c1c54e49305dd5fbdbd54b934e6089193059b27a2a9fd15a8bf37800db42da2b

Resubmissions

03/08/2024, 04:34

240803-e66qksyang 5

03/08/2024, 04:32

240803-e6d1katcjm 3

03/08/2024, 04:20

240803-eyebcstamj 9

03/08/2024, 04:17

240803-ewcpraxfqb 7

Analysis

max time kernel
150s
max time network
147s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
03/08/2024, 04:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

13KB
MD5

0399d4c80f1ca63f52f0e6453b8c292f
SHA1

2e521bdc0d1141ea25ac2bf436543d44abbc4e97
SHA256

c1c54e49305dd5fbdbd54b934e6089193059b27a2a9fd15a8bf37800db42da2b
SHA512

9afcb7ea30d173ef899fc23250ad7cc3f0a72ce33d41cbd9ebf3807182e8d410a81791d2ea96fdc043010b5901658543652f46dfaf2e1fa1b14c54c4d3a9e52e
SSDEEP

192:+33x3PU3PvKPl3PR5KYUXmY7J7bBSagVSO3Pq:63x3PU3PSPl3PWYmmY7ZyZ3Pq

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2272	ArenaWarsSetup.exe

Loads dropped DLL 5 IoCs

pid	Process
2272	ArenaWarsSetup.exe
2272	ArenaWarsSetup.exe
2272	ArenaWarsSetup.exe
2272	ArenaWarsSetup.exe
2272	ArenaWarsSetup.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
1804	tasklist.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ArenaWarsSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133671322597180854"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
3368	chrome.exe
3368	chrome.exe
2272	ArenaWarsSetup.exe
2272	ArenaWarsSetup.exe
1804	tasklist.exe
1804	tasklist.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
3744	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 3244	4864	chrome.exe	71
PID 4864 wrote to memory of 3244	4864	chrome.exe	71
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 168	4864	chrome.exe	73
PID 4864 wrote to memory of 240	4864	chrome.exe	74
PID 4864 wrote to memory of 240	4864	chrome.exe	74
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75
PID 4864 wrote to memory of 220	4864	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa0b0a9758,0x7ffa0b0a9768,0x7ffa0b0a9778
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:2
  2⤵
  PID:168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:8
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5060 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:1
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5160 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5888 --field-trial-handle=1712,i,7717288645576798021,12115835787957600416,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2340

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap21092:80:7zEvent9040
1⤵
- Suspicious use of FindShellTrayWindow
PID:3744

C:\Users\Admin\Downloads\ArenaWarsSetup.exe
"C:\Users\Admin\Downloads\ArenaWarsSetup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2272
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq ArenaWars.exe" | %SYSTEMROOT%\System32\find.exe "ArenaWars.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3084
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq ArenaWars.exe"
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1804
- - C:\Windows\SysWOW64\find.exe
    C:\Windows\System32\find.exe "ArenaWars.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
7610956a749e95a184f01abc1573602d

SHA1
980f986291466083f3fb67fa70eeef04fa3addf5

SHA256
c5b457f07ec7f793e6fee4b8c8f21fb18aa310f7c6b14f85046852987b6d7f3b

SHA512
a18c81938cca291ec84c3718fa1da1e30e7c5ef2559993dc5e160a335df7513ba9b190228c965497db096f066d09820e73454545c88660045a6d38427bd2cb08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
873B

MD5
1a875ae7ac0cf6001f0aea0dc78962e8

SHA1
dee4e924614a4dde1ea4f5b02b9112bdaab59cc4

SHA256
1d55ce5557f0d7f9ebc1ba83b7e6617e44b4bfc6747bfe61af3b638c645c7acc

SHA512
2a93303a1b5050d1a5172c040bd06bcafd615b71f3ed26e767f3c7e730daa85d46d1a1bf6ae74ab577c356fe7a952a39e67bbe6d9d100d2ba523947e1b1135af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9823da87b28cfe9588516e6ac58865d6

SHA1
7f811bc6005290b6748e2f071150148d144db7ac

SHA256
42e38c8bb0d39a8b297d7f4a33d1395589b0f95867f8f2c1bb80f9b75cd54e96

SHA512
ac914baa313a19a31bd0e098b9602a04099e42a522dae3c4e86428bdb8ac9c605f6044549262a7e1f0bd8ff6d7420188ecbf1392404c85d72bda2999f8557957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
771f99b58dcedc74df455160664590a4

SHA1
45ee260467aa6aebdb017ec3082f18ec08127640

SHA256
ea41fc7565bbe65c7099859625d8b8418747692fa565c24039d8c84e644f290c

SHA512
df48b34859702f537ec9cec92ee3a270206b550f38d9afe63b247362d7d8b59ccb46d988d54e84f00814285211c5c5e0c00fa363fd1af7afc74a478b92fd059c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8c7b6b9c3547e3c80209444118eb5945

SHA1
df19f259093c2ca108d9bb9730ef6401a81d4665

SHA256
a96ca5da345be24513d03964fdd5a813973dc30849dd8af7703c40bc4fe5fca1

SHA512
c5af2d2b5b41f09beb1fe0cd8171ddc794a5f1a3149dc8653c7530787ee06f6502aa7694911e7b88768845dc487e7c112037ef3b0351a808e92596c4380523a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
31cfc21312b848f25635d70817566055

SHA1
d5e8c9ad7db1d3ab34e6bba0dc28de57d05c5a7d

SHA256
5d423049ffd6da53d0518fa86bd70f93ae61c0ea2ba2e17bea54e66f1cf6dc32

SHA512
fc253f7fc3db28484c9e3417575cda6db486c0ac2ef58b45e78bc0c9b8ed9699dbe2b9812753ab8ac010f7ce644eae95cede0ecd3d1fcf70ea6d9ed7fb3a5f8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3798fb1afe01ac8d4fa1f541e82a902f

SHA1
9708d0ff233c6979a28af5d7d4b6460a92f5e345

SHA256
f1716637b9983ce201c3e461490476343272c46563405ae7ad28ba7a4610bab5

SHA512
6daa08ebdd61a1f7fde144c95a1ca2302adc6b066fea8bb0686be547a84e91118b01789c85863aed5151a110c540a9c07ae7883dc583e69c8cb304eea01f3ecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
596316586df1a4dfa3ad512d8210bd13

SHA1
8a03e170b2f8f2a053e06e9e89566dd69a16bc40

SHA256
2f9d20b6f1d9b1600ed9d55b92da2fae9b6e8c2a2bb86abd34c81113aef45ea3

SHA512
5a659914ecba08aa2f3584aa3e4cb33d1c536ec16ef92780cb668b3df65ae28ea05e62c871585c95508edc86ce6afd4ee25d796bccdffed490885615a02fd4e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
5e9536205b1ed82fbecffab6a81a8535

SHA1
48d51563a0ac89d888eebc538310cc96b4ec8743

SHA256
98476c25366e9131e55f9026c9945a97b3ccb7abff6de8f5476e41253bfb2519

SHA512
e0cd6f99fe00d5d9a2cc942ce5d351feb844cd9fdf4d654d19f91ade9516d326955ef6b5f357933eaae9e43ea987264fe997c7cbb370325c0d03aa751a23710c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
f7fe9fc23c19a74c47174a5586003fbd

SHA1
6aa851bf972e12525763600cc8292f2ae81f9b51

SHA256
8d973c940c88c506076b2a90ca2c929637815a492b25c0fc485faf35877d1847

SHA512
046ae527758524467b61a9ae208827b8a959608eae25009fbd5700828e49cb44b78a37b530f14ff8c842aa95c3b9f92b6c9f8b3115b6d40877d9ccf6c429c0cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
049e47f1d83f31feb00eaca8de6fd8fe

SHA1
ce42310ba56a6726a9a5eb9fef9f6279069fe209

SHA256
b7e129961f0c7ac00f60af9b77a6f2e0f42beb800f66b07ee619c569d51c1091

SHA512
528dbc663ebbdf0d10c3fbbd6c23569fd2d471ed81674a6a21080a80f905323c4e96ebdf32e9c69e226559ab0b651d9089d6e4de321f485b6c72514fdc54a7e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
f02be5d903a8d29e20d211657b151101

SHA1
57cba4dc0a4b4ee62aa4be6bbc8454adb4aaaa8c

SHA256
9cfc490887ee9ed483778fbfe33127c9b8f3be94f09baf88a4e9e9db36ccd14d

SHA512
ad1a9cac4886a24a0c9bd487a1b47093cd150c20b63acbc83617d8273ee5820f42c773b3ff9144908da0444215c6ed4053c818e743ae7d510622202942111939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
1d27d41833601cf6d79b7268857f4883

SHA1
c2ae241af5ff96c49f5725cd0bfbf2a73ef54d8b

SHA256
898dfb23f0ffb6c83e3afc8ae96a97751572fc899d77418a7696ade10c6c2cc7

SHA512
9b95e56465a8a045c165ecd064f613a85dcceb7f8a4bc1a1a56da2363aaf5d7bb79a2aabcbf4e40c64a9349e541e1e0c13cbc57c086efe864018a14ccad4bdf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
6985e4bcef572c16d23b8ca6cc7c442e

SHA1
39489a27781513a754b84fec20459e4300c88de3

SHA256
e176d122ed02de37238f247e4a9c46a5a18ad1f5616335c78839fd217ff0a255

SHA512
4f92b30055c1946e2d560f340dfb51c6048d06fc2ad80d956ec9b3cb4284f7a33ef1af486408c92357a4126a6d6778de01ea3dcdcf7676b818996adbdf9c3ce2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
5b7d029fc626384d2d71f33b3d62d7f1

SHA1
8f9f041086966e48e963121bce33de3e2c35b6ea

SHA256
71eb57fc12fe8a1137b34ef1f1c9daf7bbac3dae0bde78219070b8defb509fa3

SHA512
e3dfd99afb43ed026a1643933a5bffe952bcdb60ba88dd00a536725ed4c23a0e82f9c209ba9c510c752f246520916c22c864ceee2ccef442236cbf7e16478841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58535b.TMP

Filesize
98KB

MD5
50dfb1a4403acb33028974200bfc52b4

SHA1
f0f7437839b8b3159977699d7f628afd4effc3b9

SHA256
9c437eed1a399778d15996f7ad2778f32d48f3cff210c6d373f9dbebd1e08add

SHA512
604509dfb74ec30014990f305782e0691d85e272d75e5c8013da10420b1e666e0192e3241898a7b501549809f17fa86535a30759a7ddbe25f48a6c409479578a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\Users\Admin\AppData\Local\Temp\nsg3CB.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsg3CB.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsg3CB.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsg3CB.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsg3CB.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit