hxxps://u45875412[.]ct[.]sendgrid[.]net/asm/unsubscribe/?user_id=45875412&data=kzyETV6Vt1VeHPIS5N-LaWi-ByJ-qSJzyGWEE1hqa4JoMDAwdTAwMOrWoeJ1zYWuXNk9duo7k4DK2Wuy4VvLAjvmEWtKk6JWMTyPg1ZRLvl3iglU9ddumRW0D6MPt8KY1wqAneeHac5j_hQvumfkIqS0_PxCiwg90oYBnuImHmwmyiiWocct0eRMrQwdfYY4kPPJamJL_3kAz4NJiB-i818RFDNrV4gpitHQu_LkZzHgRFNYS8ca4cNf64a6HyehWm-rSwZ6GANe-thRYyOb0Pi1lj3khpGVkW-IvZKnmMSaI8JIQ8JAhK4vxHcxGoLHS-huTb7TjYjAsIny4Yuh8_fNm-CXQTv36cWFXzt1umuew739bA5q2oXJt2y55qQ3ewS76d8HaDZxyNxhr26DVKJr27xw9TSWrbLDZdQP6elfXqjUwpGHH_18g720ULCMT0wDdVZwOsHq27hbFcwv9KBRHz4Hsi4NSwnwDFPsMQO4pKSz6abCowxmOEPPQ_MYgkPJ1QGQJOg5HHBmo0hsBm_UtY5-rWIAVBLDfPbP80z4WuUlpDS8U5dI-i1RQPon1_kJu9fD73scVqS1O1JN6qe4Sil7RRHsZoWibncj33Yd2J2_Iwu9SAmYnWjkCwtjoqpuo8KpoHZWiIUwU_6BgenL79KXNJXrKdyO6e2hQjOAW6OYiojfLqTynayfg013SyVe-S5lGP4w-wIr6xDnm7DxyO4_9yWkcHC47w-BIAgBmnQZTisSK100PPVEEFJK1BzkQcypi8Cg-5Mk-XCCvrNuRIHtAeyDdZCuYPkHwoL6seCXhqIx23faTI0A1GEowcUuKZkKQoEk4bI2P_C3nOC0b75HnUJVqaGRt-gIMORjrNWGVOGAKfO9d_Jlx-cxTBmJap80Kh9zcvKzV4paCK-DL1I61nXsGFNGSsmBh5xukJ0Za_VFg-Hypm1r2B2jEQnMMxyaK2wWo8dfSGVjCuU7EfFS1f-pZHKbDPKgZqiVOlTeeATkM1hnGvPlg5kZdCszyuNPj1FFv2j718BA7-iHYJcMPj00zYgrCIvdSrJMwyYG7ZYsdq6tcsp1SfOQEm5xH5-Szdk8mZKRYBsaIVN9jBLGNwsZx_eVwsD1rsLccnODJNtX2nNdRWhaty8Uo25MI5wDqFY=

Analysis

max time kernel
299s
max time network
245s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u45875412.ct.sendgrid.net/asm/unsubscribe/?user_id=45875412&data=kzyETV6Vt1VeHPIS5N-LaWi-ByJ-qSJzyGWEE1hqa4JoMDAwdTAwMOrWoeJ1zYWuXNk9duo7k4DK2Wuy4VvLAjvmEWtKk6JWMTyPg1ZRLvl3iglU9ddumRW0D6MPt8KY1wqAneeHac5j_hQvumfkIqS0_PxCiwg90oYBnuImHmwmyiiWocct0eRMrQwdfYY4kPPJamJL_3kAz4NJiB-i818RFDNrV4gpitHQu_LkZzHgRFNYS8ca4cNf64a6HyehWm-rSwZ6GANe-thRYyOb0Pi1lj3khpGVkW-IvZKnmMSaI8JIQ8JAhK4vxHcxGoLHS-huTb7TjYjAsIny4Yuh8_fNm-CXQTv36cWFXzt1umuew739bA5q2oXJt2y55qQ3ewS76d8HaDZxyNxhr26DVKJr27xw9TSWrbLDZdQP6elfXqjUwpGHH_18g720ULCMT0wDdVZwOsHq27hbFcwv9KBRHz4Hsi4NSwnwDFPsMQO4pKSz6abCowxmOEPPQ_MYgkPJ1QGQJOg5HHBmo0hsBm_UtY5-rWIAVBLDfPbP80z4WuUlpDS8U5dI-i1RQPon1_kJu9fD73scVqS1O1JN6qe4Sil7RRHsZoWibncj33Yd2J2_Iwu9SAmYnWjkCwtjoqpuo8KpoHZWiIUwU_6BgenL79KXNJXrKdyO6e2hQjOAW6OYiojfLqTynayfg013SyVe-S5lGP4w-wIr6xDnm7DxyO4_9yWkcHC47w-BIAgBmnQZTisSK100PPVEEFJK1BzkQcypi8Cg-5Mk-XCCvrNuRIHtAeyDdZCuYPkHwoL6seCXhqIx23faTI0A1GEowcUuKZkKQoEk4bI2P_C3nOC0b75HnUJVqaGRt-gIMORjrNWGVOGAKfO9d_Jlx-cxTBmJap80Kh9zcvKzV4paCK-DL1I61nXsGFNGSsmBh5xukJ0Za_VFg-Hypm1r2B2jEQnMMxyaK2wWo8dfSGVjCuU7EfFS1f-pZHKbDPKgZqiVOlTeeATkM1hnGvPlg5kZdCszyuNPj1FFv2j718BA7-iHYJcMPj00zYgrCIvdSrJMwyYG7ZYsdq6tcsp1SfOQEm5xH5-Szdk8mZKRYBsaIVN9jBLGNwsZx_eVwsD1rsLccnODJNtX2nNdRWhaty8Uo25MI5wDqFY=

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661568052836517"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 4420	5072	chrome.exe	84
PID 5072 wrote to memory of 4420	5072	chrome.exe	84
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 1020	5072	chrome.exe	85
PID 5072 wrote to memory of 3332	5072	chrome.exe	86
PID 5072 wrote to memory of 3332	5072	chrome.exe	86
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87
PID 5072 wrote to memory of 2096	5072	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u45875412.ct.sendgrid.net/asm/unsubscribe/?user_id=45875412&data=kzyETV6Vt1VeHPIS5N-LaWi-ByJ-qSJzyGWEE1hqa4JoMDAwdTAwMOrWoeJ1zYWuXNk9duo7k4DK2Wuy4VvLAjvmEWtKk6JWMTyPg1ZRLvl3iglU9ddumRW0D6MPt8KY1wqAneeHac5j_hQvumfkIqS0_PxCiwg90oYBnuImHmwmyiiWocct0eRMrQwdfYY4kPPJamJL_3kAz4NJiB-i818RFDNrV4gpitHQu_LkZzHgRFNYS8ca4cNf64a6HyehWm-rSwZ6GANe-thRYyOb0Pi1lj3khpGVkW-IvZKnmMSaI8JIQ8JAhK4vxHcxGoLHS-huTb7TjYjAsIny4Yuh8_fNm-CXQTv36cWFXzt1umuew739bA5q2oXJt2y55qQ3ewS76d8HaDZxyNxhr26DVKJr27xw9TSWrbLDZdQP6elfXqjUwpGHH_18g720ULCMT0wDdVZwOsHq27hbFcwv9KBRHz4Hsi4NSwnwDFPsMQO4pKSz6abCowxmOEPPQ_MYgkPJ1QGQJOg5HHBmo0hsBm_UtY5-rWIAVBLDfPbP80z4WuUlpDS8U5dI-i1RQPon1_kJu9fD73scVqS1O1JN6qe4Sil7RRHsZoWibncj33Yd2J2_Iwu9SAmYnWjkCwtjoqpuo8KpoHZWiIUwU_6BgenL79KXNJXrKdyO6e2hQjOAW6OYiojfLqTynayfg013SyVe-S5lGP4w-wIr6xDnm7DxyO4_9yWkcHC47w-BIAgBmnQZTisSK100PPVEEFJK1BzkQcypi8Cg-5Mk-XCCvrNuRIHtAeyDdZCuYPkHwoL6seCXhqIx23faTI0A1GEowcUuKZkKQoEk4bI2P_C3nOC0b75HnUJVqaGRt-gIMORjrNWGVOGAKfO9d_Jlx-cxTBmJap80Kh9zcvKzV4paCK-DL1I61nXsGFNGSsmBh5xukJ0Za_VFg-Hypm1r2B2jEQnMMxyaK2wWo8dfSGVjCuU7EfFS1f-pZHKbDPKgZqiVOlTeeATkM1hnGvPlg5kZdCszyuNPj1FFv2j718BA7-iHYJcMPj00zYgrCIvdSrJMwyYG7ZYsdq6tcsp1SfOQEm5xH5-Szdk8mZKRYBsaIVN9jBLGNwsZx_eVwsD1rsLccnODJNtX2nNdRWhaty8Uo25MI5wDqFY=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaa11fcc40,0x7ffaa11fcc4c,0x7ffaa11fcc58
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,7616063068757914582,2384044851668707517,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,7616063068757914582,2384044851668707517,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2000 /prefetch:3
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,7616063068757914582,2384044851668707517,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,7616063068757914582,2384044851668707517,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,7616063068757914582,2384044851668707517,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,7616063068757914582,2384044851668707517,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3780,i,7616063068757914582,2384044851668707517,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:968

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4248

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5de48dc8-7f80-42b8-bae8-b3ec762f6923.tmp

Filesize
9KB

MD5
68c7b62b23f5a6e8d093f2eccf5de54d

SHA1
9b11aeb61754676dbca0e3bf48aa1f7b0aa4ce08

SHA256
f7cc571d9e9d8e74ef7dc637a6b99b5b0273e88100c1c26d3100a284b8042263

SHA512
d03e606554efdb47632470a66f2307878db0ad6299c4d45f31c5bf11a8af01a9253132bc1575bec92ee14af674209a28c4c659b5a8ead0c44df9835dc0872ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5f591776-c22f-4aa9-9585-b960d4a7df4e.tmp

Filesize
9KB

MD5
037bc368052b00f1628949c9fd1cbbc5

SHA1
594685e4c46405e4f870f22230896aa288923258

SHA256
902ea9683786789914d6dea835ad8aabe440a4e045f57565a11f6e0b5d07a658

SHA512
b0c23346312d27e8e634c5f8468a7028c86ac04106d8b8a90538fefe3e5df7f5f1cab83332ccb4af1589c5b4f86e26e50822457e63d36318ba2f575e27e5b71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
76069bd5472142262f937660648209a9

SHA1
93294c86f9f1bf702ab8ad83ef1312b28676d687

SHA256
0fcc7d61050674894cef39a12837df95ee907aa9e95ff34ac9f60ea76d98672f

SHA512
635a3a49515074ed936fb407470cc8295d592b6140b8ec99003e569cd0411a82606d7fe65eadcb27e5afd6993e15ec457969c5ef05ad6305db3291f8217376f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5ac9a75b17aa430ed7a7a5c472f67f31

SHA1
becb210dda75b01e281d4578ca2f710ada61b21c

SHA256
cd01cc45b800ad9ccf9ddcc445becad44980a56cf111e65f3f540c8a14cc944e

SHA512
7d7482b59184d6d9dbe90adf90f3e3ecd4c410fabbb176dcfa2cca08325117109146368c31d12b5119b05341b4b884cca9b7985e7321a849b8f1071acff7f687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f0e4efe98c640928307a7007e95fb26

SHA1
e2e8b65f0deba950a2a2d4d8c3ade6735b7df0de

SHA256
e9bee5d25fb74a1e0d7f90476dd641b98649edfd176736f8de90284ffd234181

SHA512
3bffc7e9ee94726fd6a8e30a44e2c65217b6f2d06fa04ede69a7d861d3d8a3cfcd5ca49847521a6bced56e71df1423381f75d94c60a7a93c54c6dd8bc87ed50e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32a74501e844eacd1ba254f8b2cd4158

SHA1
a46c2130e536831f9a4e792a3a7d7ac67e91af7e

SHA256
4b00c0a9c90aac857149f2b6cf11e7219725ef626ea2f13e2123285b98218d25

SHA512
09923c5125227112cc74c079e200b4b2c4c8616e63cdc222ef31cfaee85430fbdcaf444643a9ce75e231617757a45ee70c584c906cc978ef24f55a0f2e47fa7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc1ee7c2951fdc4b28decc4baf0e530f

SHA1
ff073a85d5b468ec64f83c3684b1849924202e51

SHA256
2bfa7b3bc198088d24bfcab2305ff2807e15a0c0efbbdfa91e1faee42d4f320b

SHA512
fa3b9077557226cad1be43bfa4c33eba68ecec70a09a306ceb25cb717b1445462de4ce2a627f706d005772146fa7cfea1deb88ab039acfdca52a9cf0b080eba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a587a7ada2d2adfb90a356ec9f32b4cb

SHA1
f4498e768e87f92b2bb32b4b66d0b6c3a49aa4aa

SHA256
8194d4dafbfb0973a85c4a43a937fe9dbab384c74981f1537c518eefe213f752

SHA512
99de8d16cfae8a04ba5db3a1e24e63d42af75d285eacaa9772ae8f766484df4112b383b2e20d95e928cad104c211f7cc63bd4ac77a7c9b377ea6749e3677332f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
daef914f9799a4dfd8b443550d7ca6b4

SHA1
be720ed6584c2b76d76de778e374c044676428a3

SHA256
7c2de84bc43a5be365ce48cb1ebe70d54b192898348a4939a193060b6716e97b

SHA512
68d0a9700ea4aaa087e6c2630ff42c81d31f45a9471a8d9eae6ded78064b00270b249f658f60e36689d0ada5f43ec1e5505be98fcf3ed23ce0fd767f78b3d397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad4cd6b7bc3eda9fe54015a1c2d32c95

SHA1
cbfa0b02f88a4e5a14e3ffd6ec484a7f0a455116

SHA256
eb38fd1e2180f8bcd983873ed211d7d50ce2c63066e333d9a4aa214f9dc0461b

SHA512
21d09e3301aba64880650e6185f5a1badb3817a4bb52de500b5ae591fe32fc76f77279fa076a00eb19048eb8a477237f81e25475b906e0412af1304a35c51daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a792543147b1a2184b879d0592777b2a

SHA1
9339826970aa68a7505748695eb58fd3a4e548ab

SHA256
ac5d7a6df81f27bf67331c362707880be2697cc4f51c84ca855bbd8756248bd2

SHA512
f57509797644f8d8e1c3acb1cebedaf8e1a730676cfa4553e2bbc591eb0b40a7617c034ad3297d464f0aee8b12d583795da1b36a58951bb7bdec6734675f1ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9418cd43f1f414e90172bdb4b83e511f

SHA1
7384fea8a3cf6ab5f703b3a72445bf30ba9f65dd

SHA256
bc649d9cd46a0496758bde904419d7324852fd08d1c74ead2b1ad87fc742039b

SHA512
ca70af0fb2fe8233bae124515f1bd4f33c9e6452c025b9dd78c1919b1870fa460cb537541c4fa900c66124fdf22c1017bab44a1a53cd2f041b2c4a77cb9c4fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ffeda2172389bccc67dc70bc6b3b4a1

SHA1
23312115208cf5fd16839157ee957bc6ef19f112

SHA256
a29eb8c5966fe178e859b31296b91b525c528217e11c29b64062c449c5983cba

SHA512
5a8411965e7030cb4d32141a0a338e7b624f9435af598cc702ef84bbce9305f570e19d394c184ab2b546cad90e0dc47645634eafd2ceda35df82d75906b88c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ad3582d06e2bbb33be503752d6de1bf

SHA1
ae69d1a812aaf1902ddf198c7c729b887b973d4a

SHA256
3864b9d8a239b29ca55627abe33131d603eee25425efeab7d3be34b1369d9131

SHA512
1bf2f8fe2d442d7211129454de6ff629cd2e0cb0d9e0a662b4fbb4a21df8469f9ee100de5206bc6fb03fea047a5673aec2485aea2e9c5e6b8559826251b86837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
5ff1943f41d483d12c16d11f257cecad

SHA1
65d66eacb08439dc39a41586c258f299d4151c01

SHA256
b5aac1c95cbe29111e60f5d11ea7f24dff069fb20c1ff6d6847df8f798520858

SHA512
c713f99a57c25442d9474ed1cb3c32357585c2627a4e06871e07e5e8c8b0f5b493fbd149bb4cfd4b7b4526cbb9a9598307363fe33db705d6453b210b53863eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
e9895e5d889ff0fd60d631d6d0e961ee

SHA1
b053589353cc303c7a28880fa6d0da29c86dbf36

SHA256
eacb6d2ba44cec31cb92c607509272cdd452edf8273cb22ef4f2185b349656ad

SHA512
a56449ac8643be874d76dc892543ed662269f71b16a272364c94c21f3f920f396384aa5e0b4b1c70f0acdb5d11592be7598a2c998ea5d52e1757011769e88ca4

Download Submit