Overview
overview
7Static
static
3Release.zip
windows10-2004-x64
1BetterFold...er.dll
windows10-2004-x64
1CeleryApp.exe
windows10-2004-x64
1CeleryIn.dll
windows10-2004-x64
1CeleryInject.exe
windows10-2004-x64
1CeleryLaun...g.json
windows10-2004-x64
3CeleryLogo.ico
windows10-2004-x64
3CeleryLogo.png
windows10-2004-x64
3CeleryScript.bin
windows10-2004-x64
3Costura.dll
windows10-2004-x64
1Dragablz.dll
windows10-2004-x64
1MaterialDe...rs.dll
windows10-2004-x64
1MaterialDe...ns.dll
windows10-2004-x64
1Microsoft....re.dll
windows10-2004-x64
1Microsoft....ms.dll
windows10-2004-x64
1Microsoft....pf.dll
windows10-2004-x64
1Microsoft....rs.dll
windows10-2004-x64
1System.Dia...ce.dll
windows10-2004-x64
1bin/Monaco/index.html
windows10-2004-x64
5bin/Monaco...on.ttf
windows10-2004-x64
7bin/Monaco...ain.js
windows10-2004-x64
3bin/Monaco...tes.js
windows10-2004-x64
3bin/Monaco...ase.js
windows10-2004-x64
3bin/Monaco...ses.js
windows10-2004-x64
3bin/Monaco...del.js
windows10-2004-x64
3bin/Monaco...num.js
windows10-2004-x64
3bin/Monaco...tem.js
windows10-2004-x64
3bin/Monaco...ums.js
windows10-2004-x64
3bin/Monaco...nce.js
windows10-2004-x64
3bin/Monaco...del.js
windows10-2004-x64
3bin/Monaco...in.css
windows10-2004-x64
7settings
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05/08/2024, 10:23
Static task
static1
Behavioral task
behavioral1
Sample
Release.zip
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
BetterFolderBrowser.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
CeleryApp.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
CeleryIn.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
CeleryInject.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
CeleryLauncher.runtimeconfig.json
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
CeleryLogo.ico
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
CeleryLogo.png
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
CeleryScript.bin
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
Costura.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Dragablz.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
MaterialDesignColors.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
MaterialDesignExtensions.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
Microsoft.Web.WebView2.Core.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Microsoft.Web.WebView2.WinForms.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
Microsoft.Web.WebView2.Wpf.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Microsoft.Xaml.Behaviors.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
System.Diagnostics.DiagnosticSource.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
bin/Monaco/index.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
bin/Monaco/vs/base/browser/ui/codicons/codicon/codicon.ttf
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
bin/Monaco/vs/base/worker/workerMain.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
bin/Monaco/vs/basic-languages/lua/autocompletes.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
bin/Monaco/vs/basic-languages/lua/autocompletes/base.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
bin/Monaco/vs/basic-languages/lua/autocompletes/classes.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
bin/Monaco/vs/basic-languages/lua/autocompletes/classes/DataModel.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
bin/Monaco/vs/basic-languages/lua/autocompletes/classes/Enum.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
bin/Monaco/vs/basic-languages/lua/autocompletes/classes/EnumItem.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
bin/Monaco/vs/basic-languages/lua/autocompletes/classes/Enums.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
bin/Monaco/vs/basic-languages/lua/autocompletes/classes/Instance.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
bin/Monaco/vs/basic-languages/lua/autocompletes/classes/Model.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
bin/Monaco/vs/editor/editor.main.css
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
settings
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
bin/Monaco/index.html
-
Size
13KB
-
MD5
8132342ce4b039603cbb3b1a32ab859b
-
SHA1
66c46050a6e5b08758c00455ae26a6c66e94ce4c
-
SHA256
3818906ed429acd27aabad7ec8771893d60658ea31b8d0c92418b96de8ee94e6
-
SHA512
44d93118187e703af1fc1627de7e97c39072e666c9086b1b4c00a7eadce1913c84dc97e8f80e2b514154ef66b23baddbfd71a2faa250735ddf4d2bc12709cef4
-
SSDEEP
192:oL3bXRggAbYm/9mv2Oxr09VpDwFgBsK7u24FzTkcmc/VT+9taAc4dReigXN:2RggAbYmbD9V9wFgBs+SFN
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673270783316402" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4128 chrome.exe 4128 chrome.exe 1900 chrome.exe 1900 chrome.exe 1900 chrome.exe 1900 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4128 chrome.exe 4128 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe Token: SeShutdownPrivilege 4128 chrome.exe Token: SeCreatePagefilePrivilege 4128 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe 4128 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4128 wrote to memory of 4864 4128 chrome.exe 83 PID 4128 wrote to memory of 4864 4128 chrome.exe 83 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1492 4128 chrome.exe 84 PID 4128 wrote to memory of 1236 4128 chrome.exe 85 PID 4128 wrote to memory of 1236 4128 chrome.exe 85 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86 PID 4128 wrote to memory of 4540 4128 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\bin\Monaco\index.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4128 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffab639cc40,0x7ffab639cc4c,0x7ffab639cc582⤵PID:4864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,7758359361041262692,9047807604138426658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1808 /prefetch:22⤵PID:1492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1592,i,7758359361041262692,9047807604138426658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2084 /prefetch:32⤵PID:1236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,7758359361041262692,9047807604138426658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2236 /prefetch:82⤵PID:4540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,7758359361041262692,9047807604138426658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3136 /prefetch:12⤵PID:2732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,7758359361041262692,9047807604138426658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:3364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4604,i,7758359361041262692,9047807604138426658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4624 /prefetch:82⤵PID:3088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=988,i,7758359361041262692,9047807604138426658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4820 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1900
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1540
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1532
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
8KB
MD51c7dd3c5a91fa869fc218be97d9c5d96
SHA1b2a78cef0b8161970b7881dadc36cd2cb41ab864
SHA256c7fabd2b18451c0ead556290a38a6ddbce0906025247af493c8273633bed02c8
SHA51222f8e7d6932f3095b002f8f74105f35834ec9392eb9fbcbb14e48c4423debcf075a03d23b1d2111fbf8f8106e7ee58fad32ee2cb26ad10415c5761786dff1cdf
-
Filesize
8KB
MD568e5f987e80f20e4bd5c01e6beeb62a3
SHA102d32a6995f0342b9399748f201f45d09ad15666
SHA25675311915fbeaa58fd2b5207a1f34b4f0f029804b782b21d633a9c5288feaf0be
SHA512c548b69d60fa2b3223ced4db2032d02b4ef300eac95d849a9c5a04bfcc5cfdcb44795a080b8cc89420c36139433b4ee218bd1367b0e529238386c52f45ce35bb
-
Filesize
8KB
MD5ce63568c33c27c038ed2930f313db2c8
SHA1498f1b6f13b24b70373b54f85d56629793c73bc3
SHA256124bc38f527d83ba90a3a3503fbeb81f061d56e97faab3f19cdd8fd8553c73f1
SHA51205afdbf841ef4993bf0d7bf654299fc18e1f76e499e4acac6df0e901c046ec76422a7de1a12b41d2fc64a1186a41799aea2b71903cdbabd6ba364a10abd4d1cd
-
Filesize
8KB
MD52768a2f6d3c35525d454bac99d49958a
SHA10963a6b702c21812c4fe497e4bb94922c44e21fa
SHA256e3de483e9f3f562ecb4b80727dd492e949565d6c371e5025e038b4a61bcb9e16
SHA51294e898e84782fbd1844daf39b2df21f0e7cf704029a02f7e99e08147f80a218040c67794034efe9bcc54a553f1a4ccb4d1c3ec816406bed25784de677d375e2e
-
Filesize
8KB
MD50dcdc27f4015a014da8f0f19440a18e9
SHA117409a979bc23fc188f1b5f6738b2dc3ad5859fb
SHA256f3b881889ada55d656c17b972fb8fc7223b5c4a9d301c315e26d497c101e9e69
SHA51212ffe7071625d0bc3c0f36aa25d96495c43d1fd2bc066985e76f2892eb704fb1d07d046cf332e5163d2735bf33ea04d22ea0af5f5a82c56ed749339886451aa4
-
Filesize
8KB
MD55e74d64c71512cc949e70620ff2146a4
SHA19d90eafe92efa26ced66d5bbc7a730f23e912fd9
SHA256610789becf92d0469240be6af944c085e259999f18c352940d58c0be0954f807
SHA51269c449e251a13fa0cd6d2ae3adcd9c53db0e3249ddf958b127d334e422980f0c9bfba5ef620a8aefb4020f158c5580c299fac61825507e358f366745a8bf99b2
-
Filesize
100KB
MD502f4e74dfe923c1fe42548b6333a4238
SHA16802b06b6b421e237bbf85eda686d50ac95dc840
SHA2567ebb055c0c67561ff821cecc4e2e376086a0e2cb93510bdb64453ff88e612d9a
SHA5123bb1dea63feb717280bad497bf6dc9cce51c9acffd448c15f4139e1ae00924234cfcfffe9bd8b81360b96283e5b0850cc8d1d26fca12c957091a58a73843f90a
-
Filesize
100KB
MD563f5a26fef484e9b49a765791ead7248
SHA12eb3b47295b29d0d5467c2e0edb3eec752d84571
SHA256c7cf79efc26bb0d954332f10696b060a2efb3021a414353922fb4d478289c9ea
SHA512cfb070ef748373c286e8547df6077c71402432908adff817dac176158cb875c7cbc7d2f12a3122f8c0149b9b0bf34e661578073f23a336561ed4122218293d15