Analysis
-
max time kernel
123s -
max time network
115s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
16/08/2024, 04:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win11-20240802-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID msinfo32.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs msinfo32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 msinfo32.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID msinfo32.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs msinfo32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 msinfo32.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msinfo32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU msinfo32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease msinfo32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133682576487691818" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 32 chrome.exe 32 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3012 msinfo32.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
pid Process 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe Token: SeShutdownPrivilege 32 chrome.exe Token: SeCreatePagefilePrivilege 32 chrome.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe 32 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3068 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 32 wrote to memory of 1264 32 chrome.exe 81 PID 32 wrote to memory of 1264 32 chrome.exe 81 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 4700 32 chrome.exe 83 PID 32 wrote to memory of 1448 32 chrome.exe 84 PID 32 wrote to memory of 1448 32 chrome.exe 84 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85 PID 32 wrote to memory of 5076 32 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:32 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0db7cc40,0x7fff0db7cc4c,0x7fff0db7cc582⤵PID:1264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1772 /prefetch:22⤵PID:4700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2092 /prefetch:32⤵PID:1448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1200 /prefetch:82⤵PID:5076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2992,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3000 /prefetch:12⤵PID:4428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3012,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3032 /prefetch:12⤵PID:3024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2968,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:2228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3032,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4588,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:12⤵PID:4536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3704,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4508 /prefetch:12⤵PID:4584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3480,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4396 /prefetch:12⤵PID:3076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3500,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:12⤵PID:336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3332,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:3476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4368,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:3592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5464,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5884 /prefetch:12⤵PID:5008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5432,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6124 /prefetch:82⤵PID:2380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5448,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:3084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3236,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:2156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5304,i,5960929147617817140,3722745423605764364,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4460 /prefetch:12⤵PID:2932
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1716
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2860
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3068
-
C:\Windows\system32\msinfo32.exe"C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\NewSwitch.nfo"1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:3012
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5555e175b8e8d6758b6d129c5560ae5d7
SHA1ef2758cf1b268c7482e548fe56afa5710c330e44
SHA256811b1aaf7d425e3c84dcf7073c97151a39559ea087167c103dee47b5b39cd839
SHA512fea90477837e26de096955c3ad2d033bb643d7c91616fb63aa5c562d8fc494a7a6fdd195caaf71199548866e65e59455d488cf56730e414c6372bdc92146271d
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
Filesize
51KB
MD5813213fbe9012b9640add28ea997cc6b
SHA1de6a66881065afb8bbd4405e4b9fad4466fa5ba7
SHA25683cf825525cb41179150bfcdba0939e447d7cb2bb4ec80b113e3ae2150731145
SHA5120d36483415955aade134305241fa39a9e21a7ed0b5529801ee4dd05e8790bb9b2403e469c0ef70d3fc94d6b34fac6c63a0dcf89f3ce5bab1995c15219c4f1ef0
-
Filesize
141KB
MD582428a86022500a3120b58fe6a0887b7
SHA11161296127b364f8e25a8009576f4504d575dad6
SHA2564c32664dc685c92517ff5413aedfbb31c161ffcb8bc550de64991e908ebf6ab1
SHA51239109d1472b66da67955ef837c6798d0085597129f2c5a008b83f321f76ce2889b9523808e209286decc8af2bb6d97d8b61c3399f480bcab75eaa60f71a5094b
-
Filesize
76KB
MD5520f37e77dc548a801a30ed28cb856c5
SHA14236baffe8b423c9f7e4c4332b98429c0a5228f6
SHA2566e45ba9437e96b7c103d48377ef02e9bd2f6a47dfb23e449b7a70d30d3f0751b
SHA512bfbe9e5a691bcf534018357dbe4ec7cafc71a35e0e6be4eb2cfc89a1ebd1aef359fc919bbddc6b1924c1b9a1cd6b681cab6bb7364f31ef72f0707d0f2cfb4b5a
-
Filesize
91KB
MD568d457779ac04fbd9f6ee6284959d115
SHA145d29dc87a9de7591bc5674ad273e31685dc81b8
SHA256bf5da5fb3a7e33fb0f32aaaf1d60f60bf2b6e3d999116b278dd0cf9f0356fee9
SHA512e4b4ad3b50df5d4c30d0571b59c6323fb555c1b316ccd27c5ffc7219aeb84cbea44455a171920d9f944c594e584e12b3dffa6945af71fadc021d042039aa389d
-
Filesize
30KB
MD5d02ba3bc0e7cce30c9f3f900b46eaf4b
SHA1cbf64ed02876be9360d2e0561e08bb3c359fd7a5
SHA256bdf54cd5aa3889a0e8f9a69b5edab39dd437b91053dd0abf7e9f5dd95dc0fc5d
SHA5121322e1a610549f8d273c5dabc23db4c04a48a7a34a694dedc01c17f5675352ae15af302604879159af5fbe89e96d7dffe80e6db3ec483756aed3063de9a869e4
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
20KB
MD5dd62255c6e72b80ce88a440481d3d22f
SHA117758b8673c033ecf7c194e5d1190bbf9516c825
SHA25616921001068e64b8ac9935d54eaa1dca108647370c5987443732ecd4f0f56249
SHA51219cb0414fa378f59229d6296a4165e3a073fb6c6b812969c7015d3f73e7738c70893346740396986c6148ca1fcd5e7a8021aed775c808eb67ee9d1b301f0ee76
-
Filesize
3KB
MD5961b9638b7f3e324516ade6321e2c251
SHA12636e6ad501af25dbbd9c2af67205f5bb78e7e91
SHA25679d2212af9763947228401eec85969f905f442801c01d755ea66dd1345f189b0
SHA5124467c8b6d154d85b1df8ca993f49697537590fb6e8240743b39f92ce7193d0d201cb28b27c0a443b789e5deb2ae1187add05dba4a3638d46a6cd5325d9e67080
-
Filesize
3KB
MD5efa9078fcec5c2693507dcf10734244a
SHA10f009ebdc8730080af933375d0f7d3b554873118
SHA2566897545d85e27483dac0dfcc7e015260938d7eb712afa48fc7e648eef7f84965
SHA512211a81aafbf378eb304246c2b502a5e9b88a84e533295dde1edfa6205c9d3ad241126ecd79d670d1b8c04c015cc6a92b7acb380ec2a2b073d9471ae96198a8aa
-
Filesize
264KB
MD59e459abd145b8e9fc0350de763561d9c
SHA1d3fd7bc578f4cc8c45e662203c2dfc9eac201a3f
SHA256447ab1ba92eadbc4d1300816ee05875975320096130de417a4bc7ef8fb2f0d73
SHA512bd0626f3eb708a5b3382f99254684a0dc6372f07948b7bc73a18e340937291cfaa7c1af42b331dc9066b11331877d2179f13a530adf66ebf7ec5777e6eb8837f
-
Filesize
9KB
MD514ad35c21bdde18f9e867cee73194efc
SHA1f16f01590c743c255590a9d871dd81b5a9ae7120
SHA2564f5e41ddc395b56c54eb888b6dd6dd856958196f06f3d4032b520b3c570e2dfd
SHA5125cdc8930061e6808e2f55376b64f6304fc4738cee6a64511f5cb304bac854c41e0e49c20d87efee611e5b1e0ce1afb306e10da372dc8cd90aca2cace60616577
-
Filesize
12KB
MD58aba87e2cb7ec0540e27fbaa7088585c
SHA1b320555e7730ddd34674f5d75982e652d49eeb66
SHA2567b6ed45462831270660d055b2b5419da9dc2e50b351a360fec322fa094f96e13
SHA5124397bafdfb873c8215e881738ee4ac2bcfbbfd05f8dec25c354c7c7f0cb7afe2131b1009bbe3270c836e9263d6b544613a803ab1ec4c3b988732dbf775d9cf05
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
858B
MD556833925bf9f77c7ae99b1c26edc1361
SHA10f31de0977c94451ea6813038a96c45fd28b5020
SHA256facf7db878fed19e2e895a22b9618fec523e6688caa9aa3893487d8f1d9d41a9
SHA5123f5c89ac9a152764b613c938747325f6c1640308d50ac5011c1bea30b36c150fa28d7c58957bde10081eb3277041df433b9d24e8705d55b1d94626431194cf9d
-
Filesize
1KB
MD553a6e0f336a245708c916f226ef5efa3
SHA11b74a2ae5c83dd4748c5cf3ab298bf7083fb68a2
SHA2560e4c506a4b12712fca4521e0009baf42917fd9c9699eddbe00efa4e3f8741985
SHA5128c286428ccb068a1f9c68475cd2bbe8499639f1dad0df0bd2bd4be33e7e8a9f52460a0281c1c0abe322fd3b2f6fd537eb24c9de22bac09ec3710cfb60d45966c
-
Filesize
1KB
MD5e246c0e1c3a3bd70b00fa79e2b8b8e16
SHA1e47dba2239b7923b23cf82315cbe199161e461a7
SHA25605f0ea6b76c9dfd62924c3e83db2b58cac15954c89142c00970050453dbcb3b2
SHA512a542c6d1c8e4c26d0468835f3882031de605af19f07e30d71770f59a04d1db4d861bf60302bea067c59fca51ace412f9008438c5657be6f9ce32afc32874ab3c
-
Filesize
356B
MD5f9a14df76e861e52de22ec732ee6355f
SHA12f1ec72abed12961bbb582682b911f4c99e15645
SHA25675f82b5ca36018f830061fa41507815af17dd0d74f32ef43c3b112fb8cb6bf3a
SHA512da98633a901be5cc5784b14220693b6c085619b628964a392af965bf8dcbd28286a35d1278ff2d57167b0eac3842941679743e6281c4bd18477656d0da732a07
-
Filesize
1KB
MD58828f4b9fcfeca09d94c9c6e8c2a4e3c
SHA1b4f4fb8caf19f8683c6d0a4c875a13b95458e93d
SHA256a4ea34d4e1d8eaab409be7392661a6c7b67c86c61fd4328adb85662fd53c2ebc
SHA512ded79dc2daf6fbe5f46e21eac6e91f0b9bbdbcca4a61146a1bbc12898a62ac84fa1fa9d3cc03e2e228b607253f31d8be1b4d46c3e7ca6449a0a4ec12321aaf75
-
Filesize
1KB
MD5e1b839eae722f1308b4bb0a08611d260
SHA1c99bbd5c2223a4aa4582cf1a8ca2357b7fac4bdd
SHA256f1516bbed92b86db1bedcc0acfcd94219d20008275d70e72d5f40c7e03f4697d
SHA51263045b4c7d820b9ebabbb720136f71082c17eb56f2cb9976aca18cb8bacacfee8f6a2a6fae944605fbb4abd8bf972f269c3ac29d3371b2f3fb98a89259128c3d
-
Filesize
9KB
MD51fb760f727d76d28fa6ba313a400c2ba
SHA11fc991a3c84204c36d493faeb63194fa0eafd68d
SHA2565850984f8f1d6753d77be3fc821008b3fdb0e16769c7d54a987397b9e75e71b2
SHA51294836b3e056d1953af11564cea460585d9cbd2b712f343c89c5a11238caafd61a5423d29d8ff801e6c1a527c863131a796c374347d2b2f6b345a30a2ab1abeb9
-
Filesize
9KB
MD5442ed19cd954cd27e7864a1a51f80314
SHA1fb0b7bb5ad15e2868c9a59e50c1f76c917a4f536
SHA25607c45d508afa5c8629effbc482caac105c4cff3b24cb3940ef9c6a13b7e12d10
SHA512401aa39c8d2e84ae6063b63837e3a700796c595b760efab88f6156ae4d09b40b327196feeeace06f7a73f4c6dc0f5c06aa4972f0fcf618b5842f2277bd487db8
-
Filesize
9KB
MD5a5fe36fc38ab45d2363c03558c3da019
SHA1959dbbe9dcc3ab3626e6193c757f53af22dac10f
SHA256c4723168b5870879e5883778e4c1a67148c787c1744e2a6d571f9e0a22987818
SHA51233f8c7c3d976ae269b5f485079ce1d0633cf2ab0e8c0b930f806133e594c068e14deebcb33ef7d0348947a8ce30d6dac38aa8e5afcbd7c6d8de353f97eefb1a0
-
Filesize
10KB
MD5a3f5cad5f68ee8b04110bda5d7f24382
SHA11af5ed637b244c19c18185e1d6286b256e2cb586
SHA256cd2900aee4f6d2f10ebc3bc1483cf70db20c30e9efa7dd0234c8f7bd466618f2
SHA512193d3455541bfaf8a8660049247c06c8b586a6cd838789f49e6b2fa8604caa6eb786a7b2e69de0c75e4175a9da65a8dc4c14a30a0a5ab6907cf217355f4448cb
-
Filesize
10KB
MD538272b3bae7de98af816010c7f1ea82c
SHA155e8500f527400fbf9d4b0d9739ceec9819dce83
SHA25647f6dd15eedbc97e424851ab8c7c60e0124bd93ece6f58b44ecd24e5e32e2d35
SHA5126610ad778d50aba494b1347b63ae55db987d266694198d86006f76c212a7a18dfe6df42eead3ca994fc4da7f20062d80a4cbaf29c5a3e16fefd06890993ac43e
-
Filesize
10KB
MD528208e143bd69f117f0ca4414cfc57dd
SHA1a470217286187d686a740d8a71ad72b11d1630b6
SHA256a5a6f9d56cf94ce568bbe809387957727e24f9498096749c8e60443ac9884b28
SHA512876ac020d75b9871b0890d0fa40d1b77b647c5515e395664fa93a682b51bc6374fd8b696a4ec12df849973277cc666c8bbd8e6a9f31690e9aab387e25fc06235
-
Filesize
9KB
MD56b6a662d6212248610504f8057a59071
SHA16d949798001f0512c2aa65836062627d580be108
SHA256daf0f6a8ae82a14e3d86e2c21ee1c1b93102916e5c05bbb3263a4d6643b7bd6a
SHA512fa64c9ffe53af65954ed83e56692c551157797bcbb70ff7e2ddb58a020919d1528106f4bb624446b1bb18d2b173965787a83ef6b9fb3337d3edf641b8eb09f27
-
Filesize
195KB
MD5df4273ff226d564a82b69ac0d8d31ae4
SHA166e345096f925b1dc8205bcb92a9a53ff3abafe1
SHA2562cf0f6c1070d0900ba23fd68d4f2b54c61c18de4f5a3b101a0ffa6d11a9d0823
SHA512f402a1fd7b3c73d1e6f332477dc7cad87ce0772d5652db536f8f34e70a527c3b22b50dc21b2d2b80caa6eb6eb2265f9807c6b1a091349a79f03805f5788db134
-
Filesize
195KB
MD506db13fc19221994d396925ee0f10db2
SHA1c8ccc75fa07880327c36266bd3cd62087dd80010
SHA2560a3d73a717aecd5896831ca5357f18fa557a23eab11e26812e85c407f0068733
SHA51239afbfc334aecc338601392bc78892656ebd99c9908fb4729ffc13fc368d02c4d5ceda89a2adee00df9bf5536186fea924afaede92f1d13e1ca8f83344592edf
-
Filesize
195KB
MD5ed1b24e428a622dd0c6d9aa8fad000d4
SHA18e2db21cc237258273b63558a73d6735b7971716
SHA256aa4514fe3705e734e059d616458d3fe33b89762b820ea87bab4743d630ce9cc1
SHA51253a6c08bd4fc798d1d0a59f2c29c23faf41ce98b4bebc948757d6e918ca80eed3acee4cdf3049552d3b61298e714436f46c5c8e8377c53883621e66512143fbf
-
Filesize
195KB
MD5dca18b7cf712e81e3e9711e157d52f11
SHA1b52bc8af18ce5f375e1285c1c4ed9672c74ed4a6
SHA25633d9d5b99064439bd9242fdff58440f5bdb972feaa6ed22ddc5e4acb4c236515
SHA51263c3733dbfef6732df155b9232d222c810b53d371db0aa10dc023137c79c6d6b7a601add06e0a98230d70cd4b8fc4bca2e574d08610cca81d81456190d4ae8b6
-
Filesize
195KB
MD54cfa0457e2d846133ad070423f2c3844
SHA123c49ac5c3c2a3353ac4289461756a4a036292b6
SHA25640c5ce37bd35f73979ea62ffe3d20aafc685c63cfe1e25afa4779fd5a78f1d0d
SHA5123fd53f921c16bc72db55e03125040a0214993b4012896045218defe2f73b6ef4a9fa0f707908dbc3f59a39329f83422babf5060ff70410fa1006412fd4744a6d