aef13f3ec8abf777929e42aa3de86774ab8362f7fbfcc0475c7b912ce253c002

max time kernel
119s
max time network
120s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
03-07-2024 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoDox.exe
Size

81KB
MD5

ec51cfbde4a4df4eceb8313adf8d93ca
SHA1

f8925a067c34ab1b0e7da2de961af20247ace3fa
SHA256

aef13f3ec8abf777929e42aa3de86774ab8362f7fbfcc0475c7b912ce253c002
SHA512

1cc6c73c33ce6d00c102f9ed3c6733c532f131b00761fd4ff59cda87c560e3ce3e06dfcbb8a886976ae5084c9d36c3f02d9afefca5b1403c20b53735fe24bada
SSDEEP

1536:9rsgf4VFHlI++UIoyjyCL6sf+Fle8Ifvl1loJbh76e:ClI++UIZIsf+Fle8Ift1loJbh76

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645103709671623"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings chrome.exe
NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\malware-samples-master.zip:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

5080 chrome.exe
5080 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

5080 chrome.exe
5080 chrome.exe
5080 chrome.exe
5080 chrome.exe
5080 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings	chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\malware-samples-master.zip:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

Processes:

chrome.exe

pid	process
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

2352 MiniSearchHost.exe

pid	process
2352	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5080 wrote to memory of 2880	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 2880	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 1440	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 5052	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 5052	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe
PID 5080 wrote to memory of 3748	5080	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\AutoDox.exe
"C:\Users\Admin\AppData\Local\Temp\AutoDox.exe"
1⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff92cafab58,0x7ff92cafab68,0x7ff92cafab78
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:2
2⤵
PID:1440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:8
2⤵
PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:8
2⤵
PID:3748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:1
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:1
2⤵
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4228 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:1
2⤵
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4396 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:8
2⤵
PID:4164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:8
2⤵
PID:900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4516 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:1
2⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4784 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:1
2⤵
PID:3620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:8
2⤵
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:8
2⤵
PID:384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3056 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:8
2⤵
PID:1180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:8
2⤵
PID:2400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2744 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:8
2⤵
PID:1936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:8
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1888,i,5350953968501694572,10995014386553656767,131072 /prefetch:8
2⤵
- NTFS ADS
PID:2356

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4072

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2292

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\malware-samples-master\malware-samples-master\Wannacry\please-read-me.txt
1⤵
PID:1864

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
37KB

MD5
f31a1ab9f483d9db21349522e39dd16e

SHA1
01a275d7fc1c4f578fa506c8e0bf9b7787dd4806

SHA256
463800c9ec072ae72a4f6fdc1f2f779c792cb7ceb6f57c7d1231eabefad2bd9d

SHA512
cab9bf13c36b854bef939e1d09c8d896caf1d7c20f6948f70f27eaf2869e49c8b9be728b4c95926ba869a987516a79d3193d416b0582b7570a58269c8caa7603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
37KB

MD5
669b1563b95fce26d9ddc3c7e9bdc538

SHA1
275e4ae2606a0da908003b77ea06b24ea8b66214

SHA256
d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667

SHA512
09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
20KB

MD5
628ba8d31375849e0943894669cd033c

SHA1
4fa6d50a37fa2dadec892474d3e713ef9de2d8a1

SHA256
80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6

SHA512
d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
21KB

MD5
8680ad8cc782b74ee7a15f0a042c76f1

SHA1
ec430c456dedd9a2360703a826491fcd69f6dd8b

SHA256
af745264049ea73c66c1dc7783e59fcfe94c0506337867380ae638e694cfe5e7

SHA512
7869afe9f737bc31a9c33b03014f4d5239cc48a798deabc0fdc835fd6736a99b17d181e57866ac960bbdb0d1e3e8610cf97bb01762435d8808ca56f1e74dc2be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e4a0f00db6346b2ed3401f83e25f4c78

SHA1
b99db0a1683d03d653bad21c324445c217e2ac09

SHA256
1aa0be43cba58152a136c8ef52144809491a0458e7acd49336d2f22ce397a5a7

SHA512
dc48d03919ba16f72ebb211c45cce220eb87193fb46ab56244a89205d8c0b307ce38c21e9dc0e63bd1dc9fa59f163288c5cfca6779efcbc1beba072e530ed922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3cad05e82f48c5b249360646a165f305

SHA1
603c3457bc17a051914e4143522c3636db834ff9

SHA256
daee402fc6e1c3ed05111de4562209ab0fe7d6a71ed684a1559c4f45b6fec1c2

SHA512
016b03f9320a0fa903e35fe06ec88cb3faf6f045067e9c0b6b8eff118c71c998a94c44d4bc5ddcb95a57a52b05c24acd97b383ab5a5de08060d988004b21c78e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
788eebe72bacba00a00f0ed5776c3da2

SHA1
bd4c8b47c5f7262ee5525369b162fd9b7929574d

SHA256
0b80f69b4145480297aead27c46de932ad8420a1d01953a2f791ef6c40dcb757

SHA512
0976291934d20cb8b6aac516cf08fd86a1399a69fa525923a30885d7d9834287af576490f0a752217e4b5b38ad466d50e7f387f1d01a106db942351ea1bc08a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fd28291392b1de547ba4bb7497ff2654

SHA1
5e5ec9724170c5f63e9f4fd2e903b3b26114df0e

SHA256
a756b9b47bae907999f58193e2fe676f19e181be16356bfa935a4cf7eadb703d

SHA512
f3887f00cb035aebe20249f35f5d87b9daea9bdfe01568dcc8891eaaeec89a8ab61b294919f4cd27181c6d072035bdf097447f67d3ea52133eaa1ee1b4e33cde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8c659bf69b82c401f51422f4a70d42b7

SHA1
09b48adf3e8cd40fff29779e21d993862b42f5b1

SHA256
4700a3755ce4c325007a4b27899ffc03498904e7506cf08a18d99018d98d8dcd

SHA512
cb5d27380abbef6601baa577b4480d4e24ff27b89ee4d135a29409acf69abc087de88c867f73384eccda7b90d15b17698e117ee310de8dcde85a589d5bb72e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
404fc219d4c01a787229a54e91dd0592

SHA1
2985234ac0b3b0ceae644e3cd7f0c8c33b0f8c97

SHA256
b5a96ddd606499e828cfa2443c9fe70eae253592095329081846e0ef8ac808a0

SHA512
739296bb26bdc58f2a801dfc29feca195936b7618644dd814e893c5ebaf8b326982c2d3176a5b1867355dc784fadc5c1787a77979b7555b61c14697ae1999952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5c99888e51f0c96288ab3b346ffe4922

SHA1
a34de51f2f6e4a88d13b729dd07c9fd74a5a28a6

SHA256
febe13559d8dded0ce7bddbd4b8771b4ad5a0136f61a93d7e932858a71c7d319

SHA512
d579cf54c8cafca8fc1ee264d46dc5911535420051fd517354506fd1354b6a7bfcc507e9280ae5f54c1306f89c4b43ef4afbdc0fa5433a4e664d56bd9ca8e66c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
84b5eca2df5242214798ca91ea7191aa

SHA1
b70095dac72179b143dbaee0cc8fdb9669d81c50

SHA256
726d2cff37bcc04d57cff5878d4fe813731ad5ca26facfdf44e0a17e074bae93

SHA512
1ea9eacf68a52851941918190a3fb8b14c1e01b0304da61bb91ca993d38651b3ef9ab443b8b4c727d2d43a6b76f036bcf3c14252d9f0951fba139f72b3cc5a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
96a679b2663c43bb9fd5e6238c2da0b6

SHA1
6121a829f056eebc16bcf947b6018516545dfbb8

SHA256
219b67b072ca3e16c42862b7670a99610361e8ec92181f0322a4039b003ec79d

SHA512
950455428a65aba20c8e0842ec354ea613bf511e5306112ca1546138d1a2fdcd4bd913d5ab731ea778bcccc1be3b3f108ec1b60982c3d95174c0a40594b496b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
69cc0928d98b8da3d697c628522ae523

SHA1
a43f7ad06f14181672c5641e5516612f26341711

SHA256
1cf1eebaa13dc263e205a647b33c479802926755fef5cae6fed25c2d3940d661

SHA512
b5e1cb67434b3f5ecabd25df6fef603da0c629e830da01b15c840a564b63b54f2137b9aa06aeb931dfbdeb07273266bf8f33bc0c9ab31b3f5230dc1fb00b8e9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
89919eb90368d6906910c249dd4688d3

SHA1
157029337fd4cfa9ea8c7f1ecf31e1cc9833248e

SHA256
0545e275c5299697ab485d3e03188728d4f06d364d45bb56121b0fbcc09242bf

SHA512
a25b2e28f05c3f96d7edc779c929b482be72623f9deec4ef7e1330634020108d9802671f5f639e217921f47817e6a01d3f92245772b5cf1bfcc1f63d8141ac09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
9b3e83e7491808052df8c919dd254411

SHA1
4a2a7540518d1a32fe1e2b642b2c57a4083903c9

SHA256
25612e6d5a016b9cb96e6dd0ac152989f5acd2d12138a3bcaa9a7077a4575b44

SHA512
4f22537461bff8c19aa521c416729485abb26e2016e0a296be2f497544703ff934b65a713b1f102d6d652928b6ddc0fab720a5f199400eae5b700d17435bfe8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
6d71e62bd5dbbf3d5d8cd13d41b3f10d

SHA1
c46745fac270a9a01eb9f37aaa07ee8c04bb4789

SHA256
edea256bbd93cdfbaeec38d33ecaa63777127f8f8dc6f5093edd0a56e476e16a

SHA512
7cadb92f4fe25c9d448c4b8a8adc7fb5f96abab92173318fe93739b8ab636757b418a032c757ae2e1b22ca3da7935dc971d2735a3cbe763d3b7018379c8ef13a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
1ecfcddb6d15cd738c9a24aba7efcc42

SHA1
27f82421ca41a83f9bc8ee00ae4e572a1de5a989

SHA256
4f6827151b35e9bd0174e80e7db6974bd44b3abf0e7a4d9a600ff24d4e25f333

SHA512
7eb8ebae5aad191eccf476fa4c53f938866c51b5b811810717e4ce12ad802a46b50d6e6933765c9ddb86fa4284494b9ce8b55c580568b67f246b17ad71ce3be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58270b.TMP

Filesize
83KB

MD5
bac89b770426a8113462932304ea9aa0

SHA1
44e0eb8b869ef315992e793734b0b0603c0034da

SHA256
aa272108e610a0335bd3a9f61c5dc3c05e6bed3ab47de07a8f2d16f216d0aa90

SHA512
76ffaaf236ab60ce4e9f1c3becf88d99c9eb9b9ac5c414eca152f3e3fac896500e60dac3b70fd752a1f38241afaea754f1b9c37f88eb10091f54a4cd7b631824

Download Submit
C:\Users\Admin\Downloads\malware-samples-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_5080_SMWHMYBTCASTCLJP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1896-0-0x0000000000050000-0x000000000007A000-memory.dmp

Filesize
168KB

Download