e021d7bd72ee0af1386d291ce54d17ee7d8d6bed2ddb0c823e2a40a8be21fd70

Analysis

max time kernel
213s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 20:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Downloads.zip
Size

229KB
MD5

3ac91d1af55fb3f7f176fc5a43ad1a67
SHA1

001cab57e3e6957329129fdc06c3ad01a2e93da2
SHA256

e021d7bd72ee0af1386d291ce54d17ee7d8d6bed2ddb0c823e2a40a8be21fd70
SHA512

6fee4fe9bb109959faafb1ce57ce17306e89257fbb4720714711a6f13c115df9ea9ae59cdcbf39ec4882f98b195a6b64e529b41d914aadc91fd95f48fb4d51b0
SSDEEP

6144:QXKwwcojN1BYzPqxk+p8r6ezadO46bDE5iy41p:QXfIjjBYzPWk+poaC85ij3

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687446011469607"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 55 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000f88c8568d7e4da01da17dfebdee4da01c87ae1ebdee4da0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
732	chrome.exe
732	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2384	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe
Token: SeShutdownPrivilege	732	chrome.exe
Token: SeCreatePagefilePrivilege	732	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe
732	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2384	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 732 wrote to memory of 5060	732	chrome.exe	91
PID 732 wrote to memory of 5060	732	chrome.exe	91
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2828	732	chrome.exe	93
PID 732 wrote to memory of 2076	732	chrome.exe	94
PID 732 wrote to memory of 2076	732	chrome.exe	94
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95
PID 732 wrote to memory of 3616	732	chrome.exe	95

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Downloads.zip
1⤵
PID:2212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa0fbccc40,0x7ffa0fbccc4c,0x7ffa0fbccc58
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,14023272719759617994,17838504682154837,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2016,i,14023272719759617994,17838504682154837,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,14023272719759617994,17838504682154837,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,14023272719759617994,17838504682154837,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,14023272719759617994,17838504682154837,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3672,i,14023272719759617994,17838504682154837,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4392,i,14023272719759617994,17838504682154837,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,14023272719759617994,17838504682154837,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5424,i,14023272719759617994,17838504682154837,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3264,i,14023272719759617994,17838504682154837,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4008 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3288,i,14023272719759617994,17838504682154837,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5080

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3504

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\12edb15b-4024-40e2-bdce-26c592e15bb9.tmp

Filesize
201KB

MD5
d6bdaac4583340c82af2d74f56057e65

SHA1
7dba0b1175048f3abff79ead660f809c955e33b3

SHA256
569755c916a17ae49ff5ae26c6695e49030a1f3c6daff9f5f5a51b671567d75e

SHA512
5b607ad56b9cf4fb84729363d3bd8d1c8df659900f4673d084b8a88c3051f821cd46491aedbe6566e6676a98846c7eb6c9a4cc503374c5ebbd1794abe840ceb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\27317c56-a563-46c8-afc6-78237e95d1e4.tmp

Filesize
201KB

MD5
d2c1e8f4d36dca5c29de9faec6dd6d0d

SHA1
7318d7b711184e91be61f353d4945092339f1833

SHA256
40c154eaf0a5d531f1a097b0e772f09ca4b35db5d84e2e89ed1cf268c1f2406e

SHA512
3ffd138ed6922ccbb177f709bf20d02cb4a4de7bbfdbbd9d66e9e438bf537f0497dc81cc63cb6a90718b3b32b39809100a866a76b9b3c9f4d69bbd2727330839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3299e6630d69870b00199499c8b926eb

SHA1
71df7438bd33652ce60bf3e0a788d2d0802ed7b9

SHA256
f9fc78333aee2839782b11428f4de271f63cbdcfc980bf80221b34058375346c

SHA512
9baff7ec1c67cddb6a6f249dea0109a891fd88f46c6ed59de9ea2cceb11f4a903dead07ef577fe0953a36c9d6d509dd57427bd254edac3c9e64cdc3d60dbd502

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b2b0a3bcc4d8939ddb21dc7a12bcdae3

SHA1
1080a5e8b033106527e8898792d81f5655f459eb

SHA256
63b20c2e7558b6562e428c248ad326903d2982a4c35e6fa763a88de6aa994d22

SHA512
4fffe7356763e3dae06f37cc82d2861968535ab4f08a65e0797fe0ab178d3e7d924129ad9f358fa0357c5ba6b111591042af8c8a9da266bb166e624a3d03a9dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
aebb83ef8d853bb40f0640d2f01c2b75

SHA1
2fc967760e5c9efa151e1d3be9215fb75eecd103

SHA256
f1a1e9c78e9e759ca70221b7564340168400ef37e67008d8394dea80de8986e6

SHA512
37fa689658ebf82691cc250442e96c92a4338c9c00c9a4b1a0f7f0b7200c94e543464c0da8d5ce1139a5e88d4c5d3156883bc949a98d0d604f785777e0080bb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
afbb6be42c4dbfdd8f12f5ba3bcf8209

SHA1
76934d1cf3621de9ae05716dd551d387d52cfe3e

SHA256
24a8253ba6816b39093bb40c0fd3f528c7749260c523b97a41049dfff735c33b

SHA512
4d370ab0c2340a6f19d89754f3bef42ff56fc0eefc413b68d17b620058c3dc4874b2d8fa5295545f7670317247b665ab26bdbdbbc592c57be86ea320a04eadc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7b4a4f4ce23f1426aa7496de4598b6f3

SHA1
6cb73b6ee4eea33d92f7c75f2b3feeb7956989bc

SHA256
9a83106e6768780ff74265b147f4971fb64a8c922d07eb432c7ffe80f4b8c0d3

SHA512
8025954b88f38917eb78505b6e8b8ac3a11b2a948ac72eb5b2a77d502bbf3633c55d38532c16ec491937a125e6b4403819da2d3fc5140ed6b5d8fdae04b0566f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
abd34db426843b703219d54c82a5b03e

SHA1
7ffcc5a50049c0de7764e7962bce2f7407491403

SHA256
4f306f6c4702814575ecda0f73d93913eccddb379a2b3322e6de787b3264c110

SHA512
092f72e7e6aceda8097e2f7665be7e0e321a5bcfca31defc372eb18475e24ba3a2b724ac68c9523ca757130ff16979b88261a43ef4672ce7f3dca5b89b14e912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ec3529a1dd5c7da3193dca44436a70e5

SHA1
ac25db70c7b92c96fd2df730f54a8f7cd7416f30

SHA256
8679ae090d02cef6e7cecbc3da2ad98bed8955321d7d9e1a51e297e9e597040b

SHA512
9f7a53573f7a9516f583c6c774f3b4b8b318690657d50fb228c7b1d783ab21669d1e5fb561a3d05bbcfdcd9b8a40329300f48c9ddfe8bb7ccc1a1d0babfadff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bfb3f53b162474e75990b598fe766224

SHA1
07daa4a8efcf9d28d5d0c97e8c20a4edd738ae7e

SHA256
79fa1b110a2dee914ff6c9143a5e77e78e54e56116ea9381b0b4766fbf28310f

SHA512
e4986f5c487804617f35cd925a83492d9a5ab6ce15926d6c27c561064801ffc67542dea6a36a2febc7378275e8edf7e3b5e137742620053dd3a4af8fddbdd0be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d1590c37c9694563a9625fbc37ca09d1

SHA1
6f1e93d11e5505ad2ce4b55162d393c401832c8c

SHA256
ab61df4ad1378b618764a7e16ebce9ab69717dbd2e99a3e8ba688c720eb29bc7

SHA512
4d95c646ea40a9a69716abc2a5e94dd8c04249fa5a8b1f4679c6d21484a98e7cabe5359e2b02850338d31209daa3381fec052e45ef1e5b5aadeb4ba5f2929702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6e95961b5176be2ead5047540d0cfcf0

SHA1
c49e36fcfa4a281ee70421604bb6183af7853adf

SHA256
15124f9e6b3b8b169259ad2b0180ac684e1c7b3891c3fde391b6a4cace0603f3

SHA512
58ece4d1404ccef128987e3c5e3120610dda92ccccf26b94435dc95d6662ab1a87a5ca7fc12651b2ed3ca11e2de822cf4a991f4630b0936644cb4a2d5717649f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c2350cb9917e404f6fa45487f46a721

SHA1
1548feb0666ced6363f1a39eb77a800cd5a788af

SHA256
b8159ff0e2ae33979e8f838075ba18d5baa87567001215b832515101544f28e5

SHA512
4d2e3be1977fd32998010e9334ed97010c3273eca58a091d45f5422b2659434b2fb2b861a8499eba46032137fe124775274c3f9ccdad29fbab1ef79e98a3ed43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a618496a1770822bc0a658b7e90a2585

SHA1
51be229e83e1455e451d55e1c508f47397632ffa

SHA256
31df541ca9494d7e5c1a206b433ac609a15d1bb8010e6cebad968ce2584a836d

SHA512
425477eaf6c720218a26ab0562953e19811f60673d671ba135ad30dd01f9312fb48218ff4cae4f098d3ed736be9a4faef3f218a69c07d20f38ecd077e16879e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8eed9ef7aa14d27d6deb13ae7334c0b5

SHA1
29d9b42e8fd4b38474f6484307b3e928147f6c61

SHA256
88d5d045ed296d015c8cd919acbf9da78aec6e20d341feb3a148cdb4e5291e0a

SHA512
3456bc3c42c76c0e57caf24ac9f9b46593cd38231fb08862322ff865a958e2b8ba6c53c0c69959baa570d255bc1d40b9da4ffbb933ed1b3e90b363b62fce16ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
77ff73cd594fd9260c956bb80b08d195

SHA1
3c2e46823edda52e158f4c1f24f9dcf875afb2f3

SHA256
347f7263abfbfff2b60f82589629ee7de094d1a6b840f69dfc179ebf2fed027f

SHA512
3712e7a05dc357f9d19733e93e79f497c7a7e42ee53fcac44af0f3e82c20fd7f05271ec536b694f24b6213649554e9bd8b27be0235968c4536d707ea2841b6f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ef0c09fae695f42404fbc542371018e1

SHA1
6685a634e8e81c91f8dc2d229868c366052a2351

SHA256
5dd46702ef874b5426a749b5989856236cefee12fe0216067943b4832e442b81

SHA512
81b4da25cd68450318380db55c8d6b7f92e9c174ccd17f1e13ae7554dcc0fd7d02c02dc75b8a756e47ec1001365763134852395a901ba71109c9fac43550f792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5dca32e2c405160464eace8019337071

SHA1
aaf01a478af524b3cbe7f0f47cccb79160b32463

SHA256
4dbe47e9991bb701d322b2e92bdb0ca3e436490875044cd6e6eecb7e18bcd4f6

SHA512
f9dfc2880ab8f4f2a9165be4ade157d45e3684e78eced22ee2b46eb269d2cfc6410ba08683fbe5ec7cb8e4e7a33d6e1a574b91d2a4126e04fca73cb00a6b8e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f14d5e51-a659-427f-9226-c160f8f1f24f.tmp

Filesize
10KB

MD5
95de913338f034df64d07fdf6da6cca1

SHA1
b4d5ac8cb523c271194f535200162142bb6464b1

SHA256
58413015a8596a4fafe71d4ce3cdb3076d6bd939d1178b5df2463cdeb5dd81ec

SHA512
b1a838467c7a25d6c0cbccda6a4e26305d4bfa9922a0b4882a0235b478175b73c8b278c2e821c14ad5933a6345a66183a4cc00bb97ac95f83e5adb9789fc69c1

Download Submit