hxxp://57[.]180[.]253[.]244

Resubmissions

10-07-2024 23:52

240710-3wsmzazblb 10

10-07-2024 21:11

240710-z1mqqssera 8

10-07-2024 21:08

240710-zyxsxszeql 8

10-07-2024 21:02

240710-zvtxvszdjl 8

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://57.180.253.244

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3544	payload.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651193036821232"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4856	chrome.exe
4856	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4856	chrome.exe
4856	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 3120	4856	chrome.exe	83
PID 4856 wrote to memory of 3120	4856	chrome.exe	83
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4852	4856	chrome.exe	84
PID 4856 wrote to memory of 4408	4856	chrome.exe	85
PID 4856 wrote to memory of 4408	4856	chrome.exe	85
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86
PID 4856 wrote to memory of 3236	4856	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://57.180.253.244
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2a95cc40,0x7fff2a95cc4c,0x7fff2a95cc58
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4948,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4944,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4560,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5352,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4880,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4384 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5412,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5300,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4380 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5432,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=1496,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5576,i,1347176869788647533,1439439114955685238,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:2496

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2296

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2520

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4528

C:\Users\Admin\Downloads\payload.exe
"C:\Users\Admin\Downloads\payload.exe"
1⤵
- Executes dropped EXE
PID:3544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
00f3100a35f35462fa49c9de4eb770a6

SHA1
9201b1fda4a4ed7fb2f2311c928c9700b65ace71

SHA256
e65936a0ef187934f313aab8a6ebdc5a546ab90221a179b32f170cd54882ca67

SHA512
3ac4646bd4486285b05fd53234cb6c6cccce9dbf0dd53da1793ebd9e7ebf02b8e9624508652f6b9cdad7bc5e4863aca68096fbdcb46ba0b28c76407d506fc4a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
abf094dbfaad4af16520ad2ef969b2f1

SHA1
cbfb7365391c8ae3a46476a52cb0c29222fbabe7

SHA256
251467df7863e84bfddf1bc6268b1e25616754937ee2ea2a32e71811130a8605

SHA512
abd73163cbffd7271edda0a9bb9a98d7edf3d0c342c39854c075c831bbd88ba3b93a2b654e52c5c1acd89132ee23e49d64523af5ccd7143adee969d01787c468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
12b969495d9c5ace3d08752c5005945b

SHA1
c4ce683b58d52d45c701839d310eea9c56bb4ec8

SHA256
45b18fe7ca7b52875ad4039c63cfdf8f78820d9126edac62a009163d946c45ce

SHA512
33d85b87612075e3a138a32828e1d511a704c165928a8c1f83be74aa045c96072f33b97e8592c88f3616216ce518be6dfb8fe54dee5ba603006076e1b0be247d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4a690124e7d508c748da55662885066

SHA1
088bb64d950c262d65687bb5bf88289c11dbd3d7

SHA256
e776298bca59b3a2ccc12588ea1d559e4ce95ff0552c85c36e7a4eb2cb8e1355

SHA512
75b4e67c4a49ef17ab8d8bc19c665ff57fb6376af2873bb76597425f3d16864c8a58eb945e0db8931c100986c2a3e9db8f3666f69aaef82bce6bbd0dc677cb86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9edf4894ad20d7ebfcaad68e4843ff8a

SHA1
900ddbaea1e0a06f78b6ac857c54e8809aa0c45f

SHA256
09dfd3da96559823d8d904b6b88d018c3cce24cdbaae6e1e3013779b5bf86f55

SHA512
27de4ae904cfacf0529533c777efc59b2f3d05abb8b1049441255a1db036332351a601e0fcea5e32817da37783c8057750427ebc869ee2d1e2a6e15eafcc7e0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b271f906d8e9b55169a6a8d4b236f2da

SHA1
869560e855810f7fa2d8cf5d9ea5b0cdc6ed5d84

SHA256
fe32bda304f91362e740f77dfdadaf605e7b6254af433ce1b3f4439671180d34

SHA512
91ce3ca9877a584b142f18ae5ddbd929b106c45a1819333e1a155f4f1b1c0d9a487ab6a0cd5f1eb39fb894fcc962a72afd296cfa31fa744890cc58fd1e2e3945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
017ff8b1678acfdc3628a5a63bd9754d

SHA1
87fbec4a93c1000a356d86b9b325cbab392b203c

SHA256
8dc7be570fa6a060b35e9688f6911324418cfe10989fa8854d3c2dcc86eb7c55

SHA512
8f99312d83c146df122779ccaf8c55ef0cd02ca0d7e9fcc39b8c2433fa498e214f1099d3cb1fffb869dc27c1f9ce27775ae421dba84f2f69b0e1d678324f0f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3682e436169e63e1d7a2a0ed104f5f61

SHA1
ba7fa637df257f42043bfc18ae96432df05ad2be

SHA256
cc685461bf4d052080c3d9bb191425750c798d4747058c4f3e0487e35f26830f

SHA512
e84e30599273a044628b11bff0a43917447bfdfbbdf4ae040249f0498f5e802a90556dc7ca07f862ecba0b8ecdfa05304e40f606211f6a4a3dca6da10f3c8b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8aa83d1ecc88130a461fb0b60f6bd81

SHA1
2221f4934e1599f9475ea7996c1652c0c3c840ea

SHA256
223ff255dc07d840543c6d9d153b5457a97f61977dd5822f2719f8e5c41f667e

SHA512
2d698ffd1ad3dc3f99581a6611c342aa2f744cb0c7603beace8cb241279b8661a49fe66fc8b70051960f4935df916ca04806384e90bd266526b4c00c9a2e31c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c73e0532d153a2eb0bb7137128ee0e5

SHA1
243eb373e35153bb370d4a5a982e9a62ccdb59c5

SHA256
61fc72fe1ba7e9e470689a1ba980cfc4f026641a353e308f3bf678e7d55d3be3

SHA512
101d1e139f79e8766ab29994f7379c74a44200fa69122cc3e851500933dd8da8b8df11b6d389ccb4756e3b7ce989a79473c3b398c14aac793a2f34ce65976a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a7d47d6bb372bc65932258365da00e2

SHA1
4d28a4ad0961ad809ee2b6ed6decde824bc6053c

SHA256
38e1b12b541a67d44e5dacaf3fe404287ec1674217570597f9c6bfa143664c2f

SHA512
a449348e586bb4c2d727db9d6f133004c8fff0942c10091ca5fd03035d9aca6f30bbc7dbb690c3aecee47a62c6e6d8263ba6e7493c8210d2c096a2cbc5d524cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
68ba67f73318c46d100c73af374ee7e2

SHA1
c060f0322ae57760ec8939fe0b177014f593e944

SHA256
484b982c54700eb9d64fb63ec39d49a931b8a7155e224b3ad0440f3f6eae69a7

SHA512
6283cd0975d9d21293158eab5e8adf813a901a6fc02db6a48b7471626446478d027d684fe2d2a6cc5b0a7da2ea6a37afa1ffe2db0317ff15b3c657cf95277152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
ee48bbc8fb8fb53f0b5531e95998526d

SHA1
10d4eab3d3570badff4fc6805705be7e3a71928f

SHA256
745aeb0073ae30adab307040d0d483fb4d792681a59e819658fccfc8965194d2

SHA512
45759572095b66529d4ad45f5594eae967f220ab6931c0c18150360001b85c5a9299438b9b9449c912b75e923c1da9fc50f32428f25d611e739590925c9fdca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
2e9688fd30a80e4ec0c78dd0fe83c98f

SHA1
519978d693ef8132997d63ab089b5cf9b3553ce5

SHA256
63e2cb53e1609402c5cd9c795837e0b7e9e9a7c45e4fa562c010cb017b2be39e

SHA512
55893dad490fed959cf6fbb170d35f87288b81b37823ac2259a23a96fe0303011ffd9bc3989ae60eab71bcaa0d9d78d6c82f6fce8f3b71de518d8b668366ac48

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 740231.crdownload

Filesize
139KB

MD5
c228866013dfbaa6b00afc77f1409d8c

SHA1
fb9c36a4ac6706f1ef62c479952d3831bb9050ed

SHA256
632f29ffde11458d77e6988a9bb38dece7e5818d752abd9c09823319e4869d08

SHA512
8e05226548681cda4742589871896f6818b727e977f7441683a965a78862748d5699aa55b436ce5deb3e519353630f89f65d486b80fedbed9db6dcb750b0a8ff

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 893316.crdownload

Filesize
3.6MB

MD5
77b8c18bece02b6cfa33f68c743b3c3c

SHA1
43e5e948457c22e09951e6b7b5ab9cd64bbec623

SHA256
e19de62c82f499f2f3748136c337222c2f67effba91e6252fdc9ece2f20595d9

SHA512
f9ba19828957665fb9268ee516800504f98e8e31b6c433841a9a6170ae87adbfa4c4cff9f8ba34edca258cbc5b34d22dad325c278c17c4ef6428f1c22472685a

Download Submit
C:\Users\Admin\Downloads\payload.exe

Filesize
4KB

MD5
98cfc67eed512ad39df7bcc60ca10812

SHA1
3ed03ab2d56ca0a674c2a2ff6acac588f00cd691

SHA256
d6f56ecd19fa563766690c26b4032bb05086e00f5d23759e389ecfa7b37f55b6

SHA512
f90f22dfd064ad2b5791b58a8453f72e1a7608bc29325fde9af6aa091e63d2b5226b8fc8b3713a06385f3f3f9f6d2072c87de0ce6c4296276b1b9af3909b7870

Download Submit