fe5d3ed1b933893b3b354a18b7c39c85bf82d24fe2c4b49f15f2fab1322e645e

Analysis

max time kernel
112s
max time network
108s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
04-07-2024 04:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Launcher.exe
Size

21KB
MD5

cad82ed9b5545b2cee82a6602a43856c
SHA1

e03d5fc3039d3865848547e4e8c08686dab98a55
SHA256

75bf4dd51b92be8a17b012cbcd15ec9c01e8892db066fd92a698f51ba6833bbf
SHA512

2caebc9763ade0395ac3a9c7670fcbf43c9aacc143376b6e0eb76ade23c2eb029456bca1a749bbc20c97249992aad9f44a345c7add48bf47d985a01a40b5baa7
SSDEEP

384:Xn7XJR193S5KWDlxtTXnOP/+gItx+JDL2f27Dcg7DcGkGg3+Q:Xn7XJR193S5KWDle3fE+L7DcGM3+

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645420287377363"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 59 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Launcher.exe
Key created	\Registry\User\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\NotificationData	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	Launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Launcher.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5036	chrome.exe
5036	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3892	Launcher.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3892	Launcher.exe
4356	MiniSearchHost.exe
3892	Launcher.exe
3892	Launcher.exe
3892	Launcher.exe
3892	Launcher.exe
3892	Launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 3312	5036	chrome.exe	86
PID 5036 wrote to memory of 3312	5036	chrome.exe	86
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1424	5036	chrome.exe	87
PID 5036 wrote to memory of 1724	5036	chrome.exe	88
PID 5036 wrote to memory of 1724	5036	chrome.exe	88
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89
PID 5036 wrote to memory of 3684	5036	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Launcher.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:3804

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94ce5cc40,0x7ff94ce5cc4c,0x7ff94ce5cc58
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1736,i,10151573503666154726,9522261949765275950,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,10151573503666154726,9522261949765275950,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,10151573503666154726,9522261949765275950,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,10151573503666154726,9522261949765275950,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,10151573503666154726,9522261949765275950,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3792,i,10151573503666154726,9522261949765275950,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,10151573503666154726,9522261949765275950,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,10151573503666154726,9522261949765275950,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,10151573503666154726,9522261949765275950,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,10151573503666154726,9522261949765275950,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,10151573503666154726,9522261949765275950,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4984,i,10151573503666154726,9522261949765275950,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:3596

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4400

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fa10a705bf35f93f3a8773336bea4c10

SHA1
e40813df674e3a07cc4a46ec4fa7525382e0daf1

SHA256
f235a8caa206b194c44bce3df53d64d8282ff6b4e97911f59c3abdf50365a468

SHA512
39666fb781d599e32d199f8456b9f7866f46494c2083572d2158e6b669db3b7143c699bb2a9baf5fdbd01f8194d244d2110991ea378b6dc03f94a85861e38a1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
5f9a93bfc4b6f34a6553e202eba53fa1

SHA1
757588437476cf14487e6c8faccd8058336eaab9

SHA256
f01c13ea1725d4fce52b0c8d8a526f9dae0500e053f7cf7be4ebda4c85512568

SHA512
80593e50407cbcbc6457b2d1503c4783043ef317a8ea4460580943b6b0e2c267108864281d9afd15f4013ef828277f1cac24aa3263a378a7090c2f65dc46abe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
68f5e0c2f9db0078f3f3be7bdae9e0e9

SHA1
d4a691ae20befa4fc7d3d42a3b05d2b82a517067

SHA256
5bfe23d07e55ab7cd2702a394c45d48e05757138f6e0b46f22db03d9901b8624

SHA512
9caf5d95e636cb8fa4f8a0d98cd38da1ad371e2c280c22a135a12c665bfcf96f5a05207bc3b958183aa1c3d12303b0e08146d7b305fc4caef0daf49e90678447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fcd677b1df9ca6acb9ec5964948ed57d

SHA1
fada6b3ce17e3e6af33df813837968a00e22394b

SHA256
d69303be68f05e9d083a96f9529cce06f93d12693285fb183d2941404fa1a22c

SHA512
522661e5d92d3688ce0772fdc5898faa94557517fc9bc48ae0dce09a915dfb9f63ff4e6314047637a6401b669626b530dcf87dc642c56f33550fba2322412636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b7a0a28c7d76e1a37769caa078e3d26

SHA1
4a2ede6695d184d5812e46325afe6f36c9dcfe27

SHA256
72efdbc612f33f97175a033281fd0c0e52bd38bb7f3de0105b7c75c2e799a5e7

SHA512
6871c16c1506b997163e6cf0f31059a31e1986807a54cd1f19a63185ac4b38e631bb7660d0cc4579d5d474c523f56447b0cb0a727cffbd26f6ea98c6070a2adb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eac1a2875f67b7ebdce5b78d5272d357

SHA1
ddcbbed6caa9c0bbdbb562c681c4967f29ed8d2c

SHA256
6e59ba10ee6ceea4db2206cd2b1e69e3be8ff18e12e410f93cb3d30566c373c9

SHA512
5feaebe83ba4c14c3da04391dc3781035e9c037a9e283b7f28ce80559f8c0e09320249c36cc1b089e5fd78ed6585938539d9088d908e8301b264a66d8b8118d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a1c9a16c436ea86d3f5d8447563823a

SHA1
45789fab0f89adcb51b29d14bf1134153de73dfb

SHA256
39ebf99139250462e8fdb9fe13f976add12acf6f66516c470fc691bf9a208eb0

SHA512
cd5af2beff744e84b46ee66abbceecfb34415ce97d14121a5f72440954fb66178151bc3c47ca2db4f5ff0746940b0a16d95331451c39208f6804524311b0bbbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bd9d7a54fbe42c54fa53e224f9165ce0

SHA1
00d2a87d2e1d5742b918b012ebbacf93be69b248

SHA256
b309e605f9c2d28800c10bc27b12415607517fc601705437c0de9eba3f86a462

SHA512
22b182d4f3d36cb62026edcb3e8891d254e9f907e248791e45546a77cacc7422128e7f132d21065415ad6173bbb7f2ea856ea3f20374a3d403c134b811c88ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
167KB

MD5
bf04b7e7e635f9f6b8faf895a0c61faf

SHA1
dd5d1d297da662d193caf6dd008011732780eb3c

SHA256
0323c16d0b403ec1be88cb21a52778e69ef80c82ded7fbbd027950fad145e71d

SHA512
37fb5363e13733840c73c3bfc993c1741f5243c2d7d49a0d7ec6ae7da89be2c029d20332fad27c1e4779d3cf490c845be97e0295ea1830b8995b5efe44f9254c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
167KB

MD5
8711433d9da87a74855a30d021708593

SHA1
2db687bebb905e02eb10eee4c60a58dc9b3d485e

SHA256
7154ab3f3ccb4b29702cd760848953cf86e92ca24181cd99822f2ebca92b9336

SHA512
b24a943bdcbc9072071d0bd0e9713f48b7652e80e6bac7659686808b7197a639082d4944ac6e7c7892ff88f2981d5fcf2de3065f17cb96463e69e76b241a85dc

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
18951ad4190ed728ba23e932e0c6e0db

SHA1
fa2d16fcbc3defd07cb8f21d8ea4793a21f261f0

SHA256
66607b009c345a8e70fc1e58ab8a13bbea0e370c8d75f16d2cce5b876a748915

SHA512
a67237089efa8615747bdc6cfe0afc977dc54cfd624a8d2e5124a441c204f1ec58ee7cfbbc105ddc2c18d4f254b9e124d71630bcdba0253d41a96890104f2fff

Download Submit