Resubmissions
14-09-2024 04:07
240914-epr6vswcnq 1014-09-2024 04:03
240914-emf1tawfnc 1014-09-2024 04:02
240914-elt62swbnj 3Analysis
-
max time kernel
42s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
14-09-2024 04:02
Static task
static1
Behavioral task
behavioral1
Sample
asd.txt
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
asd.txt
Resource
win10v2004-20240802-en
General
-
Target
asd.txt
-
Size
93B
-
MD5
7213463c27611670218de026f379a4a7
-
SHA1
90750ced837038b11524c1dba538785414bba6e3
-
SHA256
90708abbcad8c3e95f37fb29927781a1ec885a9c3799b50f7dcc01e1b4065baa
-
SHA512
734dfaf55bbba3e05c6bb8a2582aae5defc7336133d96714ca93123843cf476e1e4fdf905a18598e7c9e0ad19cbc98e9affe0e4df296ab4c5d30012f12093f4a
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133707601621527543" chrome.exe -
Modifies registry class 28 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 chrome.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff chrome.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} chrome.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" chrome.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell chrome.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots chrome.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 chrome.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff chrome.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 chrome.exe Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1" chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 chrome.exe Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000af522a6dd7e4da01d79417a1e0e4da01215adef35a06db0114000000 chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff chrome.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 3580 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4388 chrome.exe 4388 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe -
Suspicious use of AdjustPrivilegeToken 52 IoCs
description pid Process Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe Token: SeShutdownPrivilege 4388 chrome.exe Token: SeCreatePagefilePrivilege 4388 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe 4388 chrome.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4388 wrote to memory of 3436 4388 chrome.exe 96 PID 4388 wrote to memory of 3436 4388 chrome.exe 96 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 2036 4388 chrome.exe 97 PID 4388 wrote to memory of 3268 4388 chrome.exe 98 PID 4388 wrote to memory of 3268 4388 chrome.exe 98 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99 PID 4388 wrote to memory of 1312 4388 chrome.exe 99
Processes
-
C:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\asd.txt1⤵
- Opens file in notepad (likely ransom note)
PID:3580
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe21e3cc40,0x7ffe21e3cc4c,0x7ffe21e3cc582⤵PID:3436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,347146638464898109,1227166469071822325,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:22⤵PID:2036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1824,i,347146638464898109,1227166469071822325,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2056 /prefetch:32⤵PID:3268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,347146638464898109,1227166469071822325,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2496 /prefetch:82⤵PID:1312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,347146638464898109,1227166469071822325,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:12⤵PID:1680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3400,i,347146638464898109,1227166469071822325,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3396 /prefetch:12⤵PID:920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3640,i,347146638464898109,1227166469071822325,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:12⤵PID:4100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,347146638464898109,1227166469071822325,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:82⤵PID:2248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,347146638464898109,1227166469071822325,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:82⤵PID:2944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4944,i,347146638464898109,1227166469071822325,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4876 /prefetch:82⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4952
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4880
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3036
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5f7c2663d7a91aaaf4fa29116bfcdbbc8
SHA1a642fa3771aed060cd35f4d90848e09a98eafbab
SHA2562aa239cc43970aa3ddccafe8d6a0b5d39fd52d0745b61410fc4010c14cd4a90a
SHA5128e84c487e1b84b8044809b1a8b94e02ffd871b3dc9e434172e5f68aca855ea3a8ea94545446aca28be07ed9795193781996e3fdcee805a38f2fa980bd2bec0f6
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5fbeea78572d2a5714c2a3f35fd3f76e1
SHA1b99c2caf6c864fd6b387497fef4e98c4cd9953b6
SHA25654f0f7270dfb0a2cbd8a56320bf988ebbc079509abcc2fe91db84e6da315ceee
SHA512d636f8177cc32e73d1c290af4b783dd71cdc85bcb2b2833cf28c554284cb16e74309c937754976323e45079c7cb44cc1fbff83e4d7fa7a73f230351f08e462c8
-
Filesize
9KB
MD5f68d80bba0ced3372cc0c90e31d930f7
SHA1f1bfc914fac5d3dde93921a0786a30114db2f328
SHA2567340a18522a6e9bd2480452b659109efd0469b397d57ae95c3e9f41be4313992
SHA5126d7711431fff81cef1d29d193e5b277ee71197cfa4b51ad2857aa0d30ae1017c3206cab565f348259ccf9795bc2dc99f9d731655ae060af4dad8182265a2729d
-
Filesize
9KB
MD5e8d604a2819be9f01ba039229cab1ed4
SHA1535d59cf75bc69f040086515c0b6357ee98db42f
SHA256c5026a4795795094cb5bde9f40474ab9122af294a286da5e27a7fcadad07020f
SHA5121674d90a823571f6a823baadfa8b7fae86264c9233e355b51b8d44424e16e112cabf82ebcc37ad61aa514d789edf88bf838bd95be1a70c7c0a6f361d076572b6
-
Filesize
13KB
MD56a33e9a73312b7a55fa6d828bfddb3c8
SHA1105a52eae65937fda5fe390775576a2865ce022d
SHA25649be7cae925a2b6925cb0eea4589fd75d18ef51ecdae1732650751cbf9334b1f
SHA512a0b3d0d18c15d8efc6faabb14e1a6b866ed2e793243b9c4cad4390d4534e80e047024a3016dc91b86e379c5756ff4b3bd0568ae1191f45d14e2c4e6a17f26ec6
-
Filesize
207KB
MD59e42cdec92ffde44ea26a8cdf125d1bb
SHA1392f7426c721147cb5edc17f6f4feccb0e753d87
SHA2569793cf60013e6e5f3695c213d14964a9f7a8d8c71492d8faa6a2f8075dbc6b96
SHA512e930552cc7c6213437f81cc86b5c1e40bed4d8d14dd4055caf8803a31cdb87f1ac7a3d462c77a10b609b3c0f2a2a0334b2f5083468f2b9e416fc76da8dc34a83