hxxps://hhhso-my[.]sharepoint[.]com/[:]i[:]/g/personal/lut_vanautgaerden_hhscholen_be/Ee-o7xzLweFEpLYvoCtHnGABbgJrUC5PB6jaKo8yE--HeQ?e=VFpP6a

Resubmissions

06/09/2024, 18:29 UTC

240906-w416rasapd 6

06/09/2024, 18:19 UTC

240906-wx7pys1dpl 6

Analysis

max time kernel
197s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 18:19 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hhhso-my.sharepoint.com/:i:/g/personal/lut_vanautgaerden_hhscholen_be/Ee-o7xzLweFEpLYvoCtHnGABbgJrUC5PB6jaKo8yE--HeQ?e=VFpP6a

Score

6^/10

discovery

Malware Config

Signatures

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133701203780454759"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
460	chrome.exe
460	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe
3332	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe
Token: SeShutdownPrivilege	460	chrome.exe
Token: SeCreatePagefilePrivilege	460	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe
460	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 460 wrote to memory of 2172	460	chrome.exe	83
PID 460 wrote to memory of 2172	460	chrome.exe	83
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 1920	460	chrome.exe	84
PID 460 wrote to memory of 4724	460	chrome.exe	85
PID 460 wrote to memory of 4724	460	chrome.exe	85
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86
PID 460 wrote to memory of 1552	460	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hhhso-my.sharepoint.com/:i:/g/personal/lut_vanautgaerden_hhscholen_be/Ee-o7xzLweFEpLYvoCtHnGABbgJrUC5PB6jaKo8yE--HeQ?e=VFpP6a
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ffb70f6cc40,0x7ffb70f6cc4c,0x7ffb70f6cc58
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,18434774145306448845,1645019077036189814,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,18434774145306448845,1645019077036189814,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,18434774145306448845,1645019077036189814,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2288 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,18434774145306448845,1645019077036189814,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,18434774145306448845,1645019077036189814,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,18434774145306448845,1645019077036189814,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5012,i,18434774145306448845,1645019077036189814,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3348,i,18434774145306448845,1645019077036189814,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4848,i,18434774145306448845,1645019077036189814,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3332

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1244

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

hhhso-my.sharepoint.com

chrome.exe

Remote address:

8.8.8.8:53

Request

hhhso-my.sharepoint.com

IN A

Response

hhhso-my.sharepoint.com

IN CNAME

hhhso.sharepoint.com

hhhso.sharepoint.com

IN CNAME

8510-ipv4v6e.clump.dprodmgd104.aa-rt.sharepoint.com

8510-ipv4v6e.clump.dprodmgd104.aa-rt.sharepoint.com

IN CNAME

190186-ipv4v6e.farm.dprodmgd104.aa-rt.sharepoint.com

190186-ipv4v6e.farm.dprodmgd104.aa-rt.sharepoint.com

IN CNAME

190186-ipv4v6w.farm.dprodmgd104.sharepointonline.com.akadns.net

190186-ipv4v6w.farm.dprodmgd104.sharepointonline.com.akadns.net

IN CNAME

svc.ha-spo.office.com

svc.ha-spo.office.com

IN CNAME

mira-ssc.tm-4.office.com

mira-ssc.tm-4.office.com

IN A

52.107.242.37

mira-ssc.tm-4.office.com

IN A

52.107.242.12

mira-ssc.tm-4.office.com

IN A

52.107.242.35

mira-ssc.tm-4.office.com

IN A

52.107.242.39

mira-ssc.tm-4.office.com

IN A

52.107.242.101

mira-ssc.tm-4.office.com

IN A

52.107.242.34

mira-ssc.tm-4.office.com

IN A

52.107.242.69

mira-ssc.tm-4.office.com

IN A

52.107.242.78
DNS

hhhso-my.sharepoint.com

chrome.exe

Remote address:

8.8.8.8:53

Request

hhhso-my.sharepoint.com

IN A
DNS

hhhso-my.sharepoint.com

chrome.exe

Remote address:

8.8.8.8:53

Request

hhhso-my.sharepoint.com

IN A
DNS

hhhso-my.sharepoint.com

chrome.exe

Remote address:

8.8.8.8:53

Request

hhhso-my.sharepoint.com

IN A
DNS

hhhso-my.sharepoint.com

chrome.exe

Remote address:

8.8.8.8:53

Request

hhhso-my.sharepoint.com

IN A
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

95.27.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.27.250.142.in-addr.arpa

IN PTR

Response

95.27.250.142.in-addr.arpa

IN PTR

ra-in-f951e100net
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR

Response
GET

https://hhhso-my.sharepoint.com/:i:/g/personal/lut_vanautgaerden_hhscholen_be/Ee-o7xzLweFEpLYvoCtHnGABbgJrUC5PB6jaKo8yE--HeQ?e=VFpP6a

chrome.exe

Remote address:

52.107.242.37:443

Request

GET /:i:/g/personal/lut_vanautgaerden_hhscholen_be/Ee-o7xzLweFEpLYvoCtHnGABbgJrUC5PB6jaKo8yE--HeQ?e=VFpP6a HTTP/2.0
host: hhhso-my.sharepoint.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR
DNS

37.242.107.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.242.107.52.in-addr.arpa

IN PTR
DNS

37.242.107.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.242.107.52.in-addr.arpa

IN PTR
DNS

37.242.107.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.242.107.52.in-addr.arpa

IN PTR
DNS

37.242.107.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.242.107.52.in-addr.arpa

IN PTR
DNS

37.242.107.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.242.107.52.in-addr.arpa

IN PTR
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

Response
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

52.107.242.37:443

hhhso-my.sharepoint.com

tls

chrome.exe

7.0kB
4.6kB
24
8
52.107.242.37:443

https://hhhso-my.sharepoint.com/:i:/g/personal/lut_vanautgaerden_hhscholen_be/Ee-o7xzLweFEpLYvoCtHnGABbgJrUC5PB6jaKo8yE--HeQ?e=VFpP6a

tls, http2

chrome.exe

11.8kB
4.6kB
25
8

HTTP Request

GET https://hhhso-my.sharepoint.com/:i:/g/personal/lut_vanautgaerden_hhscholen_be/Ee-o7xzLweFEpLYvoCtHnGABbgJrUC5PB6jaKo8yE--HeQ?e=VFpP6a
52.107.242.37:443

hhhso-my.sharepoint.com

chrome.exe

260 B
5
52.107.242.12:443

hhhso-my.sharepoint.com

chrome.exe

260 B
5
52.107.242.35:443

hhhso-my.sharepoint.com

chrome.exe

260 B
5
52.107.242.39:443

hhhso-my.sharepoint.com

chrome.exe

260 B
5
52.107.242.101:443

hhhso-my.sharepoint.com

chrome.exe

260 B
5
52.107.242.34:443

hhhso-my.sharepoint.com

chrome.exe

260 B
5
52.107.242.69:443

hhhso-my.sharepoint.com

chrome.exe

260 B
5
52.107.242.78:443

hhhso-my.sharepoint.com

chrome.exe

208 B
4

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

hhhso-my.sharepoint.com

dns

chrome.exe

345 B
439 B
5
1

DNS Request

hhhso-my.sharepoint.com

DNS Request

hhhso-my.sharepoint.com

DNS Request

hhhso-my.sharepoint.com

DNS Request

hhhso-my.sharepoint.com

DNS Request

hhhso-my.sharepoint.com

DNS Response

52.107.242.37

52.107.242.12

52.107.242.35

52.107.242.39

52.107.242.101

52.107.242.34

52.107.242.69

52.107.242.78
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

95.27.250.142.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

95.27.250.142.in-addr.arpa
8.8.8.8:53

75.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

75.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

365 B
5

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

360 B
5

DNS Request

232.168.11.51.in-addr.arpa

DNS Request

232.168.11.51.in-addr.arpa

DNS Request

232.168.11.51.in-addr.arpa

DNS Request

232.168.11.51.in-addr.arpa

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

37.242.107.52.in-addr.arpa

dns

360 B
5

DNS Request

37.242.107.52.in-addr.arpa

DNS Request

37.242.107.52.in-addr.arpa

DNS Request

37.242.107.52.in-addr.arpa

DNS Request

37.242.107.52.in-addr.arpa

DNS Request

37.242.107.52.in-addr.arpa
8.8.8.8:53

75.159.190.20.in-addr.arpa

dns

360 B
5

DNS Request

75.159.190.20.in-addr.arpa

DNS Request

75.159.190.20.in-addr.arpa

DNS Request

75.159.190.20.in-addr.arpa

DNS Request

75.159.190.20.in-addr.arpa

DNS Request

75.159.190.20.in-addr.arpa
8.8.8.8:53

68.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

68.159.190.20.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

350 B
5

DNS Request

81.144.22.2.in-addr.arpa

DNS Request

81.144.22.2.in-addr.arpa

DNS Request

81.144.22.2.in-addr.arpa

DNS Request

81.144.22.2.in-addr.arpa

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

68.159.190.20.in-addr.arpa

dns

360 B
5

DNS Request

68.159.190.20.in-addr.arpa

DNS Request

68.159.190.20.in-addr.arpa

DNS Request

68.159.190.20.in-addr.arpa

DNS Request

68.159.190.20.in-addr.arpa

DNS Request

68.159.190.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d35111ee98301bb7713544c3b41f8672

SHA1
b22ca9e4de242cc531fca214889c68fe68262283

SHA256
4369580a46666d0bbd7217e8588a608990b55b873ff91b115714cc17be218cb5

SHA512
207d3988b55670b67daba48a647521d41b6559cfe964233278871f943a17d0801797744d93efd955273d388735a47785cffc8e337882a82776c9e2e9b02f8348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8a2182a3dd6417c3214a115ba017a7b9

SHA1
fffb1ab6fb151d0d796d5580cffad35f25ee8ba4

SHA256
9b32e3450ba518adcdaea5b39cff88979175a8e6effc9fd2b0dd7422fdd21ece

SHA512
c662c60607fdd8ca8280c5199a822f63f5e8140d3f8e45f5a36053b40d35aec58a81959ec30f9a3fcdbda4d463934572518b5c0baae94df14a1384cda9f2f619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7d56a89057a97d82a663154d4f1c4f80

SHA1
2be57aa1af2a8651f4468312c5d63b396faf64e4

SHA256
8a9e0baac9d076f8bd2785c8c093203d06bf3a7db2e49f096c713b6632e0dd4e

SHA512
6e79c63b43b4c8e41784cdb48c040d0c91f51161d2eaa48c82033507bb0241a176c1d120b45e7cc0ad78c4d5214b8a469f52700c6429d204f88faa81df7e25f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4354ebeb6f8f32ebcbe0f4dd7d0b1ecd

SHA1
a2e161bd2f50910e82f8321ac02fa62d543438ba

SHA256
234cf61cadc45cb11e59df4702f8d52f3ea265ab15eac37b30edd3ebe0aa590a

SHA512
65fb185252d4388adb5522e0e139f87852ebd93e3d6bd128deb6fa933c60cc42abb94ce0265a68aa0e41cd80b42c9fb87423234175e523cbec90cb8da9b95a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
897d3befbb18624a0d3da62c898a3dc9

SHA1
d2f6136b0a5b4c3039219c5c30854f742f2e43cf

SHA256
1c3e598325c388ac9044f03d737a5c739097ee942d25f1632e8ed412fbc9bbb2

SHA512
49577c609d3a3735b2fc99b063cc48b024755e90848a1e0fd3ea47eb12cf9022972c2a2482aeda070a016003ca35fd1b4683ccd2b00ad6b0113bc2d2985f9fba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca44feea4455bd745d66aa8e2ea97a78

SHA1
33fa6d3f20f726049e1e5036a7b2ff776840d48a

SHA256
d973bc8fd6c1236938ab5df2dd0cdc7870fabbc74b0ff696e14dcd9e9b332462

SHA512
3aaa5ddde437a377ea4e0ffad87173b026effc74c156b186d6edf2548731b579c9c52916608228b1c0ef6df5b84efc95f4b0e6f7a575a9c2462810f3e975fc3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1a1c515b5fa66433f06651ff2f1620e

SHA1
b68bae1094cac64bd5e0966c09d2c58fa270cd23

SHA256
21a4f43b1da98b4671ac6cb753595e936baf4dcbe59fc33a9bf71bef0029849e

SHA512
b87f356f71c77737465cdf0cf2ca7d5413469019281466344ede045e7161d2ab19b61c84cbbc2d85e8aed85d09318e52c7cfb706c4e8cb6953df2f54b7d8f362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3306fd451c9ee169f1448c1c57874ed6

SHA1
04a87d8395939e2ae86237dc6c34033ab65d4203

SHA256
528491b6fde66117c73ccb42cd1c40e2b55009eefb59592163d8f060b940dd8c

SHA512
0ac18226b21e03151850dcbf6ff6bb5485361a4a1493640d4d0a82694b174ad204f60cdbd440950ddcddc9c5d2a8c1cf67d86914e581dd64e222bedc78430835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6294758cb0b9cbd64f1a8cd5cfb9bc56

SHA1
594181343badf18b73098db40cb4d5a28d8b49f7

SHA256
9125d8a7fa9830da66fcc8283fa94ce5543eb2c92512a024ec8592feb2213494

SHA512
8db2fab202eb1a243dbaa9e4a172d5c8fcaf4481085bd00014cb1debfa60b668f605744a4325bec94965e22b060a2bf282445a8c9c327f28ac3d57c2f500a57d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f11147b45680b475b88797f92e25a778

SHA1
e16c6b9b2f389adb38c0079c69aeaea88392c175

SHA256
05944102402ca6c7b7aff99520370fa8ba5eabbd2ea7e8da7552025cbb58b717

SHA512
65a27e8323ac81911c3f7dbd666c4271a57f7ab7da1b371648b8c3c0005f49eba68c0a2c2ccce85089a45b1cfdcf7454af502befde5f89a1b656c7c7879c4860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b043493bcaffa8f1516b3200badb4d50

SHA1
159d594f3c0de4eedd98a4e6471942fea793608c

SHA256
3519888b9cee3fd5c0b8f3c053f04a8348301980e6f297909d4ab76f1236ef08

SHA512
29c3ca207deb825513eb2e2f3a111faac37033889302b8318cc476e47366da788d31b87de502f50c3599c9bb169b44aae77ad85236e082b1f3f820b0ff163686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
904f7e7b4fab5061be9d2444e5463636

SHA1
fe44599297284484fcda1274402dce855615c057

SHA256
279cb18a6014b7ee4a879c44b9d832704874cbfc0be4a2de8d5bc0ca00551973

SHA512
b81f8e71d5d55c769f7c313dda0699df1715a17654291799b83a42940d9e36c4fff43d07e4534fd8dc9ebdfce4ea15126e62da7b1ea5179294ea9fa28a9dd37e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f5667520d2a2ecea00f08a8b366f3df2

SHA1
ed0a96acb5e51685d525be52431639898c0b808d

SHA256
e482af64fb778537066898d0e9c8164449b72a633adae0ebdddac07c646db334

SHA512
8b3b8306215cc89e21b7494e5f2893f24c059226048778780d63fb03d86ef8afa0269394f4cb895e2a109be8a687e5890a197b6b07c806ffe743b5698a863ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8372d5ae1dcd7986704fed5ebd33b957

SHA1
1df4089829c0b06f5b7a0f367f5ac5a5e55879fc

SHA256
2e7fcd92c97f68d8dd13e6f8ff312f24aa476bfe1a6910cdc1af6d24c8569775

SHA512
fef719352b3ae60f15974546e56de0bd89366fbdd8602f3561f5e91a45b601c94b19a2a6cceb505614136bae24b26abcd3b90c13d9a8a3f687756c4034b64780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e56c45ed207d4c9f15a8257d67348740

SHA1
254ec7afbdf3872f170236b22465d9b103e2583c

SHA256
0e9edfcac6d7c79cff11d4b00884597a0bf6f17b03f74ba85229d62ffa4d2292

SHA512
64f275bd00b5f25fdb1b713173ef7e30bb12ace74c394344c868ec7325658c89f874b52b5ce62a3ee2997c43aea23516b3ec6f61a386474d7efb131acf03c3d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a55d1b9cf90f7d302c7d4d872516eb31

SHA1
f77da83168486f31360d5a2054e26686b2339073

SHA256
5db42fea23087676b2ebe785b4fbc1abcac181db11647960f50aaba4a55b572d

SHA512
e3fc6e7342037c92692d9b6eb9b0af026074bf98aeafe5ee4a17093b710f984ef6ffea33993f4463c177c882ceb9f5dcd809ab3c59e5edd27d0be8c445b6efc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
159b545a60190ee295bf1e29a5a86ca7

SHA1
a12299f4dbda2f0b3d3959813781eec6a4daebe8

SHA256
7cb516fd4946fe488a06302f39b31b02f149b6aa24a620f3df6438cf3304f0d0

SHA512
5ba671f87ac37346b62456e41d8892b25b0899aa560e6e5e3bbdb98dc3b0d39d09ae7f79962cb550bc5f9195e6ab82e8fd343272122c8e9d84a2316601ec5667

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.