discordrat | f4a3ef4815bb1129371658db5256344c8139ca4a2c4e60146ef20a80547301c6

General

Target

Client-built.exe
Size

78KB
MD5

b40395374cabfc0fe70c74afc06aa95b
SHA1

9a63c440bf58702dc021278e0a8b390eee568b94
SHA256

f4a3ef4815bb1129371658db5256344c8139ca4a2c4e60146ef20a80547301c6
SHA512

cb56dc149bc50b91673c94369466f8e1ef1f62c742374e494e5de05331e75803905869c24836d8004be0f7dfbedbc94899462b9660ed3f991ef51d9e07b308e4
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+tPIC:5Zv5PDwbjNrmAE+9IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1ODI0ODgxODg5NDQzODU0MQ.GNM0uq.I3EiTLFttL2_KQOd0m_fEtZs7B-iJ7TlD_JItY
server_id
1258106314291286016

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service
T1102

Processes:

flow ioc

30 discord.com
31 discord.com
60 discord.com
8 discord.com
19 discord.com
59 discord.com
81 discord.com
82 discord.com
9 discord.com

flow	ioc
30	discord.com
31	discord.com
60	discord.com
8	discord.com
19	discord.com
59	discord.com
81	discord.com
82	discord.com
9	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645360703730374"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

Client-built.exechrome.exechrome.exe

pid process

4472 Client-built.exe
2264 chrome.exe
2264 chrome.exe
4472 Client-built.exe
3476 chrome.exe
3476 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2264 chrome.exe
2264 chrome.exe
2264 chrome.exe

pid	process
4472	Client-built.exe
2264	chrome.exe
2264	chrome.exe
4472	Client-built.exe
3476	chrome.exe
3476	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Client-built.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4472	Client-built.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe
Token: SeCreatePagefilePrivilege	2264	chrome.exe
Token: SeShutdownPrivilege	2264	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe
2264	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2264 wrote to memory of 1540	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 1540	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 2232	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 3188	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 3188	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe
PID 2264 wrote to memory of 4200	2264	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x130,0x134,0x138,0x10c,0x13c,0x7ffde709ab58,0x7ffde709ab68,0x7ffde709ab78
2⤵
PID:1540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1948,i,18441175699400380362,11666948675385817125,131072 /prefetch:2
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1948,i,18441175699400380362,11666948675385817125,131072 /prefetch:8
2⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1948,i,18441175699400380362,11666948675385817125,131072 /prefetch:8
2⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1948,i,18441175699400380362,11666948675385817125,131072 /prefetch:1
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1948,i,18441175699400380362,11666948675385817125,131072 /prefetch:1
2⤵
PID:464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1948,i,18441175699400380362,11666948675385817125,131072 /prefetch:1
2⤵
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1948,i,18441175699400380362,11666948675385817125,131072 /prefetch:8
2⤵
PID:1476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1948,i,18441175699400380362,11666948675385817125,131072 /prefetch:8
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1948,i,18441175699400380362,11666948675385817125,131072 /prefetch:8
2⤵
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1948,i,18441175699400380362,11666948675385817125,131072 /prefetch:8
2⤵
PID:3940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1948,i,18441175699400380362,11666948675385817125,131072 /prefetch:8
2⤵
PID:1572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1948,i,18441175699400380362,11666948675385817125,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3476

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
aaede1ed2d16dfe52763d0fc72ebc7ba

SHA1
d83c936ad9990023a70933365fa27f57ffeb1222

SHA256
d73757f9d0f0988815146722fa67199b688b24922d0b52bb476ad8ef4b60da41

SHA512
7b461afc14086d710611b2808810445c6bbad5db6dbea88a29e5bc484bcdab55c74e56c91f8f194851820a6a199c488d7e1a569579ccb65486a23ea0cdbf522f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
f8b9ffcf9122e7c9067de4a8077b637d

SHA1
6ca546527f61b3771fc60608947977be7ade57af

SHA256
a88de6f77a03d0b8336e6562eb4a800795399e2466cd6922b62877ab4b739984

SHA512
6dde1d3a575058fbf4016794817a169f052ce204ad4c451ffeef1e7075c922ab64d7a004de39697e352af8593cfd3171fbef2a299dc7a9c18c8a406523bf1de1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f0f5dae86cc4e4c1b724f4235e989c1d

SHA1
a28323d97b41e8eedbda38426be04a3ed34bfcd9

SHA256
293264cbaba8cf296f29a7b82945a9e7c43bc8006967b459db87d931e87d39eb

SHA512
9f5dabd46dd8587664c3bc84d195d1b84e773710bce39c61b29b9188ee4e15ec6e1eb6ff7d9933ac596823faf7829f986e9ed2424b8f1843f4ab799287dfdbdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
27a4ad2fa34cc92b64d460eb770743f3

SHA1
330f8f2c3c64f4ce00dd4c3543e247d195d4e2d4

SHA256
4c1507a4e856ea24ad111573760149640b6f389c5d20a1c514d4c725aeb4d153

SHA512
3358ce40a3640eacfb6e98b152c4031c6aa7975afcafb4191bc1e9c302646d29cf3fe71b9d9670882af6cbb5e4f67bda413872bf0e972b05b981c0e4be9360da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
270KB

MD5
94bfe0fe264f7641991da434fa160718

SHA1
830091b33ebcf544616b4123b5aff757ededfe8a

SHA256
9a1017dc686085660b83144bde9e798810c8d59fc6b9b5f80eef29c78437daff

SHA512
ff453c68b75e743d0db1200b67676754797a180502317a16c08b642456e396cce7b6970e058540091d9740a2216036df7566028890eef3845f3953db4b424c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
270KB

MD5
c3e58c38019a7e3cd69f7d6ea0de201f

SHA1
2ebd284111efc8d42087352cec595577dd74d09b

SHA256
192f226a9273a7694073958d7e7f0c30e185029f7116baa1bd8c0270f9162e3d

SHA512
e89d3068bc8fa16b645dc388e2e415cd61d72f45d47b5df57ab11e26d93c37da476f1e721653026feb62067fd024bcbfeefd08877ccfefd07178e327fab6a014

Download Submit
\??\pipe\crashpad_2264_GRBLNIQVLAFWWHOA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4472-5-0x00007FFDEBC23000-0x00007FFDEBC25000-memory.dmp

Filesize
8KB

Download
memory/4472-6-0x00007FFDEBC20000-0x00007FFDEC6E1000-memory.dmp

Filesize
10.8MB

Download
memory/4472-4-0x000002953B860000-0x000002953BD88000-memory.dmp

Filesize
5.2MB

Download
memory/4472-3-0x00007FFDEBC20000-0x00007FFDEC6E1000-memory.dmp

Filesize
10.8MB

Download
memory/4472-2-0x000002953B060000-0x000002953B222000-memory.dmp

Filesize
1.8MB

Download
memory/4472-0-0x00007FFDEBC23000-0x00007FFDEBC25000-memory.dmp

Filesize
8KB

Download
memory/4472-72-0x00007FFDEBC20000-0x00007FFDEC6E1000-memory.dmp

Filesize
10.8MB

Download
memory/4472-1-0x0000029520AF0000-0x0000029520B08000-memory.dmp

Filesize
96KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads