hxxps://bbuseruploads[.]s3[.]amazonaws[.]com/d8759562-574f-40d4-81c5-735bcaf38a66/downloads/36640f4b-58aa-4192-af3c-3ccf26b87877/BrowserUpdateInstall[.]exe?response-content-disposition=attachment%3B%20filename%3D%22BrowserUpdateInstall[.]exe%22&AWSAccessKeyId=ASIA6KOSE3BNOOXOXKPU&Signature=drgRSx5iSBSL9xrX6eppEOrpy3Y%3D&x-amz-security-token=IQoJb3JpZ2luX2VjENj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQD30i60C%2BvVQwMKGyzrmN%2Ff5tCAFvOX8MSz2wCG8Y0uSQIhAI%2Bz%2FRhR3jewVnnistEMT3TKrbT86A6C5LhcdSRHSjRdKrACCLH%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMOTg0NTI1MTAxMTQ2IgwsJT90EyLXJUPIY3gqhAJrEc1Zk2SkBD%2BXdYRLm2HH9Iqyucku%2FcJnla0JKX9DwBSLYmDXhNn7QCx%2FTItGWLabE3423QDTtwRhz4H4s3pT0ViazDBpV95I8jvANKpO2VogFGAzwiK3vGcvYOOq84WpiTkei%2BP0MvQMY6FzYtfcp5NlQKKp0BoDXa3UQvhkhR7vt%2FiHEeFvYqxwT%2B%2BgoUkLb2YVjbKdmSaOAmxvj4Mm5pb8vi%2FpKrbzD4D%2BzF69Vr%2BoCpjjMJUlZ1zSGtRbBY5cnHlnKraDY8e3vPdejP%2FQaPmPzJfyRxa8STDYzaY2j6SDd8FyKbf0ksroZV6Qkk5aJIGuwMz00BkF3QTGSn8JVHFJijDpm4a1BjqcAbFFAgYaQ32Vsu%2FcxLQHpz5mgMrHJnDxelcXBHersU%2BrtRz4tkHOpfz0iTR%2BktjWOMNJzRZadusakd9WDvzyuFifYBv%2BWtoaD5CRPWwkVKjilMfBHRnh2J80%2FAJaRQbx3%2BKrkU9KtmcipS0WO8%2F6YUiV1cDMNRVwlhmpr52gy4zBEVUv8qDdteDb7l6lBZ%2BCzN3pqhgfUsMgMXbCFA%3D%3D&Expires=1721865457

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 21:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://bbuseruploads.s3.amazonaws.com/d8759562-574f-40d4-81c5-735bcaf38a66/downloads/36640f4b-58aa-4192-af3c-3ccf26b87877/BrowserUpdateInstall.exe?response-content-disposition=attachment%3B%20filename%3D%22BrowserUpdateInstall.exe%22&AWSAccessKeyId=ASIA6KOSE3BNOOXOXKPU&Signature=drgRSx5iSBSL9xrX6eppEOrpy3Y%3D&x-amz-security-token=IQoJb3JpZ2luX2VjENj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQD30i60C%2BvVQwMKGyzrmN%2Ff5tCAFvOX8MSz2wCG8Y0uSQIhAI%2Bz%2FRhR3jewVnnistEMT3TKrbT86A6C5LhcdSRHSjRdKrACCLH%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMOTg0NTI1MTAxMTQ2IgwsJT90EyLXJUPIY3gqhAJrEc1Zk2SkBD%2BXdYRLm2HH9Iqyucku%2FcJnla0JKX9DwBSLYmDXhNn7QCx%2FTItGWLabE3423QDTtwRhz4H4s3pT0ViazDBpV95I8jvANKpO2VogFGAzwiK3vGcvYOOq84WpiTkei%2BP0MvQMY6FzYtfcp5NlQKKp0BoDXa3UQvhkhR7vt%2FiHEeFvYqxwT%2B%2BgoUkLb2YVjbKdmSaOAmxvj4Mm5pb8vi%2FpKrbzD4D%2BzF69Vr%2BoCpjjMJUlZ1zSGtRbBY5cnHlnKraDY8e3vPdejP%2FQaPmPzJfyRxa8STDYzaY2j6SDd8FyKbf0ksroZV6Qkk5aJIGuwMz00BkF3QTGSn8JVHFJijDpm4a1BjqcAbFFAgYaQ32Vsu%2FcxLQHpz5mgMrHJnDxelcXBHersU%2BrtRz4tkHOpfz0iTR%2BktjWOMNJzRZadusakd9WDvzyuFifYBv%2BWtoaD5CRPWwkVKjilMfBHRnh2J80%2FAJaRQbx3%2BKrkU9KtmcipS0WO8%2F6YUiV1cDMNRVwlhmpr52gy4zBEVUv8qDdteDb7l6lBZ%2BCzN3pqhgfUsMgMXbCFA%3D%3D&Expires=1721865457

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664181166245594"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 2168	1284	chrome.exe	84
PID 1284 wrote to memory of 2168	1284	chrome.exe	84
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 4692	1284	chrome.exe	85
PID 1284 wrote to memory of 2668	1284	chrome.exe	86
PID 1284 wrote to memory of 2668	1284	chrome.exe	86
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87
PID 1284 wrote to memory of 2700	1284	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bbuseruploads.s3.amazonaws.com/d8759562-574f-40d4-81c5-735bcaf38a66/downloads/36640f4b-58aa-4192-af3c-3ccf26b87877/BrowserUpdateInstall.exe?response-content-disposition=attachment%3B%20filename%3D%22BrowserUpdateInstall.exe%22&AWSAccessKeyId=ASIA6KOSE3BNOOXOXKPU&Signature=drgRSx5iSBSL9xrX6eppEOrpy3Y%3D&x-amz-security-token=IQoJb3JpZ2luX2VjENj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQD30i60C%2BvVQwMKGyzrmN%2Ff5tCAFvOX8MSz2wCG8Y0uSQIhAI%2Bz%2FRhR3jewVnnistEMT3TKrbT86A6C5LhcdSRHSjRdKrACCLH%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMOTg0NTI1MTAxMTQ2IgwsJT90EyLXJUPIY3gqhAJrEc1Zk2SkBD%2BXdYRLm2HH9Iqyucku%2FcJnla0JKX9DwBSLYmDXhNn7QCx%2FTItGWLabE3423QDTtwRhz4H4s3pT0ViazDBpV95I8jvANKpO2VogFGAzwiK3vGcvYOOq84WpiTkei%2BP0MvQMY6FzYtfcp5NlQKKp0BoDXa3UQvhkhR7vt%2FiHEeFvYqxwT%2B%2BgoUkLb2YVjbKdmSaOAmxvj4Mm5pb8vi%2FpKrbzD4D%2BzF69Vr%2BoCpjjMJUlZ1zSGtRbBY5cnHlnKraDY8e3vPdejP%2FQaPmPzJfyRxa8STDYzaY2j6SDd8FyKbf0ksroZV6Qkk5aJIGuwMz00BkF3QTGSn8JVHFJijDpm4a1BjqcAbFFAgYaQ32Vsu%2FcxLQHpz5mgMrHJnDxelcXBHersU%2BrtRz4tkHOpfz0iTR%2BktjWOMNJzRZadusakd9WDvzyuFifYBv%2BWtoaD5CRPWwkVKjilMfBHRnh2J80%2FAJaRQbx3%2BKrkU9KtmcipS0WO8%2F6YUiV1cDMNRVwlhmpr52gy4zBEVUv8qDdteDb7l6lBZ%2BCzN3pqhgfUsMgMXbCFA%3D%3D&Expires=1721865457
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff0c69cc40,0x7fff0c69cc4c,0x7fff0c69cc58
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,6649500666701331613,7368446081010934112,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,6649500666701331613,7368446081010934112,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,6649500666701331613,7368446081010934112,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,6649500666701331613,7368446081010934112,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,6649500666701331613,7368446081010934112,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4612,i,6649500666701331613,7368446081010934112,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4624 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4472,i,6649500666701331613,7368446081010934112,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4352 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2824

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2920

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
55992214f6786220a6560341c91ce779

SHA1
9fe624c12923820bfca9b1468316cf8f2f149e83

SHA256
153fc2ed952afcf3e9fcdb42144d7d22bb1facb59b717eb050d45217a3831372

SHA512
4f210dac0ff5eb75851e2308d3289fcb62275d5085ea76ec3fef785807c844f79adb6ad2a8606c45c96847918155de2f9f56d775a4b29eb923f40c281ce9b09f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ae0aa85d087d5b8504781a11dffb6f30

SHA1
b0dc814b60067bc9deb143f60786cc3c07e7f6ec

SHA256
5cb4b10ce133e1d3919a63cd6af1f720b7946206a1cb0ce029065a5007aa0a12

SHA512
e33edffc2596d7fff1a425792df8c6056e37badac3a697089576c2abde3212d3668381187d504c14009f6d7275c071b00851321d21f4f150030c636944f9fb13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c197689fedc7d7bafd449a21d5eab248

SHA1
ba0e59d4cffc36178a2d5dd8cacc4c32816ffd4b

SHA256
522d6b1a5d901e2c47f41cb35790d1c49bbd204a6bec9b8a3ab12b424a031a97

SHA512
e73cfc157cc785c078853637e2209027753cc97569ef5734912c44f5a3cb96270d4e28ffc774c2c1f2472ae13f0142bb41ced3e1ff51377720d6a799f9bd6f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e4c98848809c7e0359a52d441f6d271c

SHA1
e2ff93e13d6607dab0c3b9a657a4c8ff7fd52e73

SHA256
3bfc9d2734bba55c0f5be581de6778d1d64d6d2c2b6e1b77250f57546555f5b0

SHA512
dab36b4cf2071fecd8c5d107e7e65741551e83a1f3ce1bc6de440b36ab8d81460704231d5ce50fafd43ff6a55d4c224aa85a996c6e20991a75c5fdad5de3fc8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3a7e47e510f849151e9243f2f6be102

SHA1
88fa9aa2ba15e9a72b225b00dcbc8fcdec541fe1

SHA256
31331ef85a28e1ce0942a8519be3b3c9bf2a91f0a9ae6a2f3a8925a8edf9cc94

SHA512
495e1a8269c8b16a7ad1346e83c4d95c267a7e6a7765abd1805fb0b883c3a8d26d01c53ec8aff1c84361eca11bfcf86fbbedd42a9725f387587ed85fff348d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7dfaa1369f32dd6f1649e01eeb01555

SHA1
6c0294a6b8a03ef3f93b6d582d2c1b8fa4746848

SHA256
95685953259e822930134d61c973a48012f583db63e99fa62dcf714fdada8f36

SHA512
aba7f267a92e86453ebe3cae18ef1c80a6762a25020d809c2158845574f4f08d7f44abbb8f5cfcfb7154e327986ebb01e8de8734e19a0bf7cc399b96bb7cd3da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2793826a2f5844466123a85e2bb94e02

SHA1
d3564375d121fb5fa12e7dc26f2fb51c61311d6c

SHA256
93280f444035f9482d8814f4531829a8e55e8e73b76d3e20c206e37988c98d1c

SHA512
a474c8be58783f632a5540865dd2eaf0406a414aaf53e101fe194fe48ce3b13d9775f4257f3a49fecf53d44ac774ddec51fe70b3b1329718b73aa69beb0a6f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a23f7925a264741f9f6ffc191158731

SHA1
2cdbd0b31fb325ef67deb97578ff79bbf9ec2b6a

SHA256
7712a722797a15a93c6766c2b7c6967244170534085e925ef1cbd44cbe4f9301

SHA512
df52a75ccc6cb42648825c7d9303fb8b5cae5234843c2c3f862d1da0a05babc551ce81684ed5707d6430486e2e06c5bb7df4cc35c1e3f4099443870e9f54053d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
164bcb0bc652df91a0fabee6ab636b11

SHA1
a681d1b80055de0ed6c7e716d7a082df73b6a39b

SHA256
857852d64893630c9d3b05a81cd68ca62172025e507bd9d21e32cdd6a72c1819

SHA512
bf226a6a331ea0fb4d70f14a2ee7a8f2a7892d35d5e306f71c007ae99bd171033972c2839c3f67adbb70c2c72600e6b0259fb70b83436e3dd4308c342ad42026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0c14d1e5c28f0137407fece411adf1d

SHA1
2608f544bd8d10c93d209bd866de28c379112dda

SHA256
f545d9064efee66fda572a653b00c5995f23664c39dc08e7186a2c0945594aed

SHA512
6f206e04fb3c25317a35b703debb229fa651143bad584b5fee59e4ce8756495a8367547fd2bc43e1790a496fcb56d6d8f20ed91a72f6d706e7f68a8c824dcec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
925343e32497236e65405fb667bd4e77

SHA1
824aa3249028457f55d6811cd765469a61eabe35

SHA256
d9a6760b2a95c6201bf3244745714a00625397ca009e19c469951f97eca8d62b

SHA512
dc3c5d7823e28a5bf0ae023b10fef49d94cbc5e576e5ec0497730f799abbeeb08b10b3cf10eaec97e49e03fbed2bd38bfc9006f91660eaedfea7465476a95597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\efa4173c-4b11-44f6-93a2-b1857707e20b.tmp

Filesize
9KB

MD5
07ee431dd76b6f1b3a1064937d76a61a

SHA1
e4b99d7c1b7b01c6896d658f7696bc46c252f507

SHA256
64feef8cb9358cb62e88d0cd15923437e95ed3268b6c84757347ea2153c9dc28

SHA512
7dc001ec853fe64cf9bde73301f80b6f77c654b9826db42389085cd378ce7adbb90ee1e0dda540d1486a3cb76a6bed0759f0a4258eb27d17deb65dbf4fe07f43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
44e8c6ab554f816d248c7056b251e28e

SHA1
a34382f67c51e484f63622b09ee02fabf6300b60

SHA256
24d6c492cfb478dcbcf8d11c9e1e1a20372af7019649ac6691defdba25463cbe

SHA512
c323501dc40ce248c9608c6565cc48e096ad8ec02848ee5eef8943a872f5f37fdf1464c3a4ca1f3a46c182bec7d6796e6c2ae45b76f03fa8fe7e5f50439b9f6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
4e47a27376921349bc0f5adab9150b6c

SHA1
be6ab1eb87f3ae0bae05c85bc44872dfe028496c

SHA256
7d450907bef0c3393bacf6a3f574c4774c5027f8b595a15e0b318a52d3596ce2

SHA512
fe00b199b1dde3c7b9dd4796892620292aec77c182dcf479fc223b1cdc0f7523b55284c969afa635b9898a74deade4ece229e9ef593b7d1d2f7fb5166963e68c

Download Submit