Overview
overview
7Static
static
7Solara.Dir...re.dll
windows10-2004-x64
5Solara.Dir...ms.dll
windows10-2004-x64
1Solara.Dir...pf.dll
windows10-2004-x64
1Solara.Dir...dex.js
windows10-2004-x64
3Solara.Dir...n/mime
windows10-2004-x64
1Solara.Dir...me.cmd
windows10-2004-x64
1Solara.Dir...me.ps1
windows10-2004-x64
3Solara.Dir...DME.js
windows10-2004-x64
3Solara.Dir...dex.js
windows10-2004-x64
3Solara.Dir...DME.js
windows10-2004-x64
3Solara.Dir...ten.js
windows10-2004-x64
3Solara.Dir...DME.js
windows10-2004-x64
3Solara.Dir...dex.js
windows10-2004-x64
3Solara.Dir...ead.js
windows10-2004-x64
3Solara.Dir...son.js
windows10-2004-x64
3Solara.Dir...raw.js
windows10-2004-x64
3Solara.Dir...ext.js
windows10-2004-x64
3Solara.Dir...ded.js
windows10-2004-x64
3Solara.Dir...dme.js
windows10-2004-x64
3Solara.Dir...dex.js
windows10-2004-x64
3Solara.Dir...und.js
windows10-2004-x64
3Solara.Dir...dex.js
windows10-2004-x64
3Solara.Dir...und.js
windows10-2004-x64
3Solara.Dir...dex.js
windows10-2004-x64
3Solara.Dir...DME.js
windows10-2004-x64
3Solara.Dir...dex.js
windows10-2004-x64
3Solara.Dir...DME.js
windows10-2004-x64
3Solara.Dir...dex.js
windows10-2004-x64
3Solara.Dir...dme.js
windows10-2004-x64
3Solara.Dir...dex.js
windows10-2004-x64
3Solara.Dir...DME.js
windows10-2004-x64
3Solara.Dir...dex.js
windows10-2004-x64
3Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
09/07/2024, 17:28
Behavioral task
behavioral1
Sample
Solara.Dir/Microsoft.Web.WebView2.Core.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
Solara.Dir/Microsoft.Web.WebView2.WinForms.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Solara.Dir/Microsoft.Web.WebView2.Wpf.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
Solara.Dir/Monaco/fileaccess/index.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.cmd
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Solara.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
Solara.Dir/Monaco/fileaccess/node_modules/accepts/README.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Solara.Dir/Monaco/fileaccess/node_modules/accepts/index.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
Solara.Dir/Monaco/fileaccess/node_modules/array-flatten/README.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Solara.Dir/Monaco/fileaccess/node_modules/array-flatten/array-flatten.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
Solara.Dir/Monaco/fileaccess/node_modules/body-parser/README.js
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Solara.Dir/Monaco/fileaccess/node_modules/body-parser/index.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
Solara.Dir/Monaco/fileaccess/node_modules/body-parser/lib/read.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Solara.Dir/Monaco/fileaccess/node_modules/body-parser/lib/types/json.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
Solara.Dir/Monaco/fileaccess/node_modules/body-parser/lib/types/raw.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Solara.Dir/Monaco/fileaccess/node_modules/body-parser/lib/types/text.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
Solara.Dir/Monaco/fileaccess/node_modules/body-parser/lib/types/urlencoded.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Solara.Dir/Monaco/fileaccess/node_modules/bytes/Readme.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
Solara.Dir/Monaco/fileaccess/node_modules/bytes/index.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Solara.Dir/Monaco/fileaccess/node_modules/call-bind/callBound.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
Solara.Dir/Monaco/fileaccess/node_modules/call-bind/index.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Solara.Dir/Monaco/fileaccess/node_modules/call-bind/test/callBound.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
Solara.Dir/Monaco/fileaccess/node_modules/call-bind/test/index.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Solara.Dir/Monaco/fileaccess/node_modules/content-disposition/README.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
Solara.Dir/Monaco/fileaccess/node_modules/content-disposition/index.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Solara.Dir/Monaco/fileaccess/node_modules/content-type/README.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
Solara.Dir/Monaco/fileaccess/node_modules/content-type/index.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Solara.Dir/Monaco/fileaccess/node_modules/cookie-signature/Readme.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
Solara.Dir/Monaco/fileaccess/node_modules/cookie-signature/index.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Solara.Dir/Monaco/fileaccess/node_modules/cookie/README.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
Solara.Dir/Monaco/fileaccess/node_modules/cookie/index.js
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
Solara.Dir/Microsoft.Web.WebView2.Core.dll
-
Size
488KB
-
MD5
851fee9a41856b588847cf8272645f58
-
SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1
-
SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
-
SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
-
SSDEEP
12288:W/TcW1virB3ye+iKzORFNgeA+imQ9pRFZNIEJdIElxPrEIgcvLcglxMwCepM1STy:W/1C4I
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4344 chrome.exe 4344 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe Token: SeShutdownPrivilege 4344 chrome.exe Token: SeCreatePagefilePrivilege 4344 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe 4344 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4344 wrote to memory of 548 4344 chrome.exe 90 PID 4344 wrote to memory of 548 4344 chrome.exe 90 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 904 4344 chrome.exe 91 PID 4344 wrote to memory of 4056 4344 chrome.exe 92 PID 4344 wrote to memory of 4056 4344 chrome.exe 92 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93 PID 4344 wrote to memory of 2828 4344 chrome.exe 93
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dll,#11⤵PID:2760
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4344 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff91c8dcc40,0x7ff91c8dcc4c,0x7ff91c8dcc582⤵PID:548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,4316529822240880899,17327790501899265424,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1800 /prefetch:22⤵PID:904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,4316529822240880899,17327790501899265424,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2192 /prefetch:32⤵PID:4056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,4316529822240880899,17327790501899265424,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2276 /prefetch:82⤵PID:2828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,4316529822240880899,17327790501899265424,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:2680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3280,i,4316529822240880899,17327790501899265424,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3704,i,4316529822240880899,17327790501899265424,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4600 /prefetch:12⤵PID:3608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4868,i,4316529822240880899,17327790501899265424,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4924 /prefetch:82⤵PID:2916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5132,i,4316529822240880899,17327790501899265424,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5092 /prefetch:82⤵PID:2524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4764,i,4316529822240880899,17327790501899265424,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5280 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:2584
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:4832
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:432
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD53a7a29ecb1ddce08d8dfde48f307f32d
SHA11820cad56cc4eeda48eb0747e2ac1ad7da770a24
SHA2561f2793669b6c7ded8893fc9418c7b783f8e7a2042b05d2ecef960f0d5a53576e
SHA512972192aa8d366a1fa07ffd22463a8f9fe591f511ca0e119fe45bf68f47332dd026c17a94f9414027a8979f668c83254045f983b917fe138a77f1605e1580f698
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD59f6994eba3254050005964986603a63f
SHA1f87f59a61bd0776ee471a6134a3521eb27134531
SHA2569dfa98fcb15a4d96e33abaaabb0f8481dc2519b3a98b7675265132269450755a
SHA5127994d49ce5ca4b0af8136961996c7987fafac3ecffadfc673a00cbb00531255e6fe39215c6e5f6cd68234bfb401345af6db67d27ce147d2d46107584cb801ea4
-
Filesize
7KB
MD520588f6ee3a4b3523858550802dc5b5e
SHA15ba9cc1c0d9d0a7ee535531a718568bacb4a2a1b
SHA256c78c595f68e0293a1bfe18ae0f38cc8656b5ab1caa8f7773423984d90216ae69
SHA5126bda25f10447017289a8ce31d8ab74655f506d7fd1c1a28802e6427a88cf94f389519a70934952ec579a7e276c4240a9cbabe082fe500e0281447a36f94b7484
-
Filesize
7KB
MD585774958df60aa47df85acea96c658a0
SHA115d78cfae80f8f0d1dfa0739f0304098867df6ec
SHA2566f5727a4553601ab85fbab1b4d71d2776c9a375e4326292e4e39ed831cb70e60
SHA512f8c5dc3e60aab1b3eb48b17084d8e7e81ba20a5dfba7d27242125b4cc408458177fdea9c9939f61ae5c5c928fbf8045bf6f8e3e1fd633edd47478c067a1ff27b
-
Filesize
8KB
MD50c0440e8c8b0cfafcd5d81c4b9d9970a
SHA16d685b5e7e45c8110bea44e6e1fb8ecd9ede542d
SHA256b42d6ab282ff21c35c5c6df15f43e2f352708e644a4694e5245e778022eaade5
SHA512d0e50c4bf0677bcd2dc0d88ea297f05b564f30f887583cbba40d70f92cc8d833dd6482236926524cf613251a70157284a093846f4ab592b2d6f3c49ffb677377
-
Filesize
8KB
MD59cecfad22992ceaf59a2ea33866ec788
SHA166461286d35f5b31be8a3921ec60571b2164f3d4
SHA256db1cf39e9c0918572eb675c0e1b9e2fb47653de96db4ca47beab2bed116949f0
SHA512c9727ed9be6e4c575dacb78f5cdad21316ac8eb7a2eca65c966cc8494ca057be1b388dbe775c2cc7f43c7d8783c3fd814654ae72c5f26c447937f5ea2c24818b
-
Filesize
8KB
MD5d2ad0cbd8f4ea39e56abac5f5e373766
SHA11f83ae1e603f7e4b584a25a672dcca5b7e39b8cc
SHA2568f5d36ddc735bcecceca469222c8ec182108cc99956cbdc5c5a64316a3993bb1
SHA51230a7301d01234acbbf015f6159a48301b297f23dc4fa3dc456384661c535b84ee9ca04e03b3a233f39b8498a81e6c59604fc293aef862603146a22e950c8bb3e
-
Filesize
181KB
MD56dc8d58a6c2a3d912be4fa21b834b9ae
SHA1ba8fd6b0b5ca63709327da06b5cc78ef25eb0e02
SHA2561e8d5c56994f76f093746c306cdc51d3efed73e120ceace5b1f4981cedc3ab21
SHA51249d1524c4a64182398bd6368be08a967768198deaae7aaa54ab85d3b2ac4946728381abe4cc5c2ac27406d4a55a5c716ceb252765c224039254d0cdbc4a7bda4
-
Filesize
181KB
MD5a1b714db0f319cc1568855f43d97f95b
SHA1003c46029cde10f6f849b5e492d005c84a01b66a
SHA25646b340985c13c624f3719390cd37ed56d02a8f6b232471fa5ec708a856dc6f4c
SHA5127c6991a04ac3948afbc276d933e7d63d5935dd1212a6d8349bd064e69bf6c495c78448973d8e011dc49f869643273c7c0f006e7f5950f372377ef578b1604af1