hxxp://trackerc[.]osend[.]in/EmailClickTracker?query=ZXNtZX58KjcwOTIyMjAwMDAwMDAxfF58Y2FtcGFpZ25-fCp8XnxjYW1wYWlnbklkfnwqfF58bUlkfnwqMzI2MjE2MTIyNTQ3MDEzNzgwMHxefHRvfnwqQW5qYW4yLlNhaG9vQHJpbC5jb218Xnxmcm9tfnwqbm8tcmVwbHlAbmV0bWVkcy5jb218XnxyZXBseVRvfnwqbm8tcmVwbHlAbmV0bWVkcy5jb218XnxzZW50QXR-fCoyMDI0LTA3LTE2fDEyOjI1OjQ3fF58dGFnc358Km51bGx-bnVsbH5udWxsfm51bGx-bnVsbH5udWxsfm51bGx-bnVsbH5udWxsfm51bGx8XnxmaWxlSWR-fCp8XnxmaWxlTmFtZX58KnxefHRlbXBsYXRlSWR-fCp8XnxjcmVmfnwqQU9LZlg0SDF6clZyMmlPcVNqdWhtZEdxcmNZSXRyVFNiNW4xdmZ2SWpIM2Y4aVRUcXZGSGNsaUFLK0lORnZiUFA5aFV3UlBQVnpqNllrRzdsKzdUeDdTSlFpV05KZGJkTDNDemVha0MwdlFMM3JEdGtHT28zYVBqZWJ1ajIxWUhkbWdMMUlxZFNJbEUzNUhpZFJhWGdqSU9ZM2ZXcXJ6OGFiWTNraVlla0x3anFTeW9BV21DejA4c1dGMUNFNmQ4NHgzYWIwczJiL2V6UCtocDhGY1JYQXYvb3lEREp5eEcwZm5xZTV0YVQ4aXd3WkxETlJYWXRJbGxVV2piNWxIQkM0U1JYTVpHMTJLRjdFRE1Qb1QyNmtJak5Nd2t1WWJ4MWU3QWlKUWd2Vjg9fF58dmVyc2lvbn58KlZFUlNJT05fMXxefGFjdGlvblR5cGV-fCpjbGlja3xefGFjb2RlfnwqTmV0bWVkc3RyZW1haWx8XnxwY29kZX58Km5ldG1lZHN0cnxefGFpZH58KjcwOTIyMjAwMDAwMDAxfF58cGlkfnwqNzA5MjIyMDAwMDAwMDB8XnxvcmlnfnwqdGVsOjcyMDA3MTIzNDU

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://trackerc.osend.in/EmailClickTracker?query=ZXNtZX58KjcwOTIyMjAwMDAwMDAxfF58Y2FtcGFpZ25-fCp8XnxjYW1wYWlnbklkfnwqfF58bUlkfnwqMzI2MjE2MTIyNTQ3MDEzNzgwMHxefHRvfnwqQW5qYW4yLlNhaG9vQHJpbC5jb218Xnxmcm9tfnwqbm8tcmVwbHlAbmV0bWVkcy5jb218XnxyZXBseVRvfnwqbm8tcmVwbHlAbmV0bWVkcy5jb218XnxzZW50QXR-fCoyMDI0LTA3LTE2fDEyOjI1OjQ3fF58dGFnc358Km51bGx-bnVsbH5udWxsfm51bGx-bnVsbH5udWxsfm51bGx-bnVsbH5udWxsfm51bGx8XnxmaWxlSWR-fCp8XnxmaWxlTmFtZX58KnxefHRlbXBsYXRlSWR-fCp8XnxjcmVmfnwqQU9LZlg0SDF6clZyMmlPcVNqdWhtZEdxcmNZSXRyVFNiNW4xdmZ2SWpIM2Y4aVRUcXZGSGNsaUFLK0lORnZiUFA5aFV3UlBQVnpqNllrRzdsKzdUeDdTSlFpV05KZGJkTDNDemVha0MwdlFMM3JEdGtHT28zYVBqZWJ1ajIxWUhkbWdMMUlxZFNJbEUzNUhpZFJhWGdqSU9ZM2ZXcXJ6OGFiWTNraVlla0x3anFTeW9BV21DejA4c1dGMUNFNmQ4NHgzYWIwczJiL2V6UCtocDhGY1JYQXYvb3lEREp5eEcwZm5xZTV0YVQ4aXd3WkxETlJYWXRJbGxVV2piNWxIQkM0U1JYTVpHMTJLRjdFRE1Qb1QyNmtJak5Nd2t1WWJ4MWU3QWlKUWd2Vjg9fF58dmVyc2lvbn58KlZFUlNJT05fMXxefGFjdGlvblR5cGV-fCpjbGlja3xefGFjb2RlfnwqTmV0bWVkc3RyZW1haWx8XnxwY29kZX58Km5ldG1lZHN0cnxefGFpZH58KjcwOTIyMjAwMDAwMDAxfF58cGlkfnwqNzA5MjIyMDAwMDAwMDB8XnxvcmlnfnwqdGVsOjcyMDA3MTIzNDU

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655876879996027"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1784	chrome.exe
1784	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe
Token: SeShutdownPrivilege	1784	chrome.exe
Token: SeCreatePagefilePrivilege	1784	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe
1784	chrome.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe
3484	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 3676	1784	chrome.exe	85
PID 1784 wrote to memory of 3676	1784	chrome.exe	85
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 4980	1784	chrome.exe	86
PID 1784 wrote to memory of 5104	1784	chrome.exe	87
PID 1784 wrote to memory of 5104	1784	chrome.exe	87
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88
PID 1784 wrote to memory of 3372	1784	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://trackerc.osend.in/EmailClickTracker?query=ZXNtZX58KjcwOTIyMjAwMDAwMDAxfF58Y2FtcGFpZ25-fCp8XnxjYW1wYWlnbklkfnwqfF58bUlkfnwqMzI2MjE2MTIyNTQ3MDEzNzgwMHxefHRvfnwqQW5qYW4yLlNhaG9vQHJpbC5jb218Xnxmcm9tfnwqbm8tcmVwbHlAbmV0bWVkcy5jb218XnxyZXBseVRvfnwqbm8tcmVwbHlAbmV0bWVkcy5jb218XnxzZW50QXR-fCoyMDI0LTA3LTE2fDEyOjI1OjQ3fF58dGFnc358Km51bGx-bnVsbH5udWxsfm51bGx-bnVsbH5udWxsfm51bGx-bnVsbH5udWxsfm51bGx8XnxmaWxlSWR-fCp8XnxmaWxlTmFtZX58KnxefHRlbXBsYXRlSWR-fCp8XnxjcmVmfnwqQU9LZlg0SDF6clZyMmlPcVNqdWhtZEdxcmNZSXRyVFNiNW4xdmZ2SWpIM2Y4aVRUcXZGSGNsaUFLK0lORnZiUFA5aFV3UlBQVnpqNllrRzdsKzdUeDdTSlFpV05KZGJkTDNDemVha0MwdlFMM3JEdGtHT28zYVBqZWJ1ajIxWUhkbWdMMUlxZFNJbEUzNUhpZFJhWGdqSU9ZM2ZXcXJ6OGFiWTNraVlla0x3anFTeW9BV21DejA4c1dGMUNFNmQ4NHgzYWIwczJiL2V6UCtocDhGY1JYQXYvb3lEREp5eEcwZm5xZTV0YVQ4aXd3WkxETlJYWXRJbGxVV2piNWxIQkM0U1JYTVpHMTJLRjdFRE1Qb1QyNmtJak5Nd2t1WWJ4MWU3QWlKUWd2Vjg9fF58dmVyc2lvbn58KlZFUlNJT05fMXxefGFjdGlvblR5cGV-fCpjbGlja3xefGFjb2RlfnwqTmV0bWVkc3RyZW1haWx8XnxwY29kZX58Km5ldG1lZHN0cnxefGFpZH58KjcwOTIyMjAwMDAwMDAxfF58cGlkfnwqNzA5MjIyMDAwMDAwMDB8XnxvcmlnfnwqdGVsOjcyMDA3MTIzNDU
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff4a72cc40,0x7fff4a72cc4c,0x7fff4a72cc58
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1740,i,8111669824767287171,313775690218989638,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1220 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,8111669824767287171,313775690218989638,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,8111669824767287171,313775690218989638,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,8111669824767287171,313775690218989638,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,8111669824767287171,313775690218989638,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4676,i,8111669824767287171,313775690218989638,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4332 /prefetch:8
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=1472,i,8111669824767287171,313775690218989638,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5232,i,8111669824767287171,313775690218989638,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5184,i,8111669824767287171,313775690218989638,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4312

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2556

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3980

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument tel:7200712345
  2⤵
  PID:3344
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x11c,0x120,0x124,0xf4,0x128,0x7fff4a72cc40,0x7fff4a72cc4c,0x7fff4a72cc58
    3⤵
    PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
be1ffef7c4bf68ad3444b4418a78688a

SHA1
85c4a51a5280454a12269170f003ffcbc95380d8

SHA256
cf830ec816987f7fe69e6edd85f12c82e50b4dd396e404ccf9c6d3efa9ced9e7

SHA512
c0158d10250aef901089a47dda816ea5f30bb5c6501ef4cccfc70b68c0e8e4bfd3ba081da8370d84c11c0bc6dbf35245092fdf658d6f6f693aa3c101c1dcd0a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
89abcf4698a91e4e55ee4d5aed474568

SHA1
d21b21d984d561a698ea3092bd37aa761ec4b838

SHA256
59e90b1bfe853020cdeb833808e212e1b409836e33d3f21b66d3d465f8dd2aa7

SHA512
0f650f0b1c9607d5ecb4a8f9061cce1b07ebdeb754c144ad642a7a92749b59ccbb28971767ea63b08eadbfe684bb9f2e066bee0d395df4a7f748526c0568c4c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
e8584d79129eb1ef4774d6517a336204

SHA1
9ad3859109c504f8f42efc849c30e5eb1eeb1ee7

SHA256
1bf3164839d636689f553df629bf1f52bcd62cd51557826fd68a933b45cde120

SHA512
6c0dc42cc7eea90ad8744066285dd88152f528b1a2303d0543e6c56523f8c522e75644db8f332bdb9df6db8703efa9759d691953810c0068513d2b61d5926496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ee138aa36ae03732e016347a9b6b7bec

SHA1
68bd84d7fdeefac0d83c2a261fc7570ea49a07e3

SHA256
8064478412c11c22f35d6650e6b13a7c01e00d67b23f6dd280db9032dc5c6b94

SHA512
f06af543e90904c76db2927efbfe70e72e963fb7fc84e5a848f922edd1eab15ef8dbfca5a8876dc2d57c0487025320fa1ad4153fde349a649ad1f14315a529bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
81fec16ab93616f1054bb976929d6ce1

SHA1
fe3cec454ca94b061a97b25498028ef0590d3006

SHA256
812b1edde4aa0952c071360305d7bc4167cbeac47301d2d19d0ecdb8785665ed

SHA512
fe40959d3338c22623d0519939162bf00efe75a6b51728af84546189618c08bbc163cf126fc18010b50722addadc62f09524c3b41fa43d1428d9e468779eb2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d1221e65200fd4b08b3d95b384901f82

SHA1
361a403a9ec03fea33222a3590376b6a34295461

SHA256
e41ab874e8bc779dd9f54f1928fd3fc39995b29105c9320463932401bfaed022

SHA512
f60adeebd16ab7fd5ebac4cda92dcdda1b047db86c14f99016211b4175828ade2a7b7aa83001b7758da8c87f661ca72ad52fffe6b2a4932b0acdc6bdb88e641e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
05b1aeb390d52f4a480c900922057ea2

SHA1
e770270e4f2685afa8e8833815ffb16c813e5222

SHA256
dd9d2ca0f4c25938886a861e0bb47024acdf3c1270263335528156d3868d9ca6

SHA512
41dc74f7abef193c1ed5c8ed25d86c76b3184b5d3ee7b393d09732736f3036885e781881525530da3b930ad59fb05a907358835ad56134863c62ddcb9597c1ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
75a43ae1eba82bc716331a515ec9549f

SHA1
88c2d91dcbab47c2bfc280a108b6256762aecf0d

SHA256
b627103a7e76acb8045bdb654359f9302ee4344c30a2f0398c4b2f7f598f6baa

SHA512
f3db1c4dd6e536481ee281a7d4da3d39e615c07ab6a0aa86cf74969da64046b4998edb3a81325482f78f66f5c7d0183ebe68898ff75c4bcbaacdd8b8350d393d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2fa2214cd3dfc3dd5d62588ff2e81696

SHA1
d33e34bb9f47aea8eab18ed57575c141f6795b5f

SHA256
17aa99e3903f6be4dc391abcdc29dd7dded6c5fc165d46c1379fad9d8604cc49

SHA512
0fa8d59c2cc788c52b58bd67e71dc79f7944cac154d7b4c0d8107bfa90b37d413d92d06f64634d6a518a8164636796ed938f348b2421cb5a443f8279825ce4cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f2720b4a8e0b5a914a6e0bb4cae67c80

SHA1
39d359e81ac661a22d33825f093095291d4c3636

SHA256
f52e1188f65abe1d4822b359646fd09c9b91d0a1eb38e804d1b471e4aa172503

SHA512
00495883bc89ef5b62d88cba8350e0784213fac608872cbbeb85dbb615cdc96ea2db0976666f5ed1bae835f27131931b7a4da82cff967eb4107a02501d181b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
58920c4a2494829cf274ef3ac010557e

SHA1
67416b67e39f5b82c6b932193cc96331e0024041

SHA256
41163036ef9256f448d48004de18cdcbaa6dd62290827995ecaa41fdbf6d644e

SHA512
1fe1ceef587de482d45c98281923046c3250f523a2f876533b8d532ee77e4852d3ad0a0b07f517abfd9d45a1c5335a1ea9da508a178698bc368e7f3e6756ea54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2ac96008ad96588d1e0b15a22a533c78

SHA1
fcbf6779b963c03ae6d693234e8dac8049b9eda7

SHA256
3d30905727a0e2f9d9c2dda4e2b31b7a0f996496b7333647795616c1f7ddf5cb

SHA512
74da15890eda1ec67cc762fe02bdec2175338b008f4498169ed250178cff7c4730409e4ff3b8e398314c180359112b96fa8c9c7db8483aaec247b95f574ce1fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d5ed599488fe0f7df04236dbc8895562

SHA1
6216b732e33a06cc0c79b6df5975f850cc70744d

SHA256
dc892b0bc04962fdec542ce943b44b034c6e533d04f773517775bcc3801b7623

SHA512
fdf4582a9bbfe4bf07cb4924af028988ad8f559db44d98d539726c69138fd3f98fbc26199c639175b2dbcd5043304baec25d1b6190d12a261ce3aa581621b34f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
be61325eb30b5264fffe333b0ae97cf6

SHA1
6972d01614eadfd3cb83ec9e9dd25967a5eedcfe

SHA256
f2c1bb6b5f834251e615e941f4c0451eb946522df7f486f5abbc4bfabb103360

SHA512
c68d58c1a73273802414ec8a14ec855c308870c2314669caf720aef88a7830d21109497d1228f4178a262fcea4c2c7e6954b82cfb540c2313676811075b548c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
f42846d162005905d1bf181ebba37c1e

SHA1
4dfc93e7f575ae702e7243d55d74f799ba55af7e

SHA256
5cc3d3507a1d16200fea190a11574a789e9940f59ee9dd1f3940fffec2fe7b9d

SHA512
4cbbf6675465c6867d2a23197cdcb43ce9f4122306f247238d794a14f750cd7076864f0c1f64ceb72e36398e0c02b217318ea85d431de90df6bae5356e1b55c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
6594d5e3c1a747da4e32af6b7698fdd6

SHA1
208d3ce0069a1f9033eaaf4cd11b37d2005aad50

SHA256
52bda18c086b4f49e41b11e7128f38c4929cac62e715b85b967405694050f9ae

SHA512
c2abb7d99a48e1ed1f4aeee0eb1b53d91083d39ba18d90e20b2e2951990feca44385d27dc09922debc9863091868ceae7b026a65b1763ccf956f4ae4ab787ab0

Download Submit