0762bee9f4ab36d7a673d87b2e8f28c7ae03f462fe519822234867ea6bbd87e6

Analysis

max time kernel
135s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2024 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

boostware+free+internal.rar
Size

8.1MB
MD5

159871c7972633119a9f87aa55f84fcb
SHA1

b8c4a1ca48244b5e2ad0f2d4bcaf4b93010a7824
SHA256

0762bee9f4ab36d7a673d87b2e8f28c7ae03f462fe519822234867ea6bbd87e6
SHA512

d76b26aa92a586cb909d1bb8328ac1c7ddd6420c0dd5d7a58f28dfdc1d8484d37b419022bb9e73a868ab82dbf05bb3a4f5fb20df35902799bdc2af3a2821ed98
SSDEEP

196608:xwYmmi4U2P770kH219ZSAQEO53hLOXr9H2Yv3g2H:Opxr2P7e19WRhc9Vv3gs

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
1476	winrar-x64-701.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675322542095166"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{8B997FFF-1C88-4D38-B4C0-9FAD09C8C83D}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe
Token: SeShutdownPrivilege	4352	chrome.exe
Token: SeCreatePagefilePrivilege	4352	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
4352	chrome.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe
2256	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
840	OpenWith.exe
1476	winrar-x64-701.exe
1476	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 3764	4352	chrome.exe	91
PID 4352 wrote to memory of 3764	4352	chrome.exe	91
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 4396	4352	chrome.exe	92
PID 4352 wrote to memory of 1724	4352	chrome.exe	93
PID 4352 wrote to memory of 1724	4352	chrome.exe	93
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94
PID 4352 wrote to memory of 1548	4352	chrome.exe	94

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\boostware+free+internal.rar
1⤵
- Modifies registry class
PID:3664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc7353cc40,0x7ffc7353cc4c,0x7ffc7353cc58
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3324,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3756,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4532,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4812,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4668,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3260,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4640,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3420,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3688,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5296,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5656,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5640,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5668,i,2399543082282590938,4559191331177091706,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:3688
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1476

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2152

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ebfd5170f4203f39287ebf912d359010

SHA1
dafc8b76ad126d5159a1815e6426c568b5f6a5ca

SHA256
6b29fe109d26ab2f8eeda7f76daf98632c6da7f8e38df16a1d91a5dcfd898505

SHA512
ea7b9eb424c28205a1f4525c562b03ce65d12badbd8e96f0d57d29c712cfc5b05b8b07a8b40e71a5b8640d4ad61ec9335a26a23266c0e1d2ae036de86f6ef6ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
238e411421774ed3539d37e23cd544ea

SHA1
c7b98ac317d87e1603b6445d0cf47a580580978a

SHA256
8f6023bc85015f59e2807c09509b143b2fab24a28c9ec60ac8be5af50ff29a08

SHA512
d0165f2587a7efb8071ba6b9d90cd9d34bec7b0aafeb4dcb9695e924dd2d2a89a27296d886d47d86731f420d636392f4d3238fe677d3dc0937b63890544c3e01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f9c8d299880834bd968f3056dd69f379

SHA1
19dbd4af9cff68a1442c554a4eea9fb8410a022f

SHA256
bafea8418c1081d8c488978f09e072123e72b7c65726a51a887caeb3ea93872d

SHA512
7fde472607ddd8fb406597829307bd30c57ae4606f709253227f0167343302b861d9252d463c138dd65a6623e443aed88e876d95c77c3b28488118ce8bac18f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7649c4989a94a36b213a22f5a3aad1c6

SHA1
787e2bed78efb30dcba0277b0d8ccf737ea7fb63

SHA256
6de6d82e171fca172115c56d3c3dc8f20fa63739125c005c5de80c01c24e94c4

SHA512
d6724089685275c6600ba9a449e09d24a7aa596a4d8d87c1d70d641c9a8422fa695be6fd4bd2074b8a44456e70e10082d4cb41075fa36313aad124af12785282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
40da0b6a7f39ebd7fd4aff2834285401

SHA1
b01c444812e20dc0eaed1514bbb10b93cf731437

SHA256
8aa7b5140fcc12da804494ed3e19765428f7206c8a83b7f152d868f90b69ff34

SHA512
90fdb4f0bb69ecbaeb65c9e39b2aeef4edbf6334c7eb9c9cddafe26e821efe4bfaadd6b539de5dcc5dcacbe08f5bc36429199771109d4aa055b6060fb5a51a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab4074bcf27b50b67a95fc7f7c9e3a0b

SHA1
a03f5b7fdcd12eb955e87293d5a44b565e30670a

SHA256
7d9e855658cb5802882c5da7a9c73bf8a5256f1f68c6bff684f33351669ddbb7

SHA512
7fdc2be167fbf845646e0c04f43ca0a1e1122adae43ab46ec5dd7e5ae2e3c6350926076cf6ca5ce19fa1f85a74ff610b33e1ff7b4ee80d5d6d7b88e8e45728d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0ed34f1d8f6a7722d76943e3c0df58f2

SHA1
5aa06df766db5fb35a1a85889a95f7851ec023c0

SHA256
7cd307fd36b0f689506bd7ff7aa0ec004ab218b3f72c8ad31bb3a235f53d002f

SHA512
fd9d59b619263eb11da7c4aad97b8f07eb476951acbb0146b475fb770fa2b7317062ec49003bf496feb60daabd7af79e51f0341edb917ceab56a9759c07cac52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3efe73756b1a3a2b2509aefcb4f5d9f5

SHA1
0aa1331bb2b21ecfa6ca3b31eb00d6974046d3ca

SHA256
a8b22a99468a46e1361bf1d22d5aeaeb4a8af889847cc7076fa7f6176a5549d0

SHA512
cb59c847bca8f08c530238859da79d5edec871eaf3353319ebf691367f0e642cdb18e5103bb23778d8044aa89b4827f4b880435491db970fab56d7174951f82f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
34888bb90f1710181e085bdaefe4ad99

SHA1
e7e0b426f4d5731d2e99bf552c253cf94443259d

SHA256
c47fb250313f5e0f4169c966d6e4de12ab3dfa9c2db74f54d1477c33a35818c1

SHA512
fec610decdcfcb2a375774c16b84f2a9b7ceda559df8503d174b1d7068db89e8ff3f44e9de5a405832ac6827f053b4503836f1c6a833e7bab6c78f7189625b0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9a96821f439c007ebae931aa865074a

SHA1
e3cb4323e59c18e607463469439d0df1279b5de5

SHA256
f9e559af94b6100816f16992c4781fcd9cd00fe07b10114f6115e69f49d6eca0

SHA512
855b3d23f26ba15c02488b2d2f66ca2cb0ed3fd323bc649ff9ecd53a76e49cb604d902f343cd2ccb85d4ce40ef9669b05aa066155ce795354d614620fc53ec0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
aff3e62ca4bf8fee06c648755cd58e76

SHA1
a34e057addf3f096616ec182f58f4850e17c1329

SHA256
b90f556fe34f9bb02d39619c9d757ef971b975717eb7def6d34d146d3a6bf311

SHA512
19ee1f647647f27abfc60f248fef6fdf56d1db73e6f9f24d189b9c4fd50f546eee1a88fb7373177d3d3e38b188e91b5280fa4d15abd6e51685696e24d4915637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
085d0b754167213781ce3603bb0d3a24

SHA1
560f3f6699f3974c8a3ecf03f834e9f8444debe9

SHA256
1a163876d34c744bb96675c0e440d2ec3410335a53d218092017b617ae3c0db8

SHA512
2db578e0b0e09f37a426e0b8d81487fb048d08aeecda1511d7a74af7da6b89e8227ef9164e73bbd169e7b7b0ed8b4ff517260fc2a279c0d5ea36d7c97e20bc65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a8b6740d994752d213c7e146b434b3ce

SHA1
54a132db9a22574888e5f1b2ed9538f8ff1666d0

SHA256
0805955c5b87f47f2e79abb80eda5cab2e98b46dd2035833686c4d57e314a036

SHA512
790617de6cf8fa68a3a6500755c1a24a10c49789c332166123e4d9ef2085dcd7356a9507a994201059200234bed8a45c9cc80b160071149081c48ef5f35c2420

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
43017c1c91babd569093e2930800510f

SHA1
f99867a90fbcb3ca84626be878452458d1b32ffd

SHA256
2f7cbb291567198fd3a46e61504ce93186f296df8b9f84772403e4319ac0503b

SHA512
8f11f663419d1b1a2a26ce1f91631cdc5e40e40720a44df8156a8b5dd09ef9a1f5517e2bfab83c0fb08de29a7feb2e4ba3b07e72e1aba3371d7c224dd7f9dea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
295bb13e1932db81bebc5725db52cd13

SHA1
847b7d7111fa7c1b6fb76d3690a43a03509ebc23

SHA256
234665ed2122084506bdbea22f7db69964fdb94196bf290e9072e069e142c3f5

SHA512
bd301d0af6da7fc78e5da48f87e9d8c0ee7f08c1ece7a6e7447c7ab68594f36f3e859d262ad968ae7bfb79c4102dc54c92a7b45586ce260650557a1b129ab47f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
e6b5e9422302709a4cd781353ac2bb5a

SHA1
d8367182de0fe43aa092f97106892c137c2f0856

SHA256
a8923036528f549b31c0c08f149d2b52aad5459e2abcb375564c904d6281de73

SHA512
5e98ee789fbf4a7213e16822422f5e1ad2c02c4607ae3e5567109d8154e586ca584c33710be1d7ade31b212c047cd5506bdffeab92b2cff10ccca19dbbad93a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
8ef555c0efcacda995b8ac7f64abe8fe

SHA1
fa57a32bb78c487b95a44968c28cc04ef7e35b43

SHA256
e70a9d37eccfd1ed958be5d0895f7d447337319f5e464daa1054e216d1945fca

SHA512
44251201efc612579b4d1c35d6b46aaf9c0c36012c6531831e338231f626964b76e95d7e45edb4433007fb41b2367aaa46204d59e48e246e700f406296e7ecef

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.7MB

MD5
3a2f16a044d8f6d2f9443dff6bd1c7d4

SHA1
48c6c0450af803b72a0caa7d5e3863c3f0240ef1

SHA256
31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6

SHA512
61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

Download Submit
memory/2256-379-0x000002B0FEBD0000-0x000002B0FEBD1000-memory.dmp

Filesize
4KB

Download
memory/2256-372-0x000002B0FEBD0000-0x000002B0FEBD1000-memory.dmp

Filesize
4KB

Download
memory/2256-378-0x000002B0FEBD0000-0x000002B0FEBD1000-memory.dmp

Filesize
4KB

Download
memory/2256-377-0x000002B0FEBD0000-0x000002B0FEBD1000-memory.dmp

Filesize
4KB

Download
memory/2256-371-0x000002B0FEBD0000-0x000002B0FEBD1000-memory.dmp

Filesize
4KB

Download
memory/2256-380-0x000002B0FEBD0000-0x000002B0FEBD1000-memory.dmp

Filesize
4KB

Download
memory/2256-381-0x000002B0FEBD0000-0x000002B0FEBD1000-memory.dmp

Filesize
4KB

Download
memory/2256-382-0x000002B0FEBD0000-0x000002B0FEBD1000-memory.dmp

Filesize
4KB

Download
memory/2256-383-0x000002B0FEBD0000-0x000002B0FEBD1000-memory.dmp

Filesize
4KB

Download
memory/2256-373-0x000002B0FEBD0000-0x000002B0FEBD1000-memory.dmp

Filesize
4KB

Download