Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28/09/2024, 01:48
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe
Resource
win7-20240903-en
windows7-x64
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
13 signatures
150 seconds
General
-
Target
c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe
-
Size
1.1MB
-
MD5
55ad212ef14e1d3a99251ba84d4c3497
-
SHA1
5f7127f6f859cae4b9d19f700196cb207a6ddd87
-
SHA256
c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33
-
SHA512
8199e1b9e83ea7f028c6f851b886d3cac829c533489c5e3292bc74b94df2900c7e4168dadec1f4ac0e12bff8a08679433586f79b719a240bb94cb816df5b5c76
-
SSDEEP
24576:yqDEvCTbMWu7rQYlBQcBiT6rprG8arB2+b+HdiJUK:yTvC/MTQYxsWR7arB2+b+HoJU
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133719617304464805" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1804 chrome.exe 1804 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe 4520 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1804 chrome.exe 1804 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe Token: SeShutdownPrivilege 1804 chrome.exe Token: SeCreatePagefilePrivilege 1804 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 1804 chrome.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 448 wrote to memory of 1804 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 82 PID 448 wrote to memory of 1804 448 c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe 82 PID 1804 wrote to memory of 3068 1804 chrome.exe 84 PID 1804 wrote to memory of 3068 1804 chrome.exe 84 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 2028 1804 chrome.exe 85 PID 1804 wrote to memory of 632 1804 chrome.exe 86 PID 1804 wrote to memory of 632 1804 chrome.exe 86 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87 PID 1804 wrote to memory of 1788 1804 chrome.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe"C:\Users\Admin\AppData\Local\Temp\c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:448 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1804 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffd50dcc40,0x7fffd50dcc4c,0x7fffd50dcc583⤵PID:3068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,1215246375798268292,16086301546359138616,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1920 /prefetch:23⤵PID:2028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,1215246375798268292,16086301546359138616,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2120 /prefetch:33⤵PID:632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,1215246375798268292,16086301546359138616,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1772 /prefetch:83⤵PID:1788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,1215246375798268292,16086301546359138616,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3148 /prefetch:13⤵PID:2444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,1215246375798268292,16086301546359138616,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3172 /prefetch:13⤵PID:4436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4500,i,1215246375798268292,16086301546359138616,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4524 /prefetch:83⤵PID:2740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4456,i,1215246375798268292,16086301546359138616,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4672 /prefetch:83⤵PID:3536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=728,i,1215246375798268292,16086301546359138616,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5000 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4520
-
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4580
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1980
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD53df6e543100e45a087305ffe7bb71e67
SHA144867ed1cb70f750a1513384c9033ec46a79dcbe
SHA25676248bf17eac5676ce452a92e69c42b996dd890ca281d8807e42bf0721b6dd62
SHA512274401399659e8e1d5bbb780be0cf183766113416ff6f2cb6559f7ae2eeabb85984ab418ef7f7d42b0cbd7713ef66c51b465458c6709addbdfed6deac140d71d
-
Filesize
264B
MD555435a143b590d4300244cdcfd12e6de
SHA1154c3bb916d2647d91a2fbe276b407679b77e25c
SHA256bb1ace259e1a6df2bf65044eb460631725725e8eaa722dc86f7c2594e04de749
SHA5126e89a7975db746a31261fe6710840db60110cfb77f9b909ebacf40c5b1b66fe2b1986a16456adee95b489ee20f945f3913059da069eae2ad0700c2fb41b372da
-
Filesize
3KB
MD51fcce7f6b6bd5a53a84c33a43146dd8f
SHA19a5b934135e36ebb2bd5fa326605d23e1490f9db
SHA256931ba44428de0370867d7311ca4f1715469fe2a634b81b20e10cfff0b73f0728
SHA51252dacbb92b1bdb515e8644d2e0db52af67cd3f891eb95d082255fadcb568c021b293af989b5568cb4438fcf7c8e12b1279c7ce3bb4db6a2ffc03c253257fcc82
-
Filesize
2KB
MD53a62cee8b2518bfec129ee6b13f0f0b0
SHA1c97201e67cba3218dbdffd8c9572aaf180bf8cf8
SHA256fba384a8830dee2c8a1d7bc49d794e3b3de2a4681f01b99b7d46093547087e3f
SHA512ed03426b691dd06ead9200f7ec49092325892b6e71b1901394e57abb8cff811bd14da587f87d91866c6c386b4a22fd119ee02a5d62de65a3e72f4e1593ad068a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
857B
MD5815dc00fb66e36e59d453217e7f1de81
SHA1ffac3c1285506d5d97568243cea0d95bd8973634
SHA2564eb0f81a81e0f8c073a421688f12b074a3e556a710212c0c1d0aea1979085e27
SHA512af68d9c1429a802251fbeaf606377dc431c6c9bc9db8ec10ce58106d368b4be97f5fcb35add7117aee96811d58a18b04b79efafc01e5c45ca05c69c138bfb3fc
-
Filesize
9KB
MD56176ec0d7f3ece137e71e3f063c38689
SHA194b8aac8db94a3da4c3ad09dd40269d778a9e0ab
SHA25605eac3206ac2261860051649695d795060307b795c91878dd64bea4aba0d582c
SHA5128dd6a4cc7626cf95c7a47b193b3ce13e61a004577d307c5d5221be06704d5a82f7194541a0c046df3d3c8e41ab9d7cbb105a40f397665eb90502874332f4eb6c
-
Filesize
10KB
MD536c21bdf134c8ca3152ec37df1ab3081
SHA141897f733800f75c446fdde794d0dfd0e22108a4
SHA2568a0a208c7a8dba2a1bec9a40475141901c82745adbac7dfcebd0651483824fa7
SHA5126c8dae2dc4024bc2283f98cfda80608cf85682d0643be9b4c8596580d23a03ee22a08e8fce7053cc3d36f5c76e0dbbd25db5c0184c64651ba685a0ffc4ec3f5d
-
Filesize
10KB
MD5c62254dcec11a6638c9be34a852b2f8a
SHA18911328b92dacbd5c9ae12fc805a4b97db83c2a1
SHA25690e53305fc991e1e30fbeb7abe11b16e14c4c7c6d7a31cf7619a16a9be38da3c
SHA512758bc436184fc762b20d8745283eee659a62f81c6b4773323fe64aeb924050b9e678a67c63205b23a8fd4efd70f081b8e1d6a93e5ed7ebc0582d1e37454869d3
-
Filesize
10KB
MD54c5e3dc09406ea052029970a07700a45
SHA1033ebae169ba87a79b7b0ce9a932aea9f81ed942
SHA2563054f66c9fdb91dd36d50f0d88737d045141299814ab7c999640b79a390227c7
SHA512d50781fd2fbc5a4a7b1e548a1c8487bd01f4e4400ee749761111ebdcaba0117434640ce3f0541ae1ff1f4c442bc1c3760784f9ee3aa8e3a5c7f39ac022c02268
-
Filesize
9KB
MD5742eb2e674c5b75e3cf90caff8cd2d54
SHA1755f0cbd04f46510fd03a1c5de19540d6d5ae7aa
SHA25625c39623a3009f9c641053dcb91c898c06b8378c03854a5ccc071ac2a11a8cd2
SHA512ac4ba61fc1cc53cac449fb15c7fde23615b092e1b65870c1ea9603b09510c8624fe587280ae824969fcc01721fe664d12c9ad46d7cfbeb3d2636ee66b6cf9294
-
Filesize
9KB
MD50ad19c49afad32694faef1b9a8f4fc10
SHA16b55173309d205e8f8746d62229a8dc1248eaacd
SHA2561753880ffde36dd0de982338c67837dabbf23e44611483c81c6fb611f0f03412
SHA51227fb5981c068a9cbd9e94b5fbedb50c80fe1ab7f49d5042bafea31a36579d570a69f5600b466de50bfa37b49413420f6aea7c4d63c3f80f6138a2bb84bef129f
-
Filesize
15KB
MD5c28a0b8faf86e9dfb2ac12c85017897b
SHA17aa7a2793796f81885c8adcebfab88d34648cde0
SHA2561a130310abd3430159740dbf23a49438ea2a0005cb4e3bed6f883fcaab30f898
SHA51256cb239f93c872f3571f4f16c93aeae2988ba432fd00d015de10c0bebd7be93564d5a060e1a640757b9ad5da49739bbccdaa050ea74838200d2b30baec1e3e3f
-
Filesize
212KB
MD583ea309e206de94121b3e257fe474ab4
SHA12d129cc5ad2d6c54bbae63aa1cfaba601ede6d3a
SHA256ea4430946b5a2d7cb5ecd7aa7601f0466161e14a74f0796c8c3d0174fe56a52b
SHA512a027f42d8c6674f7ef8232eb6945db78475ca74d7b4f8f4aec207b8eabb62edb0b53d7fdb785146ad39019e950887ef4f59700639d04a6d027f2bdf6fa13faf2
-
Filesize
212KB
MD5de26e2ec91cede1f11a771a1b5835be5
SHA11f23e6ba449a894e12ac6333dbff53be6b6159bf
SHA256d75408e0e4fa310f20bf3a65f72a7c8649ea70048f083df475f6af06d2c20931
SHA512fe0776b1a38fc425bf4aa6d39ed6036cf5108f34acb2bb05edd451b33c2b82c77562f84a7373417176f612f474514fb3d94619af46e596707f93fa5f728822c9