Analysis Overview
SHA256
890fd59af3370e2ce12e0d11916d1ad4ee9b9c267c434347dbed11e9572e8645
Threat Level: Shows suspicious behavior
The file Mercurial.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obfuscated with Agile.Net obfuscator
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-23 00:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-23 00:50
Reported
2024-09-23 00:52
Platform
win7-20240729-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Mercurial.exe
"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8099758,0x7fef8099768,0x7fef8099778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2840 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1336 --field-trial-handle=1308,i,3833839692083913814,7956508871231808378,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8099758,0x7fef8099768,0x7fef8099778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2056 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1244 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3972 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1872 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2984 --field-trial-handle=1368,i,2213677794433903426,7008135585264286484,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.68:443 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.180.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.180.14:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| N/A | 162.159.137.232:443 | tcp | |
| N/A | 162.159.137.232:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.18.160.117:443 | tcp | |
| N/A | 104.22.21.64:443 | tcp | |
| N/A | 216.58.204.74:443 | tcp | |
| N/A | 172.217.16.234:443 | tcp |
Files
memory/2848-0-0x0000000074D5E000-0x0000000074D5F000-memory.dmp
memory/2848-1-0x0000000000290000-0x00000000005CA000-memory.dmp
memory/2848-2-0x00000000008E0000-0x00000000008FC000-memory.dmp
memory/2848-3-0x0000000000950000-0x0000000000970000-memory.dmp
memory/2848-4-0x0000000002170000-0x0000000002190000-memory.dmp
memory/2848-5-0x0000000074D50000-0x000000007543E000-memory.dmp
memory/2848-6-0x0000000004300000-0x0000000004310000-memory.dmp
memory/2848-7-0x0000000004320000-0x0000000004334000-memory.dmp
memory/2848-8-0x0000000004980000-0x00000000049EE000-memory.dmp
memory/2848-9-0x0000000004330000-0x000000000434E000-memory.dmp
memory/2848-10-0x0000000004A10000-0x0000000004A46000-memory.dmp
memory/2848-12-0x0000000004A70000-0x0000000004A7E000-memory.dmp
memory/2848-11-0x0000000004A60000-0x0000000004A6E000-memory.dmp
memory/2848-13-0x0000000005050000-0x000000000519A000-memory.dmp
memory/2848-14-0x00000000051A0000-0x00000000052B6000-memory.dmp
memory/2848-15-0x0000000004A90000-0x0000000004AC0000-memory.dmp
memory/2848-16-0x0000000074D50000-0x000000007543E000-memory.dmp
memory/2848-17-0x00000000057C0000-0x00000000057C8000-memory.dmp
memory/2848-18-0x0000000074D50000-0x000000007543E000-memory.dmp
memory/2848-19-0x0000000074D50000-0x000000007543E000-memory.dmp
memory/2848-20-0x0000000074D5E000-0x0000000074D5F000-memory.dmp
memory/2848-21-0x0000000074D50000-0x000000007543E000-memory.dmp
memory/2848-22-0x0000000074D50000-0x000000007543E000-memory.dmp
memory/2848-23-0x0000000074D50000-0x000000007543E000-memory.dmp
memory/2848-24-0x0000000074D50000-0x000000007543E000-memory.dmp
\??\pipe\crashpad_2580_JUEBWDHTPIVWLKTO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8579d67c-a5db-4a58-900d-fd3bb9ca24b2.tmp
| MD5 | cc2c56505c25c3334d889baa2ae3f1d6 |
| SHA1 | 7e21e901fd215b7c0b80e1701032ed933c1fd524 |
| SHA256 | eed3b2d143e6ac40c8a3db7583090c39103724edd764d3883ab3661b12c67442 |
| SHA512 | 2490f88812cff332fee55ffada499576d1b40d07788d85ea7bf3c50eb187fc3a5c9a4f036c94805bc34016223d2abfdd480163b2cac1be673cf2ee74280726ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 4af14b992d16a9097ddb4009c70b96b9 |
| SHA1 | 2606b4a060c324c2048ea8d54374d4f2402886eb |
| SHA256 | 6ed45c34d54bb5f6e8b2a14aeb78406c243ca3d5eecd7a00089957e8c98dc7ce |
| SHA512 | 3d7642f60e8a54040b80872747cd6f37017c77ad3ec3f4370fe5641f8a0b76ffbf59f6592f9851d35ee192789b525e2e20d9cabb4c52f00cc08ea3bd94fa8987 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 26e2fc320e828f582a5e5f7e121cff12 |
| SHA1 | 676f1013a0a8a9a518fbe2872ab5c2cdbdecee43 |
| SHA256 | f068eca9c2cf6baa4aadace046be8aebccd2840e75dd02ed591bcc35655de3e6 |
| SHA512 | f40694967946225964672edc397f1c7948997166439101e70a6a4006c6a911bcf4edbbc19e7194a19c057073cc7ea96ab7efd84e5f8b287eda1d5d0a1a19e0f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb
| MD5 | e6305367badace56469a80ee5699626a |
| SHA1 | 43c630767f2e7b53541f007d12fc152bb0dd6b42 |
| SHA256 | c6bb8753b375eb83740a84710049bc0bdf3c9a16aa79089976b97c8e844378fc |
| SHA512 | 368a6ffbbe92d1ae144e140f3e9202116905656d295e95fec8032861b4dd7618df29c9c520981078a9cee35e73f22a204f39e531abcb6bec5cbabb46c420d0a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007
| MD5 | 22b937965712bdbc90f3c4e5cd2a8950 |
| SHA1 | 25a5df32156e12134996410c5f7d9e59b1d6c155 |
| SHA256 | cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb |
| SHA512 | 931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007
| MD5 | 03d881fc5a4ab4013bd1b30988abb179 |
| SHA1 | 9ad861569715575d7b676e5683b14dd3cffec304 |
| SHA256 | 5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8 |
| SHA512 | 29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 710b79761e43b83ed2dd5cecdcfe639f |
| SHA1 | 94db27f4eba2a61ab9d806fa243cdc3ce95276ae |
| SHA256 | 0a7511a902643afc5b30479f6b68c2d8d0dfacde08edc2cccfda4fbe9aa88cab |
| SHA512 | 7fad4e48605445147fa9ea7ba50918e4869dfacc5df1227569e6c2ba88e63636fa04be8da36889522019f83e71d3a8399b36eb6aaebb10bff2799d6f0b61d1da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 8ecfd9d109f20a2ded5cccdefb6bb2a9 |
| SHA1 | 1e1f6097cc0462ad014772b5204d2c9cba4b7593 |
| SHA256 | b6df016019c16e97647acd951ee1bf2006907af9b8cc91a83d0f9eb87193eccf |
| SHA512 | 29fa68b2dca50a23e8e4756fcc726bfa706bacd64e3e4ccba97bb79411411c4ac15f08268923d11e94bb3fca9b24bd31f20e78d3be26d19599ca3ba2ee72d08c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb
| MD5 | fc8d5f0989715dee8e92ea9bdf34e0fb |
| SHA1 | c6014a3dd57e3bdfa88691b24939c2ce266ee2b9 |
| SHA256 | 670a79d76d84e6818d5fd3894988fc7b00de89c5476d5a1c9176205ff9267d25 |
| SHA512 | e8e57568c57f02a572c67096410093e8590a671c6743111b08d9949f6c94b5b2d69cb8f9bf5f4810005dfe1e22ba2a2c2f95e0c88d295e6358607a627d09924d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007
| MD5 | b6d5d86412551e2d21c97af6f00d20c3 |
| SHA1 | 543302ae0c758954e222399987bb5e364be89029 |
| SHA256 | e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191 |
| SHA512 | 5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | c57fcc4742066ff4245177947ce0e2c8 |
| SHA1 | 42ff09c52a4cadc2205a0d2249510215ec8a5167 |
| SHA256 | 88a44ebea478488ab142f84ec5c442c42fff1e7f9b05ec3755105698efd22de9 |
| SHA512 | 27a79cdc07681b5db4e1dbfbe520c3b5d43a6157b59d6075299b61c3897de45debe4d8d886fe385b2a9b314bcf8f21111c93d1779755778dc6688110cd60d3dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb
| MD5 | b4b7ff7a0f55a4a81d64fa7cda49a69f |
| SHA1 | 6e84c603c5ff114720158ea706c73d3b07860a51 |
| SHA256 | fb8ea9bb70ab539e529f5f049d59071baebc715d3799c0a9de5f9a9a4b964141 |
| SHA512 | f25866823e7852b3ece046328e9ab7d2233557102ae4293871a8a1968e2494be0d629e9bc69f8c35e4171308f7c83120f30aff4035f611cb0cbeb477d218e43e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | b11a1ae972a2b9f5f66b5023c26aabe5 |
| SHA1 | 6816e66a8f513763112400b10b83186c50a8883f |
| SHA256 | e388c241c71527bd80dc3b3cf8a7d0ee43434402ce677ed9e1ef97cbf2d387cc |
| SHA512 | 4a5014ff734565f62ab7b4511eb6689cd1e2013c34bfc5f8206273704e1a455cbac28b678d91080754d2ae96b07eabc3ed838526cd947ec2dde4878c31506fb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp
| MD5 | 979c29c2917bed63ccf520ece1d18cda |
| SHA1 | 65cd81cdce0be04c74222b54d0881d3fdfe4736c |
| SHA256 | b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53 |
| SHA512 | e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 7b83c7731bc630f3b58c71402f444410 |
| SHA1 | ee66ee76ab63780b06ba2be57c01e533513a87a2 |
| SHA256 | c384092b7dba0e05f264a0d7c25ca263918cbdb2cfd592a47e320a10e628ce14 |
| SHA512 | 93224acd4ab7ab3f3190485439314bcf3d0d67e4ae5d5ed47cf952b463302ab876181007c36de090369d0595ff12257cbf37e88fc4da7b8ff2f7c75c1a124241 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log
| MD5 | e9c694b34731bf91073cf432768a9c44 |
| SHA1 | 861f5a99ad9ef017106ca6826efe42413cda1a0e |
| SHA256 | 01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85 |
| SHA512 | 2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007
| MD5 | 1be22f40a06c4e7348f4e7eaf40634a9 |
| SHA1 | 8205ec74cd32ef63b1cc274181a74b95eedf86df |
| SHA256 | 45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691 |
| SHA512 | b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log
| MD5 | a2f36fd75efcba856d1371d330ed4751 |
| SHA1 | fb7c3dff0fa2b47c6f0026287d12d16d05d14d8b |
| SHA256 | 561fe33b81dac187686e9e50103590f3a857f4e1b9c8ada714d43964b938ea7f |
| SHA512 | 79ca96560a074fa678cfdc06007d0e1e01718831d18c4a800c5361b8ba8091b46acada47418a8d7be3b626d2d9af5cf346abcdd88166a9d1634f81157ab1ad6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007
| MD5 | 61c22786fd625f0e68e668ce2f2f4069 |
| SHA1 | 5e63f1ded1fbfcdb004da5f4bd9b9d3f41eeb0ce |
| SHA256 | 2c0248caa9603b6782ba43028b036445216782ceb6c3bc93f1105030f828e396 |
| SHA512 | 7fd9cc680048d8e4730cd360836979d4f0f54666f9cea87018e0b6602ae707503a62b84bde1a701410694e434c26dc2faa85e7a2d54d989b6464f0161248febc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | 1c5ba7bd061f10eded0a9de48b294368 |
| SHA1 | 079f1fd7273754eed41276897f3bacfbeee26ab3 |
| SHA256 | 8107d6e7ae4098c56da65321a871a51a4860c7d76a8c59ef01c531c3b8f11dfa |
| SHA512 | 33d547666869ad976d0490c68fe723cabd6440ffc23d4ab56a16a46689d5c24e66e815ba44493cd307542b7b9b14d5b857e95a5930dd75e907fd6828e32f4aa2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log
| MD5 | fe62c64b5b3d092170445d5f5230524e |
| SHA1 | 0e27b930da78fce26933c18129430816827b66d3 |
| SHA256 | 1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4 |
| SHA512 | 924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007
| MD5 | 9ce0de297ae8307289b9a8b85d71344d |
| SHA1 | 111ca14ee7455b171f403e7bbb95159179e8bf24 |
| SHA256 | 6cf9e355c58cef858e7dc1f0ca7e9a7df63d9b9f55aa0bb0b8e9b47d2976c96c |
| SHA512 | d2c96cdc086da1fad94e1e67664306115035f4b76d9c9c80b80cd94e8337ccb637aa4fbe1dc6018b47d46d7011a73245898af821c2fe1b82cdddb8d59196ae0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | a138d5c984e9704bd1e37e754055101a |
| SHA1 | 899294667e55ddb6a72837aa3b7bf3963c5eecba |
| SHA256 | 33722ec8cd38469b8a9933147d2117dc9452b7584373555d564faa358628f312 |
| SHA512 | 9fd6999fd767c9ca4c4926052f004ca2e1119469496322f7a9dc282007361c76498f95c8a1d122f895fee885a79f32fb9bd4825e80fcf88a540bc0943ee9606e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006
| MD5 | 78c55e45e9d1dc2e44283cf45c66728a |
| SHA1 | 88e234d9f7a513c4806845ce5c07e0016cf13352 |
| SHA256 | 7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec |
| SHA512 | f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13371526301198000
| MD5 | 472f4b3f373d610b82fad1ec219044c8 |
| SHA1 | 1438d5c072b1c9fce4f3b91f1a92678d82083c0b |
| SHA256 | 4ae7849f193f5d77d9675411f639e9254aea93e5de159870e6d9f54768808811 |
| SHA512 | 85097714747db930c48e3ed7ae5003f1e8f18dffde27485d1c1d25b938fceff4aec521593a4905bc183c0071eb0ebd8dd88645fd1b539f36a9ba75d731f52c0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
| MD5 | 390824d82c9f4b66dd714c7e7215b341 |
| SHA1 | 4a1018bdbd667c91524f94e938d88c5c4440bf3e |
| SHA256 | 76211b5c51f68e33ed0a576566d0e3a66bdbaba8fc87f8dabb2f0af036833b67 |
| SHA512 | 156a7d0e9a31fdc96ed93fee01b8bc638f004ce962269c8d426cbd28721259f7a7d44eb8d2221814192ebffc013cdb81c2ea4381156b7686bb0f9eb201715cc0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
| MD5 | a57522055d0153130d58e3c76281d561 |
| SHA1 | 980f869eaf5116ba21dd7fd99fae09c2d7ae8768 |
| SHA256 | 51d79bcd68a13b30ea2959ba6450c417402c2d5cf3c27e207da0f4269b3e0506 |
| SHA512 | fc7dfc4996d416faf8c3189d17fb4368678e274c4348567b06050636d50b62cc2306746e11d68296f1c6849e750fdb982138521899ec75d19a82dc2d6129cf7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 649acb40b885e5ceacf7b8380ce05d23 |
| SHA1 | c3c5ddb797dd07cd7194b5f47e0c4fea0ec56aad |
| SHA256 | 7e9c27a9ff54a598a0cdd22fa53cfb02a44bd9cb73e390b58ac555aa4c699518 |
| SHA512 | 3c5c6b0663d9d62f80f0b7354021fdeb7870e5a38210160787c9989634eb53f4f3a44d0eb40d8d7241f367eb8854f7deee71d730eb1ea1217444626964f5308c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-23 00:50
Reported
2024-09-23 00:52
Platform
win10v2004-20240802-en
Max time kernel
93s
Max time network
94s
Command Line
Signatures
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Mercurial.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Mercurial.exe
"C:\Users\Admin\AppData\Local\Temp\Mercurial.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
memory/5044-0-0x000000007490E000-0x000000007490F000-memory.dmp
memory/5044-1-0x00000000007F0000-0x0000000000B2A000-memory.dmp
memory/5044-2-0x0000000005C10000-0x00000000061B4000-memory.dmp
memory/5044-3-0x0000000005540000-0x00000000055D2000-memory.dmp
memory/5044-4-0x0000000074900000-0x00000000750B0000-memory.dmp
memory/5044-5-0x0000000005530000-0x000000000553A000-memory.dmp
memory/5044-6-0x00000000055E0000-0x00000000055FC000-memory.dmp
memory/5044-7-0x0000000005620000-0x0000000005640000-memory.dmp
memory/5044-9-0x00000000057F0000-0x0000000005800000-memory.dmp
memory/5044-8-0x00000000057C0000-0x00000000057E0000-memory.dmp
memory/5044-10-0x0000000005800000-0x0000000005814000-memory.dmp
memory/5044-12-0x0000000005890000-0x00000000058AE000-memory.dmp
memory/5044-11-0x0000000005810000-0x000000000587E000-memory.dmp
memory/5044-13-0x00000000058D0000-0x0000000005906000-memory.dmp
memory/5044-15-0x0000000005930000-0x000000000593E000-memory.dmp
memory/5044-14-0x0000000005910000-0x000000000591E000-memory.dmp
memory/5044-16-0x00000000061C0000-0x000000000630A000-memory.dmp
memory/5044-17-0x0000000006310000-0x0000000006426000-memory.dmp
memory/5044-18-0x0000000005BB0000-0x0000000005BE0000-memory.dmp
memory/5044-19-0x0000000008F50000-0x0000000008F58000-memory.dmp
memory/5044-20-0x0000000074900000-0x00000000750B0000-memory.dmp
memory/5044-21-0x0000000074900000-0x00000000750B0000-memory.dmp
memory/5044-22-0x0000000074900000-0x00000000750B0000-memory.dmp
memory/5044-23-0x000000007490E000-0x000000007490F000-memory.dmp
memory/5044-24-0x0000000074900000-0x00000000750B0000-memory.dmp
memory/5044-25-0x0000000074900000-0x00000000750B0000-memory.dmp
memory/5044-26-0x0000000074900000-0x00000000750B0000-memory.dmp
memory/5044-27-0x0000000074900000-0x00000000750B0000-memory.dmp
memory/5044-28-0x0000000074900000-0x00000000750B0000-memory.dmp