0f44f6cf90b1f970e597d52a33601aa052f473ebaea67436cc181bc46e8d9650

Resubmissions

10/07/2024, 17:28

240710-v2b86szfpr 8

10/07/2024, 17:25

240710-vzrabazfkm 7

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 17:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

text.txt
Size

183B
MD5

7d22a7c501b54f3f4c889a4c6a56c6c1
SHA1

0320dce6fda62bcd576013fd0b787bb715ba64bf
SHA256

0f44f6cf90b1f970e597d52a33601aa052f473ebaea67436cc181bc46e8d9650
SHA512

36680a3cfdeee00d5b9ba968542e2aec43efcf4bc7c8aeb3783b4282f8bc435a830d3ec4ed9f5a545cddcf4bee2503e1920935450dbcefedd006d675e700f56a

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
932	LegitProgram.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
61	raw.githubusercontent.com
62	raw.githubusercontent.com
69	camo.githubusercontent.com
103	raw.githubusercontent.com
104	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651059794164821"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4676	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe
Token: SeShutdownPrivilege	4612	chrome.exe
Token: SeCreatePagefilePrivilege	4612	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
4676	NOTEPAD.EXE
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
376	BSBuilder.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe
4612	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 4208	4612	chrome.exe	89
PID 4612 wrote to memory of 4208	4612	chrome.exe	89
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 3444	4612	chrome.exe	90
PID 4612 wrote to memory of 4336	4612	chrome.exe	91
PID 4612 wrote to memory of 4336	4612	chrome.exe	91
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92
PID 4612 wrote to memory of 904	4612	chrome.exe	92

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\text.txt
1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:4676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffaaf93cc40,0x7ffaaf93cc4c,0x7ffaaf93cc58
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1828,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2004 /prefetch:3
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3840,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4676,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5296,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3360,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:2924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\file.bat" "
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5444,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4052,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5480,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=240,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4888,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5116,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:2336
- C:\Users\Admin\Downloads\LegitProgram.exe
  "C:\Users\Admin\Downloads\LegitProgram.exe"
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5924,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3488,i,17616998541218269862,4062392198907995310,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3920

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4448

C:\Users\Admin\Downloads\BSBuilder\BSBuilder.exe
"C:\Users\Admin\Downloads\BSBuilder\BSBuilder.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
22KB

MD5
db96514a70774d0da058373034c3ed65

SHA1
62187775c092076418fa3fa31ad2945b4a1ddaa6

SHA256
6054dd3ff37ee624d740c7c890795c91326079526334e1554ba1b2b63cf7d7e5

SHA512
12e903bee10e3a23a6cbc421e8a1475e07da29ae4bb14518cfd9a922b7dd83866563cffe48317b42a0e8b4413d9c8fe63a1d62ba8e3462a7975bffa6d433b616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\64907cfb27b7c0f0_0

Filesize
1KB

MD5
fd237550e0d0ccacf8f26df35924490c

SHA1
22551f53a0bce147dea35c8429d01aaa239f9d09

SHA256
629750b629771c2d73d1828bf262372aa6bd86c6424bb650e8bfea5ac4489024

SHA512
d2fceaa7194f1c403089adfbf155733b5001da25d1516afc9088fe63aed39ba88e2754be8e4ae29b067e51dc1f82183b8be01ba792a3e76d9cfc293c65a10ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
eb96609ae84fa26c33c33622a77a79a3

SHA1
8b9469242da41472dab518964e2ab67dfdd9f65c

SHA256
019bcb5e9ffd404a46713ad4f146700071ccd5d52c018e55ccd75c169176d63c

SHA512
11ce3deb32bdd5840618064198228027df036ffc079957c64a784f6a8a28ac1c5729095598c89729dbf22538d4528d77b3ad1026d81c2e044cb6a6c7a937ac7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a52f02861c29784412cc67b14286013c

SHA1
09dd17b905115d802c5ec3965b06409f08867b8f

SHA256
1babe3c6ea69da33ed23405db854c1846100f070df39ab5453a30d076fd72eaa

SHA512
697c809c2b5c019f3d76b5d05242af7cb0df57a9b2fa8356647f337f7190227b9ea288064ef5de5062843f50ef77141ab4daf3f1cc3ecc684bfe352ad731aec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6dfbb4c06ee16304b3cdd6ad796bf191

SHA1
8fa1e0bfb618dc45031df81acaad3efaea6c832f

SHA256
846f3a7e96eed14c6bd7058947c8ef3eb2bf100ce7d4e5991af052daa7514869

SHA512
534deadc304c26a498472e8aea615094f9103b942e8e0d687f211d1f8acbd66880b9e97bce687e65d177104058754d3fabe4f058325f22a7aaf589012574b176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2a5524e3d833059ede2c4f729c5b1476

SHA1
c324615821a98878309912cccc87eb0472003bd3

SHA256
a143517b22be5941ec7e514cd7357233ca620e9c46475a5940834b41cf4d0f30

SHA512
96b8ece45f83ab6fc4b15cb70f62885b795490aa1b81eedb5bf1be956178364a8137460e073d5fd243e686492ba905d3c3c87b821d0b845f9849aafed2814767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1af2c6eeb33900254246491cfb334a43

SHA1
94631e14ed885558e89c1bb071e4c4388187e172

SHA256
a1d3e0394a9ce47f045d1241de0064f8a5c9db396d21a55a9db7b16652f273ea

SHA512
7537adeecaa43e6a8486443a03a62f60f5c7891b0a287b6ffd778e29314c40c6f78601128c2e82b3f57c6ba9cc3bce25df8de53f12425a4b4c5595bf03140054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
21c53018fccec9fb2f9ef2eb5c65ba55

SHA1
05eeb218ee114e75c67439059254ad777674983e

SHA256
1f7a9fa8de0576fca8081b6c7a8c6bcded7798d13fd7b5d3cfe9ced171f38a01

SHA512
3c41db30fabda03e6c1e7560088df71ca19a644d68dee3fbe9f4da816cc236b2285c6110def527ad0d7785b6290a58695af3f0a1660367793e3087e9928e846c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f89dbb2d4b5a8c426ac0107bab4e0306

SHA1
5cf7be21489cfa99a6a06b369d74fb7fdbac87a5

SHA256
8b0ad7a6f463f16903dff3390cac9a23c1fbf24603b2afc95dcab72a56b6b412

SHA512
5f94f0154c6ea573fea01b67d0d87fdc0ddc7260e885f7463eca9ff0df4cc9f75b296d527064d23966c556d0d2ec420a54ec4c94a2c06c3913ef1ff5104b6106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f9b13b629f38a91c81bc5b9a78cac15a

SHA1
7a2bd0fe69228feacebe9af949b4b32909dfc5ab

SHA256
fdcb14586707be0e9e77872f60f1d601c252bea7e9b06f2a13321a82df010d23

SHA512
25b49a6725195e9efccc4d7854471df5c5212e20b89a2871480dbf52f7ed30cd98f19ad3f62ff9a58628096fcada0b1f3f909af754d0476e08efdff51067f0c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e1fbc970687b7c9a1a482ddba3fbb14a

SHA1
22da9acff0c1778d084e8bfd6bc54d238ec2f7e1

SHA256
276b261da993e26a760c97a7ce17f4c689d907fa6057d7b809ade6375650815a

SHA512
6cd29c6c6cf66f7079c1a2b4de027d452b01e13725847fc396423d910769f41412a57f1bd600a0f9f166491b318bde8faa5acaab929c66c3695bbce1ac51ad90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c7067986a52737502e7ebdd42cfc01b2

SHA1
8094782cb053144dcca03eea68cfbbe8c0478388

SHA256
19631579677e62f293494b4043c091fb641eece20ff0e15a54983160bf8c87c0

SHA512
00b681da09fc80b8a6c79c47e9912dba7a4053c7a056ccbf48f949d09a622c392b3435f5e65ee897a1319c369427e124d7371617f04c3f340abbffeeef8080e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12700d0cc7a9edc729dee71e51b3e353

SHA1
bfc1e1de4968acbed8c945b771ce61b81f1ea26f

SHA256
83028d3594cd79f5338b45cf056bf99e5ed736e13b56da94abf8321875218bfa

SHA512
34541aad40e50564636921c6650e3d7763a16c8a3cc32c4d2153ce78b4fe944272daa2845f168819e51220486ec3ac82ef0fc7be7972b0803b2f02877d86bb81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9a552ea8e966d87829a6dc7ba0e98d4

SHA1
f6d0103f2379ee17e24950333d9292a2d36b1162

SHA256
8ff5306b0bf74cc1f9cd8ff970ac6c544be424fb9fa725fdfbcbc6b15051cc54

SHA512
2051d5ada7a8c0c40749d3b313ccda15fdc66dcc0b8ffcbe38238d408e36516603836a340f44933c5a963f003a71e79143fb886ea4e3c65426ece0da0742a8b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6a40423d124a6efbe38c60db9946253

SHA1
e1b67919125f954e8e9722d392cfe347281fc088

SHA256
10fa4e10cffa49125016716efd5747ca6fb0d5fe12f9214d172a9d8fba1ded29

SHA512
663b1c16333ee4529a6baef69fc885e4e5e697c70b37e3f9a33ab1d4259e8d50499de5cc2b3d30e31471ae0ca94f075c527782facb09f7ed680d978ff71a3b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
021d1e493d5ee4343c7157ffe1309fef

SHA1
d92f73c3cd91876656f38a7226b8527043098470

SHA256
a91dfc2c381bd3678aa87f988a1f6f48c5a16a4611b5f57973ec6c54c01b444f

SHA512
85bd46979ca9caa705643f4511312ea5e42a9c7f73cf69408eb2aabd42bcefcd9711816456c88b200421df660e4542d5f357f0a5986138cbf3f8b7c9d72d54ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9596033c449311a319e9b5c08194601f

SHA1
e9613cbad8ece9bc7f1c4a051e3f6f73c85e1ea9

SHA256
fd74d8df37fae59f9f224499246d57ca8f8184246ea2cb0dcc51946679b89270

SHA512
f0d48ce55bf6717e156e11b8754d10aa10af52e86a935b04be962d3b30589f42c163402c70149371cb31ff2cadebfd8c8a75d89ff2427f9a2a801fcd69ef5f6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
596f4baee8cd32a1a372089c9c7239a3

SHA1
d33e66ed86a5dc0b7ce4a0e4629f40477cc3e056

SHA256
cd307bb8ad0edf3bd141a377a3435b22db90b106c4f6280235b5b25d1ffef365

SHA512
b3f9a321ce1d87f6999eb7d722ad82e23fec328e0e565ba21a595d12368ae5f548b34e31e49d4fe81f45898556393d6cba979d883b69f5e9b7adbbde796034ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fdb7fcef8548acd96039f769a7fb1c1e

SHA1
6b43f5d2272c37914a6f64cb0e91024d959218d4

SHA256
c7c675a3e1c4471609149f2a782cbb34567f82de7f4c2a715058b7418780cfd7

SHA512
217b6cf6f39dc9e569d646b28cce54f02c012a4514e5b3d472c216ebcbcb331cf0faf089ddb9990f35ffbe7f92bbd43a28e19a05f08d126751bd91cffae377ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b3d2e3da39612ea35f77c1ebb5d0eeb

SHA1
9f1ba71471b4cd60c4fc4a00a20a52b7eb06a601

SHA256
5bea04ae36031d59f4863cae88eb8c1382abc629d9e8969a448ed235e9e86bcd

SHA512
4c26abc6b056752cd5215560bf60601b939d160190468d17f3eebed1252f09f4df722027c45238933a14a2cb6774ee28a1538ce828c26e966fa7efab6e0f23a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2ca54b6ed77f80cc0ba7e6ddf80779cf

SHA1
ece2f8f60f3e4341189c5750aa48dbbaee3bd767

SHA256
606a2eaf627531c4827212bca5ffd138b1c4dc94b3756cf3be45fa341934ae58

SHA512
d1ecb2959cf8d15899958ed986f552a512aa2802ec08897d66701f7572fb281c01f7f32600ad9fc4cec070578c7122c731ff6f8af6bb2c675d632cf2c48d04e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f5e3244a-dc21-4e9a-adb5-9ca93975faa5.tmp

Filesize
9KB

MD5
7a27e5908ed703fc153db5fe1bbb8746

SHA1
72fa4e62eada405dbf8baf8a5ba08f3b9ef67e3d

SHA256
93b257fde432c2c769e5cdb5db4ca30850bb89f01e2bdced6208f90d19f14100

SHA512
76c52440e54b09a5fb2c2c3851c42dabcdc254ac7dcf981f7582ab87159505421ceaba5b8633b62a3b4e258a93ca6a6ca72ea35970399f5b446cc9e5c10a45a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
edd61de740090ccdfaa0f7b5d6075bfc

SHA1
cfbe7d97b250f0361fb7ce1ea4909d697f850561

SHA256
7060508337f2178cfc8619d7bc52960fc735e248c64b2c6dc7be85f1b7cc76a7

SHA512
eae1fe140ad3e66b162f1070043474e913a3d300e0820fc077cd2e6b6556ce27ebe740aa7fddbf04037a30696b29572766fabe5cc3223fd3f40a5de33cb0c1ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
90c2e3297d3fc55ac0042937a704c7eb

SHA1
a6ea2ef0bbf9cfaf56d490cf07f3b4318da29c77

SHA256
fc23f540803fa08920798f7636e9b00fb422d17a1058baf4e136eadbee6878bb

SHA512
6c51fcf9ffefc33b812a2be379e582d21d5a9cc0947ea224d29089ed3db9d57982d8018984568fe679cf70b38234db28b7fb6fc89c47335faca2de59e373400b

Download Submit
C:\Users\Admin\Downloads\LegitProgram.exe

Filesize
11KB

MD5
746e068e6d66c4b398770eb01d442d3b

SHA1
408feed621cd42c4daad25a5d33a540e1b1c17ac

SHA256
8eb7e30b5347bd5541b2387f0bfaeecac1fe96b43778d9926cb426846318f85a

SHA512
9e8a28a5823c6e48e47d0adb1be2ecdfebfcdf192eb91db0c824d3a748ab8943983b7c3b64d23c246156bcdf938f085cd90ed2977c9cabc65ec56ee9b140fcd5

Download Submit
C:\Users\Admin\Downloads\file.bat

Filesize
18KB

MD5
d69dbcdcaf9d01c27a032ba6d775c254

SHA1
066c5259c1d99d6ced3de230e296377b7d3ee8ca

SHA256
2ff6dd1e710c8f19801427e996ff3205e33abc17a1bc82840638b0690e562c40

SHA512
a1fed5d961f07cc10e94a654f45b6a3aed81ebc3315a79bb5f765d2586a0e79cb8d8cec77a2de2166aa80027ba6e515a810e94359c087a05471d0c5a51bdc749

Download Submit
memory/376-455-0x00000000000E0000-0x00000000000F6000-memory.dmp

Filesize
88KB

Download
memory/932-357-0x0000000004DA0000-0x0000000004E32000-memory.dmp

Filesize
584KB

Download
memory/932-356-0x0000000005350000-0x00000000058F4000-memory.dmp

Filesize
5.6MB

Download
memory/932-358-0x0000000004D60000-0x0000000004D6A000-memory.dmp

Filesize
40KB

Download
memory/932-355-0x0000000000360000-0x000000000036A000-memory.dmp

Filesize
40KB

Download