Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
5Static
static
3Microsoft....re.dll
windows7-x64
1Microsoft....re.dll
windows10-2004-x64
1Microsoft....ms.dll
windows7-x64
1Microsoft....ms.dll
windows10-2004-x64
1Microsoft....pf.dll
windows7-x64
1Microsoft....pf.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows7-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1Zorara.dll
windows7-x64
5Zorara.dll
windows10-2004-x64
5ZoraraUI.exe
windows7-x64
1ZoraraUI.exe
windows10-2004-x64
1ZoraraUI.exe
windows7-x64
1ZoraraUI.exe
windows10-2004-x64
5ZoraraUI.e...re.dll
windows7-x64
1ZoraraUI.e...re.dll
windows10-2004-x64
1ZoraraUI.e...pet.js
windows7-x64
3ZoraraUI.e...pet.js
windows10-2004-x64
3bin/Monaco/index.html
windows7-x64
3bin/Monaco/index.html
windows10-2004-x64
5bin/Monaco...ain.js
windows7-x64
3bin/Monaco...ain.js
windows10-2004-x64
3bin/Monaco...bat.js
windows7-x64
3bin/Monaco...bat.js
windows10-2004-x64
3bin/Monaco...fee.js
windows7-x64
3bin/Monaco...fee.js
windows10-2004-x64
3bin/Monaco...cpp.js
windows7-x64
3bin/Monaco...cpp.js
windows10-2004-x64
3bin/Monaco...arp.js
windows7-x64
3bin/Monaco...arp.js
windows10-2004-x64
3bin/Monaco...csp.js
windows7-x64
3bin/Monaco...csp.js
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04/09/2024, 21:41
Static task
static1
Behavioral task
behavioral1
Sample
Microsoft.Web.WebView2.Core.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
Microsoft.Web.WebView2.Core.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Microsoft.Web.WebView2.WinForms.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
Microsoft.Web.WebView2.WinForms.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Microsoft.Web.WebView2.Wpf.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
Microsoft.Web.WebView2.Wpf.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Newtonsoft.Json.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Zorara.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral10
Sample
Zorara.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
ZoraraUI.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
ZoraraUI.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
ZoraraUI.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
ZoraraUI.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
ZoraraUI.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
ZoraraUI.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
ZoraraUI.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.54/adblock_snippet.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral18
Sample
ZoraraUI.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.54/adblock_snippet.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
bin/Monaco/index.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
bin/Monaco/index.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
bin/Monaco/vs/base/worker/workerMain.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
bin/Monaco/vs/base/worker/workerMain.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
bin/Monaco/vs/basic-languages/bat/bat.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
bin/Monaco/vs/basic-languages/bat/bat.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
bin/Monaco/vs/basic-languages/coffee/coffee.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
bin/Monaco/vs/basic-languages/coffee/coffee.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
bin/Monaco/vs/basic-languages/cpp/cpp.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral28
Sample
bin/Monaco/vs/basic-languages/cpp/cpp.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
bin/Monaco/vs/basic-languages/csharp/csharp.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
bin/Monaco/vs/basic-languages/csharp/csharp.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
bin/Monaco/vs/basic-languages/csp/csp.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral32
Sample
bin/Monaco/vs/basic-languages/csp/csp.js
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
bin/Monaco/index.html
-
Size
10KB
-
MD5
5f200b725ef76b473cecbb5d452d849b
-
SHA1
6f42fc7a947a489f7d74370efce6bca7c7cf7240
-
SHA256
fd084fc0daecfef0a6f6b89b4e1ad542e508c0003f2debf07aa3eeb725ccb6c8
-
SHA512
fc350662fdf0e9d36cc842cbde94e035c0c51874993292543595a5b104112fd600a17d37e30a0d625fde6d338cbec05545e830b161b69e5e74c3244bc436a4d8
-
SSDEEP
192:yC5GCW9bvbQ3QJW5MDQiVKLkcmc/VT+9taAc4dReigX2:LGCW91k5MciVQ2
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699597942343307" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4120 chrome.exe 4120 chrome.exe 3144 chrome.exe 3144 chrome.exe 3144 chrome.exe 3144 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4120 chrome.exe 4120 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4120 wrote to memory of 4484 4120 chrome.exe 84 PID 4120 wrote to memory of 4484 4120 chrome.exe 84 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 4760 4120 chrome.exe 85 PID 4120 wrote to memory of 3200 4120 chrome.exe 86 PID 4120 wrote to memory of 3200 4120 chrome.exe 86 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87 PID 4120 wrote to memory of 4524 4120 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\bin\Monaco\index.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffab9b7cc40,0x7ffab9b7cc4c,0x7ffab9b7cc582⤵PID:4484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,2241870105721233788,12392817790398402263,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:22⤵PID:4760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,2241870105721233788,12392817790398402263,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2436 /prefetch:32⤵PID:3200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2120,i,2241870105721233788,12392817790398402263,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2552 /prefetch:82⤵PID:4524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,2241870105721233788,12392817790398402263,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:12⤵PID:4332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,2241870105721233788,12392817790398402263,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3404 /prefetch:12⤵PID:2084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4484,i,2241870105721233788,12392817790398402263,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4640 /prefetch:82⤵PID:4652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=208,i,2241870105721233788,12392817790398402263,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:82⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:3144
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1860
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1240
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5a4dad48a29c39565a7884ad760bdae7b
SHA1f2b7e64c9b17d8716cce72ce541a7a6bc328016f
SHA2568d8fd033d6b7383788e5e9db95fe2a0287a345273ed425eb39b103f30951ccdc
SHA512796646ca76d2f417821433aafb5e414509b68824fd9115da0fa52e69a77f302d8519815d2e1f510420868fcdc7c079b3661e4c21972e5e2e947538c36656b474
-
Filesize
962B
MD54ad0e1a9302b95b19fe42e53cb413e62
SHA106aa324cbb5a96927aafbaf1da4678a1f95053ce
SHA256cb20dd2ed77260e6f09c55b45e5dfea283a0aec08f2d6550f9db68713a33dd81
SHA512a52da8ee21c6b03a4d3c9f5f3417d0310f2e756cbd7904d1ca2b967aa02b20a1d2c3d0537d83f3e117880ec72d8c917d0b992d732b44093ca1ac45fc0f527cd4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c7b59fd8-54b7-462a-aa64-b6466b0aaf58.tmp
Filesize2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD565c5d65424c22a6745be53b344a9169d
SHA1ecc26a30e0ecb06a35bee2e1f3b886e8bbc85ed7
SHA2566d1c0fd0ddfd711eb5d110494caccdd14e127fca46c8248fd7161355f761ac79
SHA512a71a78a5a06e59cbda829ac12bfc43c7efbaab63a09116df8a491bc0cf4b1aba7e9f6bd16e0b2788d77bc639ca1087da816049849f4fad586a3fe4bb24b5e84c
-
Filesize
9KB
MD5455a6c122c1c3a9f11cfc3e71aec3cab
SHA17641ede5371661a459cb4ec43aca6ea6f4654c01
SHA256fdb70708fe95cbd6af097db399d473d27c3e810284b693555b9d5a5569f7a369
SHA512f23e2c3c9ef73847a6c340dd3e96c9bb71418676a3d4ae28188e3b35da65b7f77be1de9d23a95f7bd9d876b23d61c433f2cd165692fe4d9c4cbfce22ae27c865
-
Filesize
9KB
MD5a46e33f5eddfa78f7a5697e1cbd20d9e
SHA185a0c9841009df50d9f8a09d87c37c57ba462ffa
SHA256f5d2cfce21106714ebe5013fa26e42adf923dce1b8f13c76b442ccd4d42d821d
SHA51210e92c3e3f307740bc5f9eb63a875e4ae0ceac7415af5ddcfb9cffcac656cd092ca1b0fc27a11ef9f230ed1515ffede108e9d564539f84dd19400e937efb1a86
-
Filesize
9KB
MD520c64f7d274128dfa79ca7c2f157b151
SHA1811f937e2081ad3a14a3ed4f3bd563390f64e759
SHA256c76c7f4d8aeb44ab5b5a49bb95f75e49c43b932bf83e0b68fbe4d730b7e5f845
SHA512411e0915b8bf6c85749dad74e0e93e10f26e70d80e5b30d787802b9697042f22a2a5410377167b0bffeaeae93c510796b30722aed07c40bd8e8f23cc8a3445ff
-
Filesize
9KB
MD550a2e23d16545579424970a3fab35d09
SHA1fca222713e36f626c930a5d1ff8377f038b59f15
SHA256ece1080ff08f389242d202b7c033fa5ec38417f149acd7b45f4e88dff7376ac7
SHA512c506034f9d6135fc31fc3a5f4f26adf48a45bf98d58610ce36cab8f375a12d0342955b0dd61542c05756c934a3e3346a9edbab2c319a204bc33425114c3fdc60
-
Filesize
9KB
MD592497b4c23ccdfb9a9e66cc3a4a046c7
SHA1c3f0f2b6bed73c039305f7c0485e2c8c209b4976
SHA256b7b805bbae4f72f1cb6c962e8ab11a87a73960cc691c1c5aac1a456f759d2ba1
SHA512c07393569338e673401d279e3665272f924db26f98849bc3cf545957b2c69b58200dee19297d91a689302c967bbca7ccf7b6592f125f4b4e0d5901b17f8db985
-
Filesize
9KB
MD546a77c68fea50c141e9e8ee0c9c2498b
SHA1e405edb9668a5d5db87d49b7eb8c2e3f405e4902
SHA256f5dfb54b8a492f61f05d60f75932811ff45b8f722f33fa69a4cdb21a5a5ba23d
SHA512d78d982d91d6b29a93bc8a9ef4eaf9c434c992c8c02f705ebd603d3f8022c3f9ccafdf8b6a63e2f4854ac3f65aa65de0b15b5f77b5f3945726d69d0b6cf7e031
-
Filesize
9KB
MD50ab8b21e464e14960f7a9ffce0285347
SHA11e2e3dde4f4aa557b351d80050b0ed6bf793c09c
SHA256463b504c4df1b5c36f93a451fa222cb49b711207204e58e0e32b278409366690
SHA512c75cb8a4b4023814b720818da3312ba3f818d9b39dfee57183580b0fc81c5d3b2b2a2471ff78846cff57c5537d0531c5aad781fce5aff5d3ec1869afac02fc8f
-
Filesize
99KB
MD5f4886868ab5d7c7897026ae5e4dec21a
SHA1fc04a4b3319ec2388e9cb64f6ba5fce51efcd36d
SHA256a0f57e5af813651a5d4da08117b1aa868a5abc09c3d207ff2de7e3eee8b07c42
SHA512f076611f88282adb01f2dab83dbbf181aa30f135068d4da452c3d70265c9194ec292b24d700efbcdc528b24deb5fef8dac920804a7695ebc224782fc78464097
-
Filesize
99KB
MD5b4f89e1bd38549cfcb50d9bd9b808194
SHA1cac935bdb2f661fdc15e21d656bba3491ec28706
SHA256c765d4e56a7b90389ecd1867f73e5e501b43a49d3fdc4145e9bd5b78187a9b58
SHA5122b82246126e568bd283cc7b3f74cacf796c4b6eb0fe04dacb96de89c936e0c8f29db8689a86c91a70e257327368367c29b54082778c4f0a6371304ac105f5abd