hxxps://www[.]dropbox[.]com/l/AADRO6WpkSf-eRhbqm51Hm8BTY6dnl3uesc

Analysis

max time kernel
82s
max time network
75s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
01-10-2024 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/AADRO6WpkSf-eRhbqm51Hm8BTY6dnl3uesc

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722564712533463"	chrome.exe

Modifies registry class 54 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	chrome.exe
Key created	\Registry\User\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\NotificationData	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e80d43aad2469a5304598e1ab02f9417aa80000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b6b84641ede4da01af08f080f0e4da01a51b58dcf613db0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Pictures"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3812	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
132	chrome.exe
132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe
Token: SeShutdownPrivilege	132	chrome.exe
Token: SeCreatePagefilePrivilege	132	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe
132	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3812	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 132 wrote to memory of 2016	132	chrome.exe	78
PID 132 wrote to memory of 2016	132	chrome.exe	78
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 1572	132	chrome.exe	79
PID 132 wrote to memory of 3952	132	chrome.exe	80
PID 132 wrote to memory of 3952	132	chrome.exe	80
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81
PID 132 wrote to memory of 2000	132	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/l/AADRO6WpkSf-eRhbqm51Hm8BTY6dnl3uesc
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6c0ecc40,0x7ffb6c0ecc4c,0x7ffb6c0ecc58
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,2755651056227616548,5951256761595962683,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1380,i,2755651056227616548,5951256761595962683,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,2755651056227616548,5951256761595962683,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2140 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,2755651056227616548,5951256761595962683,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,2755651056227616548,5951256761595962683,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,2755651056227616548,5951256761595962683,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,2755651056227616548,5951256761595962683,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,2755651056227616548,5951256761595962683,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,2755651056227616548,5951256761595962683,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  PID:5044

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
13fca096b530dfa423ee30504f6e9b7e

SHA1
9cdfa3a9eca9b12b3d0d4951bab11c92ea6865d7

SHA256
1e139eeb0fb7098650a047a5dcdf0ea8cb70a531114dd6158b9903c65a355346

SHA512
2003c6ce17752c896556071442d6ce0140220293ac06b2bd54593eeb20486a7b07dfd1fdbe81032a6b25178214e97c44669fb5094a1abfd99ba7028c8ca964c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
514730206fc556d2c71d7947420cf3b0

SHA1
222684a645c9850d7e849c1614f4dd51ae2d33eb

SHA256
4a552097e656db4de7f08246915a5abef921309908395c16416f4f2d43068742

SHA512
562fc6259428ee06436a0dca6e5ca4c3813264a01cca0e8b10efd94a043c3f3a5551562100a97cd64cb1c4956f1f7805b625ae27731f10cad7f036883fa86433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
af1b0904a284f58d5cd043c1facf26fc

SHA1
b4f5e6598d0f87fdd8dff3cb5284d6c08b9babe1

SHA256
db0c77809cabc754de7cd8a56398f1eff74b598af0c66d49ed0a565502f52f0b

SHA512
4a4206a9631dc18bafc66d16a26a6aac1660c34fd29f0027b3904b8fe86b8bfc993c05f8c96b7ec60ec4674a8fc75618d7fb1543c82d6091800a1f921fc0b2e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
517B

MD5
867223d32cda287f8461abfcff03c0ac

SHA1
41307085ebd1d6e39e9b42cd6e434b4bb06eacd1

SHA256
f2f7a3ce5accf3d49c16d2169e1952444a8284616b3f6e8e7244de4ceaf5359e

SHA512
7291c63a2d2a84877b4775ccea478c1fdb65dd0acc82b6ddcb1ec02ebb439e6f7e48e9026a53f88c2707f8bcb57c6a6aa6bfc8ab9c59d5a21704daead8295c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
517B

MD5
863c4268af154b497da0c4ba3b931da0

SHA1
b94f66e61074a8bb040165c52a76cf2191d5075d

SHA256
5f7bb8a160569b78c3f971941e27dbe5959f547aa06ce0c439caadc2ecca26c7

SHA512
b45bb3feb6b9e67a71fb515b99cc97dfcd8bceac869609a3869bb3475906faaa186e88f99389db3f03a9d4682b2ca3c40a450201541df5c1c33b4701b8f45a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
517B

MD5
6dba528c6527edd00c682a5a8599436c

SHA1
044c2d54abadc8bab90750b28d8f373d06c8fb55

SHA256
26eee66168b4d215a8796e6df07ee358983f145c2de307b5f5858923fd76e683

SHA512
e58ed8a6413d0ffd9f92d0bf71a0c5fb4e39b1a96e0dc9cb0a8bbd12170238154ecc857fa50d704b63f4532c897517d3ac58b5a37063edbeaf04a6dde27663ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
ce44fb53a4c22335767856adada75a2a

SHA1
5e29b69428c1e36ba8db90fb7bb9215a4cf85aae

SHA256
4afc032bfd3502848bcd83cfe720b0d96aab95002e3d791805207ac3ca0668ea

SHA512
0db827cf947854ed17f822368ac6ae69af792e6835e5f24d0201921d90762b0ac670d24e3d50ce4b206974cd4278d914c5c65bf8d5a515b694a61dfe8a78c94e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
04d3b800038a39a274931573c2ffa608

SHA1
fd2edc74def520c11b40638ae9bbd22e220df48b

SHA256
e0255024d1442aea3361d0bb98e8a18f5a848455a95cf5d8406e164fc8d95f48

SHA512
5cecf200576be49140d80b281c17e0c43402154858a7d3a2d3e35554fd67d233820b67f8e0824f85ac9fa77658665527ad37695550eddc9ffb808bbae1977a81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e83e72906e91ca75c29ddad9dc24691

SHA1
0021d8fd8969957cf661a8af6abc417780d0be7e

SHA256
c8d401a43cea099fa5b5e0d4b16b46bbb70c850c5402b7c6ebf2d93cbae24173

SHA512
a353d5d21f5cb45a196d207320457a8edf06ee4bc378d34486efc8aac5a4d514b68b0d991e45f950821af15cf74fb5bbece147bef4fffbff16af37946a9275a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6133588007d58661a0542b5ae879169b

SHA1
6e8d26fd87e8dcc46b8cdb80a1c1a86bb2b94fae

SHA256
d763dc2f07c05b265847390f71938049e491cb0bb4fe426275a91ee49ffa2249

SHA512
377a1b9344cd40093ffb59944801ad7987005fc33c7603f9799ff7a4fdcb6d2b517751919e2d68938f1e4de5c5d4a2c69b73c0d678b7bd69e3d381580383e2cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
38c18ac8a58eb12eae74700a1cebbe10

SHA1
1a7fdebe064f46b04c0994ea054d3f03fe7e5aa0

SHA256
5a0dcf9e939f61e4b6d018585844f280560bab814d3418bf78116ea54a9a773e

SHA512
46cabba0fd01b9b3c2c3fdcd56366bc1570d207cbbcc502a21d5216dd5e9dd09b2beaad727921c5911260fddefe4d45df79cc500a6fcad73edaf75e524c52e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c96f151a0dd2bbed250dbb5bbb7d8c8

SHA1
5b343ed80334b8e5d15389dd5db5bde09e9974a8

SHA256
736be7d24d373eca4ee845673c055bbf710c05665d1ec87e83dd002e568468c4

SHA512
52b0ef89c5e6c39a1f6652aa19400f288d61cccdae425b604f37d8bbb0f06d27778f41a48d2998c164863b02361915ebe52eae239ac287cbc4c53b01081129e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
abc0773c99772c8a03944874790d9e84

SHA1
bcd5f88c8f2d04b02429ec4f7d30289d630f318d

SHA256
f52b67ab8e985c910f3b0842a5c788befdf52ce5c556dba887cd097e179612d7

SHA512
d382ff0c176e5b455f3b81079cf7acf003390cf44657fbbd0929fea72338c26ad781bdd3c52f7b3a40e63a58b916d3ebc2ccea76d45d701828d7b8623b06989d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
7b627aad6c663d16b840f7a88cf428c3

SHA1
776bd4c2e9b25a17e0f9ca29e57c4984cb2e597a

SHA256
c8d960ea1d2826625fc6f7dee2aa000770fe4341426faa402ab4e0b8301fcf04

SHA512
9a0148b622979828d19a32be7237a67f5447b45940030219f3cb2d60fae0b910282b60a00da6d9258550b07991738afe3bda65ea7abbcdd52d37e11c92109f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
5def5ce0d2f6c24c94854d2cd38cfd11

SHA1
3866ebc7bdaf116b71f33cb5f32c3be5955f275f

SHA256
8df59825db585246c2fd000017f82a05ee30b1a09e540cbb58728a41285be666

SHA512
81dfd768e60924f095bc27675ccc21bbcc78d075b8cf166c1e24419e1ac01b56b0d155f3ded1829c5d4a5bb0eb21d2a5eaaab3a0479984113f8cdf48056ecc31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
a32bdcabc9062fd41f6a0ab40d2761c8

SHA1
d9b02fff83d781729b45b4c31ecac78f1aa199d8

SHA256
15368f867d8b442b36c398a7107760a80b40ba424c26282379a3eb63e007e157

SHA512
61c54612eb2d51e45af07a82b59368bf9c13ecbde9ae2599f4df5363db4287e758f9f47f874a3e54809a57ddc83fc002c7052091dabea1f77819ee6542ac3e57

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit