Analysis
-
max time kernel
149s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-07-2024 08:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
15 signatures
150 seconds
Behavioral task
behavioral2
Sample
b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe
Resource
win11-20240508-en
windows11-21h2-x64
14 signatures
150 seconds
General
-
Target
b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe
-
Size
2.3MB
-
MD5
4e69247d41d75a4b1c61563092ac9d55
-
SHA1
7567248c7045cda07ce9bf93c838952d4a646aec
-
SHA256
b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a
-
SHA512
322fa972e48c5ee0d7f8f4e94605036c13754aee6e6ee1cf3d5faeae34a3a257c129bab401aa4644dbd7c57504d0c8a977033e2e40e5d4fe98aaca372a75eef5
-
SSDEEP
49152:Lok2vyC4dYAf0cTXjuQ2NSHGYi2wXs5ubjqAUqakUsJ6NbR:UkYOjyAH1us5u2qXj
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Software\Wine b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe -
AutoIT Executable 19 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral1/memory/3604-4-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-3-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-5-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-6-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-7-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-8-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-10-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-11-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-12-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-13-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-14-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-15-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-47-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-68-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-69-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-70-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-71-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-72-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe behavioral1/memory/3604-73-0x0000000000E20000-0x000000000137C000-memory.dmp autoit_exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644688452354361" chrome.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 836 chrome.exe 836 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe Token: SeShutdownPrivilege 4564 chrome.exe Token: SeCreatePagefilePrivilege 4564 chrome.exe -
Suspicious use of FindShellTrayWindow 63 IoCs
pid Process 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 4564 chrome.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe -
Suspicious use of SendNotifyMessage 60 IoCs
pid Process 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 4564 chrome.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3604 wrote to memory of 4564 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 83 PID 3604 wrote to memory of 4564 3604 b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe 83 PID 4564 wrote to memory of 3124 4564 chrome.exe 85 PID 4564 wrote to memory of 3124 4564 chrome.exe 85 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 1952 4564 chrome.exe 86 PID 4564 wrote to memory of 368 4564 chrome.exe 87 PID 4564 wrote to memory of 368 4564 chrome.exe 87 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88 PID 4564 wrote to memory of 3392 4564 chrome.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe"C:\Users\Admin\AppData\Local\Temp\b6a8bb6b261bde529acb07c7a780fcb7a582db14da397adcdf7352533e1b371a.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3604 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4564 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80fb7ab58,0x7ff80fb7ab68,0x7ff80fb7ab783⤵PID:3124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:23⤵PID:1952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:83⤵PID:368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:83⤵PID:3392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:13⤵PID:3808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:13⤵PID:3008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:83⤵PID:1584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:83⤵PID:3016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4052 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:13⤵PID:2224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4232 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:13⤵PID:432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:83⤵PID:3992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:83⤵PID:2252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:83⤵PID:4912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4512 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:13⤵PID:4964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2628 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:13⤵PID:536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2612 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4104 --field-trial-handle=1960,i,1970862854430305120,17481943150868604711,131072 /prefetch:13⤵PID:2472
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1928
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD507c34fa3bfdcbcb6d4d3ff95771af162
SHA14eb1d0fed9f2b73a802b2511c86feac5340afbc4
SHA256dff821bf0668e88434e0501940778d8eb8c9e756e61a1afc621635a8d80eed22
SHA512e8884e5ff22f850da9e210a920d1495e44be4d97ecb0f4c9993d4f95e35aa319603c0882c64a17ff23f64f8b49ec3bc990bd8d1b7f3903d72cf6240a8da0bded
-
Filesize
257KB
MD52df9f891ca6cfffcff28a6bceb9624bb
SHA142233482978b04c83e9bebb2811f93909c267d54
SHA25624156cc62f6868404dfb8e52f6993fdbe397a335ddf8708c16c7441790e1f2f3
SHA512d231d87ce41a86f49cffd43a9930b6733e7639ee08ea2f4c7f3c3917f90db8f1a5262a22b4eb63258df96acb2e3a1e4a43f63bd38dc0e159b465c5cab82b0eba
-
Filesize
257KB
MD5925ec5ebd71adc95753822b77d72ea43
SHA1f1ce7ceccb83dd713e325d0e0824fc15853a54ea
SHA2568595130ab74d4ec647b2434322a5d3b3ce8318b9449e74cc45cf05cb3448082f
SHA512808d77fe22507bf63f15345d38dfbbbbf3c146ffa07aa6b4a5762f4a92eca1ddd224df3474af2f69589542a875b94850d489f255e55afc186fe050559b3f9e5b
-
Filesize
90KB
MD5881ef66e1591269140f6eac5457d9a45
SHA13502d52c8116dec25a91ccff8893828b3c56e1cf
SHA256a5628d551cb44c60a7679a16026f5cb00873bda4dc66b44cd536e3621d7e1336
SHA512a4b3256d5dd939c50ef7bb805ad3749296acd2f41f4a6dfede44fcd520042b75a4ca598d0d666e0cc3929bd351ad869f6c50b726fcd00ae290b70e8512c64f67
-
Filesize
87KB
MD5e8df05b60101f2ee3a472a2cf556c717
SHA160ddba0b47dd80c49808f1e4745a39577701737a
SHA256b6ab118b7e6cec70379795b33a7b512d984d46522ec5f3c7fc7bdbddb5f95837
SHA512aab3d166e7ece7a2ef3397d3d886058c860d68ec94844c01a62f0314b1bf100fb3696497f47a4a6c142930e53203884699757125ecd97f001a90668eac6e525c