-CONSOLE-C#.exe

Filesize
149KB

MD5
87749a48206f037ef4f318b07c9b926c

SHA1
3ab98d42bb3dfb25c494f1c1edba136e15e50353

SHA256
fc9b53dad48d3eaedb67d81bf48dbdd5efae37fcac8f84ec0b2ff8f4ba5d9b23

SHA512
7818171d9500ce79df07240eaaa735e984ccfb6d3a4d2db8de60fea2d31093fcef244fd4cc6f1f38c1591f584b7ed98e333497d98ebf2a9a738dce33aa6e7562

Download Submit