Overview
overview
5Static
static
3Release/Be...er.dll
windows10-2004-x64
1Release/CeleryApp.exe
windows10-2004-x64
1Release/CeleryIn.dll
windows10-2004-x64
1Release/Ce...ct.exe
windows10-2004-x64
1Release/Costura.dll
windows10-2004-x64
1Release/Dragablz.dll
windows10-2004-x64
1Release/Ma...rs.dll
windows10-2004-x64
1Release/Ma...ns.dll
windows10-2004-x64
1Release/Mi...re.dll
windows10-2004-x64
1Release/Mi...ms.dll
windows10-2004-x64
1Release/Mi...pf.dll
windows10-2004-x64
1Release/Mi...rs.dll
windows10-2004-x64
1Release/Sy...ce.dll
windows10-2004-x64
1Release/bi...x.html
windows10-2004-x64
5Release/bi...ain.js
windows10-2004-x64
3Release/bi...tes.js
windows10-2004-x64
3Release/bi...ase.js
windows10-2004-x64
3Release/bi...ses.js
windows10-2004-x64
3Release/bi...del.js
windows10-2004-x64
3Release/bi...num.js
windows10-2004-x64
3Release/bi...tem.js
windows10-2004-x64
3Release/bi...ums.js
windows10-2004-x64
3Release/bi...nce.js
windows10-2004-x64
3Release/bi...del.js
windows10-2004-x64
3Release/bi...nal.js
windows10-2004-x64
3Release/bi...der.js
windows10-2004-x64
3Release/bi...ace.js
windows10-2004-x64
3Release/bi...rnl.js
windows10-2004-x64
3Release/bi...ons.js
windows10-2004-x64
3Release/bi...als.js
windows10-2004-x64
3Release/bi...rds.js
windows10-2004-x64
3Release/bi...ing.js
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/08/2024, 20:46
Static task
static1
Behavioral task
behavioral1
Sample
Release/BetterFolderBrowser.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
Release/CeleryApp.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Release/CeleryIn.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
Release/CeleryInject.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Release/Costura.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
Release/Dragablz.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Release/MaterialDesignColors.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
Release/MaterialDesignExtensions.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Release/Microsoft.Web.WebView2.Core.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
Release/Microsoft.Web.WebView2.WinForms.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Release/Microsoft.Web.WebView2.Wpf.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
Release/Microsoft.Xaml.Behaviors.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Release/System.Diagnostics.DiagnosticSource.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
Release/bin/Monaco/index.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Release/bin/Monaco/vs/base/worker/workerMain.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/base.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/classes.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/classes/DataModel.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/classes/Enum.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/classes/EnumItem.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/classes/Enums.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/classes/Instance.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/classes/Model.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/classes/RBXScriptSignal.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/classes/ServiceProvider.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/classes/Workspace.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/functions-krnl.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/functions.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/globals.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/keywords.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
Release/bin/Monaco/vs/basic-languages/lua/autocompletes/libraries/Drawing.js
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
Release/bin/Monaco/index.html
-
Size
13KB
-
MD5
8132342ce4b039603cbb3b1a32ab859b
-
SHA1
66c46050a6e5b08758c00455ae26a6c66e94ce4c
-
SHA256
3818906ed429acd27aabad7ec8771893d60658ea31b8d0c92418b96de8ee94e6
-
SHA512
44d93118187e703af1fc1627de7e97c39072e666c9086b1b4c00a7eadce1913c84dc97e8f80e2b514154ef66b23baddbfd71a2faa250735ddf4d2bc12709cef4
-
SSDEEP
192:oL3bXRggAbYm/9mv2Oxr09VpDwFgBsK7u24FzTkcmc/VT+9taAc4dReigXN:2RggAbYmbD9V9wFgBs+SFN
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675372613587241" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 544 chrome.exe 544 chrome.exe 3832 chrome.exe 3832 chrome.exe 3832 chrome.exe 3832 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 544 chrome.exe 544 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe Token: SeShutdownPrivilege 544 chrome.exe Token: SeCreatePagefilePrivilege 544 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe 544 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 544 wrote to memory of 4928 544 chrome.exe 91 PID 544 wrote to memory of 4928 544 chrome.exe 91 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1712 544 chrome.exe 93 PID 544 wrote to memory of 1664 544 chrome.exe 94 PID 544 wrote to memory of 1664 544 chrome.exe 94 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95 PID 544 wrote to memory of 2772 544 chrome.exe 95
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Release\bin\Monaco\index.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:544 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbef1ccc40,0x7ffbef1ccc4c,0x7ffbef1ccc582⤵PID:4928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,17211497080208143956,14048435055606231448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1968 /prefetch:22⤵PID:1712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,17211497080208143956,14048435055606231448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:32⤵PID:1664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,17211497080208143956,14048435055606231448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2248 /prefetch:82⤵PID:2772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,17211497080208143956,14048435055606231448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:12⤵PID:936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,17211497080208143956,14048435055606231448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:4228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,17211497080208143956,14048435055606231448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4632 /prefetch:82⤵PID:2380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4476,i,17211497080208143956,14048435055606231448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=724 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3832
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4284
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3960,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:81⤵PID:4348
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
8KB
MD56518bd7539839ded4f63635391b57141
SHA1322bb187d69b69fe0598d621cb8d5418c9927262
SHA2562b8fc0af333ba8de5ecfe2ce5f9ee96f92e5a878f2415d88453d868917ea8233
SHA512ad62b686691b7e927ac05820e8576cd31d6a8f22e131b1bd59aa27d39c21cc4fcb2ebdba43e324062153710a519e9de27250bf02b24534ffafb37364848af554
-
Filesize
8KB
MD5c4fac290e985f3a93bc34defc32198e9
SHA14f2c9693fb6ad736e322446eebda437fa40ef429
SHA2562f93bea5656b1937bd98985e96023dd39c64807ba35890c10196f412178c7677
SHA512784229c51c2eed391c7e514d801282ce092a728fb2e45949c52a1c9489ae73b8aac70949e64facc4686bf0fce422046628cfb78b3926a1dd502e6bc37014cc5a
-
Filesize
8KB
MD538ef0dff57bad1454b0d192877b8bdd5
SHA11a5de58d5fa089a9aa02650ec5ddb1adf22e3cad
SHA2561f598155eb39a107025beff60e5ff13a60a5678a32871c38da85c37581ef5d0f
SHA512543aa9ed5c0a488d6927dbf8a7a509cabd96a179d12c79fa9b8f1d5e09c8760f7f748dcc38586f0877125625a79b2d84a09a786348dfea620ea00f86f3d7be5c
-
Filesize
8KB
MD5bf6a75ea4861f82618f270adb40df3bc
SHA129da4d7e6d2d5c8b96bca8dd1ede3881be6ba3aa
SHA256068494c9ba8988a19227581dba26bbc95cc9491736160581ac3d6b22eac96e17
SHA512044392eb00f73c4c7f4da077f7fc101461aa2d3131cbc4a11392d178d1b9352f493003d1033a63471b8a3abbfd3c733c634e60b1d91b9d026164c9430ea47ff0
-
Filesize
8KB
MD5eb931f657ff75675b3a3728763a74497
SHA1057686b31b01ce73c974f465c0f135b7effe895c
SHA2566d678e9cb438a4484354b5ff7bd8d8a2ce600c78f44b49126a9d0fb5bf86b0e2
SHA5121082adb629b6dd17da31fc21bedeaa1bd0696e9f7065b054be4e0973c807bad1140c7e7beb120f94d47416b152cc907d847373d0ec92cf45cb128a627b4691f7
-
Filesize
8KB
MD5f878720530ff5fe2d3b9d4b3d14a5a65
SHA1b002d879684a43850b794f21a7a51cd5b0a423af
SHA25664ce3bbd5678c63be87ec4398203016fa2025463a4432dc3c91b6bcbb231b09e
SHA512df219bacac49fc62d0a5ab6eaed1458d9a95234b270e6bb4c3fbfffdfd876f84c0237bebb293f86f6ae49d30309ebdda991950c2f93d64d10155d48c3d6ff400
-
Filesize
195KB
MD5330233385f38a2c8421f502c21a71231
SHA1337abbaa8f405ae76826dba919a35b7f4e5e9520
SHA25644833c271e9c6aa1ae7eacdf46b662c4a316a3eb09884c68501b9c1a7ad04a22
SHA512e68bca9209b9de8f8f11dcc8c0759c075f9a56f76d64a9852982ea0cb4ec05d7d8fbbdf307933c465bc63a93362aeb72a653196352d3008143b9cae918ae785f
-
Filesize
195KB
MD5993338bb18fd14e8cdd31f79c6b84988
SHA1d907c085c77bc2d4ffbdb9eeb9b7a0d953ff2a87
SHA256e65759d1b706e58df0ebf025b444270c0176a0ebc8b924dc40acc16e0760eba1
SHA5125c118e6e1542a3dd2977fced4db2c0988603036ed0b3bacdf277e9813dd85ca2e9ed7d2862e2675f91e53366c3a5f2c2fed9e45484e052b079a719caa18b7496