32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
202s
max time network
294s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OaAJeEHHCHJh4jtD1SJaSGLMRnh5L9IgAMuq7PRk.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

EXCEL.EXEIEXPLORE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXEchrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FE84F6F1-5102-11EF-85EE-5AE8573B0ABD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d05611d30fe5da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000007f85e5f12083f683d7455bc13475068c182a5b1aecc24fb8c7a33a24169e73b5000000000e8000000002000020000000d8737886345644a222423241983aed10e64bcb0285f457fc037fb47b50b1a8f890000000ba70581747d4695bdf0e6a984d2fbfb2cfd33c26cfff804932e45e9231bab3c75c13ac648ad367a1e5b67631d198e57d7bfe1ba42d6d93ccc9cfcd7bd247f59f75134df7980ffa27604d93c46b6123a6fc0e0695ba6fd09431ab477396fa6039f6f0c615d5131f999103fe3415a72c860f2a0ae6a9e88c80a21d6b43d153db252a2359f81474a7e30650bd1b156881f940000000ca41003936320e1922673994a6d7a2e4a7c0e9973bbff4575fe0d2faa5915db10543fc310894d22cd3ebaddc99cf9299a98995de438b995828bdf4244e78c096	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428787746"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c70000000002000000000010660000000100002000000047d591248780f15548bedec972e4c08ef422eee8815f5d976013150d890a519f000000000e8000000002000020000000f0197f95cbe2b2d75e9d9bc86699a9b5bdbef5330035cc2e800b7d83bcefc3512000000048aece55fbce7ecfd80a7a40e80953b8916abc006079a2c3dd052cb7b227bd894000000060a6d9041ab74f053375653becfd44fd37cca359b4ecbc5f7c0ae5e77de3d7a729cff6446d56559effa54eeebc9618ef36f5a9d65727cdac6216fe547d27bdf6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

1584 EXCEL.EXE
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

880 chrome.exe
880 chrome.exe

pid	process
1584	EXCEL.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

iexplore.exechrome.exe

pid	process
1636	iexplore.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

iexplore.exeIEXPLORE.EXEEXCEL.EXE

pid	process
1636	iexplore.exe
1636	iexplore.exe
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
1636	iexplore.exe
1584	EXCEL.EXE
1584	EXCEL.EXE
1584	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exechrome.exe

description	pid	process	target process
PID 1636 wrote to memory of 2840	1636	iexplore.exe	IEXPLORE.EXE
PID 1636 wrote to memory of 2840	1636	iexplore.exe	IEXPLORE.EXE
PID 1636 wrote to memory of 2840	1636	iexplore.exe	IEXPLORE.EXE
PID 1636 wrote to memory of 2840	1636	iexplore.exe	IEXPLORE.EXE
PID 880 wrote to memory of 2980	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2980	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2980	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 3020	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2344	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2344	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2344	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 2192	880	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\OaAJeEHHCHJh4jtD1SJaSGLMRnh5L9IgAMuq7PRk.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1636

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:2
2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5a79758,0x7fef5a79768,0x7fef5a79778
2⤵
PID:2980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1292,i,14826049493436847255,12748191523866940740,131072 /prefetch:2
2⤵
PID:3020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1292,i,14826049493436847255,12748191523866940740,131072 /prefetch:8
2⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1292,i,14826049493436847255,12748191523866940740,131072 /prefetch:8
2⤵
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1292,i,14826049493436847255,12748191523866940740,131072 /prefetch:1
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1292,i,14826049493436847255,12748191523866940740,131072 /prefetch:1
2⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1324 --field-trial-handle=1292,i,14826049493436847255,12748191523866940740,131072 /prefetch:2
2⤵
PID:1268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2236 --field-trial-handle=1292,i,14826049493436847255,12748191523866940740,131072 /prefetch:1
2⤵
PID:280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3484 --field-trial-handle=1292,i,14826049493436847255,12748191523866940740,131072 /prefetch:1
2⤵
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=1292,i,14826049493436847255,12748191523866940740,131072 /prefetch:8
2⤵
PID:924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1932

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
1afdc2c8129169ac53dad213dc004aac

SHA1
23dc18f3de15db5fca490016880c08989c688f6a

SHA256
8b72c00cd84f14dbc2496a32d10d59e103d0deb4fc2a5f253323e85b28915f88

SHA512
ed5a1aa7d510a7dbd4a7221824ca5374f4942296995b219c420dd1b2de59ed7dd394ff9fa3898bcb1870798156afaf7d4dbfced306e2735b308a68432a6a5074

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
7c8d626242f4d0676537e3271a99b08b

SHA1
40ab6dce3a7b4790cd206a50d6abf35ec97f86c4

SHA256
e4c10b8effbc8864eab4f44debf46bc53a92ca201f75e7cf2db8ce618a7d4f3c

SHA512
820a03333714107d637bab5c8ac92ed7b2403faa908bfaeb38fc1b5bc54075ef2716c9e0dea8d872af0ad26ef4825386fa6bea7a5d0a760020cb1b58cfc1fc27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
954a9dc28c14be5b27572209d4502992

SHA1
ed79fb43eae0b2c931283260c57e4d23ff065b1d

SHA256
6c5bd02a6c720b8f10b8460549c2c0351a35ce38873ac7b5e47585f3d635b5e0

SHA512
5c7280421352786bf3775105fecca94d77680ea16fbef7e8f22873b7d74819fd59efc384e122d6028010fb18568d1c7e72971652ef9802e0cc446af7fb0aa72e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
8e58c6c1cb9b6e158e56417cc4d36e92

SHA1
4fdfb99c871904c1ddd4afaebb16a1c1ebef7bdf

SHA256
a19481068ab9cb7328c7c4180f9b0214baa1e5b9a153136d64e69629d6115de6

SHA512
9b31735e5c12b6ac6af6ad91c5a4fd5aa9e01700dc955ea5c409975361741997f846f6f78b9806a07137230786898fc10f835540a5aef81e9002d92f2b493937

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9222b6b420ac06a2c49c3e58c156926b

SHA1
af389d6fcc811e4502f7c61cb98cd9e4d3adc33e

SHA256
902ad5fa80fca16d43c1c46c8ac53c177e44ffbf948ba446d1cf1366fda5cb95

SHA512
6bfa4a60f882bbd8429257da76cc23cb73285cdb5d93932c307b07433a127427f1975b6fdfc7cf4bba4daffa280286b6a441bbcee79db074fc43f24ec863c3fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
7cd10132fdfb3488f58f2830f6e5d2fb

SHA1
83e8d0be9a1eadbf2de6a6e65ceb0ed5088bddba

SHA256
a4153c6529f5714bb34307dbcc7ebd7ce7de087d870785e730c2e3a1f7611b3e

SHA512
cd1d42be261f9d1a00c660b3dee43bddaa44efb7690c9fda66d4b71485bb2ecb217b4350aa24f86fea45eb2c868f52c2cec131e61b30db05b934d3c6db1862b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
bc06098aa469cf47127313f61d91d2ef

SHA1
8a28e74147deee20c1e7bf69908e71aaf3e7821e

SHA256
9f7ec05bbf2a67150f2fb344cacdc486a1230ee160d6e5911b77bc45d36cf3a5

SHA512
356094c95f9c5f04751e6072b8211088be84c0936eb4f7e022b79f57c80306923429bbb830c49c144e3f91e2d7414288f63fc86a16d5dff389d60675738fd2c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
0aa11c9b7f574320e244d8432f90c6e2

SHA1
e1b98b4613698b046a5e2e799b2c603408186fb0

SHA256
97c4a9e073e918531d576ec47326850171ddd68329aec018fc8eee1c1caa6f19

SHA512
4a3acc352c056a57ab3fede532e6ead99ededb054a1fc484b45d4da621765d10cb2f68d6746179d6a584313e72a27eff076e8f6a1d9687ffe921cf1432615b52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
45ccbbd1d7e3a208180f9af80cb456f6

SHA1
87fc11040a142c7d38a1ebd6ade01c431f28b1ce

SHA256
a843f9994b6ada202a0bc078c04254abd72404423db3ad02cfc772e9e6548992

SHA512
1bf7a1903be8ba3cc5db3e3f433eaa3fafd753aaaef025888f3f80827a131c03f7435ef8edce2d38190495d6c01d7e9b2c4ac42f6619b27bf009d7579de5e74e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
6e8258c08c29dec3dbd77fd3ffc4e007

SHA1
5c7a0a94f4c83fe75d21290b2a42b30b8b8e41a6

SHA256
3efd13ca4b250688d0bec00dd29bb30b6a16bb0acbf6131873a647a1415a295f

SHA512
0cce37ba33189d1c168089ed46ef8d1e6a18132204dbc2463101f374a6b03509e3b8e301067c54feecac45727065b8ea3bbbd7957765988e467e26d624e71380

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5f779928d6315b463e8538ea7e59dd8b

SHA1
6795a59aaaf178e7f98bad76bd5bb9e533f467f6

SHA256
ea1816a8f224d7f63cbadd4a0349bef8078aa52ac6c670b0fb3fd412d82769cf

SHA512
0895e06c743c729e20bbc13b16f378864d876f1136567150d6d1876d0c4de22f8dc55e21796e9591bdcdc5aec2f8515a3b38abe99721f8797c52747ec6369497

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
c9c7e33c8cc63ea2ea2cc97d9eae7d84

SHA1
a39814d70e786da3b04e23fea49a0181c8935dca

SHA256
8e1bacebee68ac3c0c83c3514baa2f264d9937c2d3933c7ee61e2f02e3a10a73

SHA512
be5f1934d95a17d23f940bdcff7fc633612794c221ca71855ae2298c306a3fc76c09286cb7ca58bb21eb2f22657946de44082feca937c60902ae1dc21e160a8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d23133c11bf9228cf44a89cb8631b967

SHA1
44aeaa1d4f8f088d8c23c6323c6bf6b4de83e51e

SHA256
83a0bbc6fb691d3c1bc440843abce73fbf6d48f0174e3c5f5ffbe31624295314

SHA512
e23cecadff6b4633ea8a30e30f2a95b6a100982332a65aa4907d3e6f08228d3c64155f5aa8170fbd8d7ff5ef41790cb008c285e6ce8e40846d78d7d5ce745dbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
cbce2d7461d135a3b0ac0afb00a16a62

SHA1
912dd5b966e987502839d9e3327e0e790842b028

SHA256
5382ccecb269c0fc341c3e98499ab354a22193a4f4f8ef76335fef474e584ef1

SHA512
b125e544ba8f8867a549517bd2d1005552a0bbed8a3082372458d68758148fc790258c6c5eb8645be9ba1fb89731a1429fb4d409a9e5d7f896a995e6c32b6f5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3e462dcf0763c9de5c2341f4fa7cec38

SHA1
6d9111a4715902f79ff593dd204f990aeee1f7e5

SHA256
f13ebb2a125394ebcf98a14520b2acbdb1d9749b585cff1afd337a77f10a5e0f

SHA512
147aeee29a411f5543c289d4b5f2ad2c64f5e05f6f1e49dbdf3e03f33956cc718127e4d8d0ea4bb284adb6744d6a4fa173f9d9d8c0e3e75336a24f610608062b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3edf479fff3f3b84fa41db314210f4d5

SHA1
122d3d0c8a54f9c9ee4e81aebc4e777296a3bf9b

SHA256
961b274a54d771a9aa7a43d9592d1e2e398b375c3c07538cc19446c9c1cdb8fe

SHA512
ec69cadd84c45fc160868e6ed937004caeeb47df05cd4bc1547032cbf1a8dc357b12a82c5e0308effecc1a906e6af66a145651777128f570af0f7c85e47b5a1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9347c5ace0c691161f23f3fd13bd71ae

SHA1
38c7953e3fc0893e4e1c65a52556f7aa6678f0bd

SHA256
c97c6717f0bdeebe2c80e27e0d3e3a8ce23c935e8a8fc0c9185211942b652701

SHA512
f5fc83d8ab8a1921ff730b7253cdba51b3db4c1b9b545958daaac75117d132377fb6869a7812001ce9eaf5eb84bd4eb778de383fad5558bb67e4366a3925cc2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
707ac2f268a0008ea27b557d30dffaa0

SHA1
ee3a5bd36d9904cbf40f6b4d29b2c60a846fcc36

SHA256
5332f08764c946a9637ad18f07f7504f34b9a73e370629dbcd8f8631e3157122

SHA512
6160e26f8dcf71b98557a186a0478f35743ce0cfee4716ddc86feb33404e696419055bcf891f9f45e6d5ad2e316942c07e04dcd5c81e125e91d73a35f1a5e98f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
58d93ca47dc6005f979f113582a3849d

SHA1
c41ac374e276e126c2c5783cf816974c01732e53

SHA256
8318351825a496e790ffc348b84c980becb880229b7fcdbaac88e18f1cc70208

SHA512
96a7c229f71046358f764cf02c7dfc7edca16f5bc6b7df258264d7287925dfb49e3cfa039f4d1938a64778f0b761c7815f8a871edc3bbe2a4f5db978c8aed674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab92D0.tmp
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar92E3.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
Filesize
234B

MD5
339c7892394f5e7ac1b4f1a4e1746c71

SHA1
da3215953cf7c0b371a053993a3ad77134632e1a

SHA256
b790c9ca0181148a88796761efc1ba6aa6cfc7c6715dd6845efcf8e658d4dd80

SHA512
394404de62f78ca2d8569bbe38d2becf987c38503418fe79481234de0f9d4f1579a118443b3d0ca3b1bb5efa7af9337184d8db631ad5628a6b04b0ef5b722448

Download Submit
\??\pipe\crashpad_880_JGBZDVGKSCXYNCHT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1584-882-0x000000007077D000-0x0000000070788000-memory.dmp

Filesize
44KB

Download
memory/1584-881-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1584-869-0x000000007077D000-0x0000000070788000-memory.dmp

Filesize
44KB

Download
memory/1584-868-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download